| Wiki Markup |
|---|
According to the Java API \[[API 2006|AA. Java References#API 06]\], class {{SecurityManager}} documentation: |
The security manager is a class that allows applications to implement a security policy. It allows an application to determine, before performing a possibly unsafe or sensitive operation, what the operation is and whether it is being attempted in a security context that allows the operation to be performed. The application can allow or disallow the operation.
...
| Wiki Markup |
|---|
Regarding the implementation and use of custom security managers as opposed to default ones, the Java Security Architecture Specification \[[SecuritySpec 2008|AA. Java References#SecuritySpec 08]\] states: |
We encourage the use of
AccessControllerin application code, while customization of a security manager (via subclassing) should be the last resort and should be done with extreme care. Moreover, a customized security manager, such as one that always checks the time of the day before invoking standard security checks, could and should utilize the algorithm provided byAccessControllerwhenever appropriate.
Many of the Java SE APIs use security manager checks by default before performing sensitive operations. For example, the constructor of class java.io.FileInputStream throws a SecurityException if the caller does not have the permission to read a file. Note that the documentation of some APIs, for example the java.io.FileReader class, may not contain information about the SecurityException because it is a subclass of RuntimeException; it is not mandatory to document runtime exceptions.
Noncompliant Code Example (
...
Command Line Installation)
This noncompliant code example does not install the security manager from the command line (assuming that the security manager is not set programatically).
| Code Block | ||
|---|---|---|
| ||
java LocalJavaApp |
Compliant Solution (
...
Default Policy File)
Any Java program (bean, servlet or application) can instantiate a SecurityManager programatically in the absence of a default, global security manager that does not permit this operation. Applications designed to run locally can use a default global security manager by explicitly setting a flag on the command line while invoking the application.
...
The default security policy file java.policy grants a few permissions (reading system properties, binding to unprivileged ports and so forth) and can be found in the ~/java.home/lib/security directory on UNIX-like systems and its equivalent on Microsoft Windows systems. There is also a user specific policy file in the user's home directory. The union of both these policy files defines the permissions given to a program. Refer to the java.security file to set which policy files should be used. If either of these is deleted, by default no permissions are granted to the implementing code.
Compliant Solution (
...
Custom Policy File)
If the default policy file needs to be bypassed in lieu of a custom policy file, the double equals (==) idiom should be used instead of the single equals =.
| Code Block | ||
|---|---|---|
| ||
java -Djava.security.manager -Djava.security.policy==policyURL LocalJavaApp |
Compliant Solution (
...
Additional Policy Files)
The appletviewer automatically installs a security manager with the standard policy file. To specify additional policy files, use the -J flag.
...
| Wiki Markup |
|---|
Notably, the policy file specified in the argument is ignored when the {{policy.allowSystemProperty}} property in the security properties file ({{java.security}}) is set to {{false}}. Its default value is {{true}}. The document "Default Policy Implementation and Policy File Syntax" \[[Policy 2002|AA. Java References#Policy 02]\] discusses writing policy files in depth. |
Noncompliant Code Example (
...
Programmatic Installation)
When the SecurityManager API is used to install the security manager instead of the command line, there can be instances where the appropriate checks are not installed.
...
| Code Block | ||
|---|---|---|
| ||
try {
System.setSecurityManager(null);
} catch (SecurityException se) {
// cannot set security manager, log to file
}
|
Compliant Solution (
...
Default Security Manager)
This compliant solution instantiates and sets the default security manager.
| Code Block | ||
|---|---|---|
| ||
try {
System.setSecurityManager(new SecurityManager());
} catch (SecurityException se) {
// cannot set security manager, log to file
}
|
Compliant Solution (
...
Custom Security Manager)
This compliant solution demonstrates how a custom SecurityManager class called CustomSecurityManager can be instantiated by invoking its constructor with a password, and set as the default security manager.
...