 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / March 2008java.security.manger policy question
hello, Is it somehow possible to deny access for one application to a specific resource whereas allow access for the rest within one policy? Example: I would like to prevent one application from accessing disk, if I will write something like this: grant { permission java.util.PropertyPermission "*", "read"; permission java.io.FilePermission "/tmp/foo", "read,write"; }; grant codebase "file:/a/b/c/-" { permission java.util.PropertyPermission "*", "read"; }; then program located within /a/b/c dir will still have an access to disk since it will match first rule, I also neither can get rid of FilePermission in first rule nor get rid of whole rule because other applications will stop to work. All programs share the same policy. Is is somehow possible to solve this issue? Regards,  SignatureMarcin Kasprzak ... > Is it somehow possible to deny access for one application > to a specific resource whereas allow access for the rest > within one policy? Did you ask a question related to security recently? This post reminds me of it, since it asks a question that itself raises many more questions. Perhaps you could help answer a swathe of those questions by telling us what it is you intend to offer to the end user, rather than pursue some strategy that you believe will achieve that. What is all this (waves hand about vaguely) messing with security managers, looking to offer to me as your potential end-user? -- Andrew T. PhySci.org > ... >> Is it somehow possible to deny access for one application >> to a specific resource whereas allow access for the rest >> within one policy? > > Did you ask a question related to security recently? Yes two days ago, on this newsgroup. > This post reminds me of it, since it asks a question > that itself raises many more questions. [quoted text clipped - 3 lines] > offer to the end user, rather than pursue some > strategy that you believe will achieve that. Actually not sure what you mean. There is "no story" behind those questions if that's what you mean... I have a homework to do i.e. writing a small project in which I need to use some of security features, but not sure if I understand them correctly. I believe that explanation of the question is pretty clear, if not please let me know which part is not clear? Anyway thanks for interest. SignatureMarcin Kasprzak > > ... > >> Is it somehow possible to deny access for one application [quoted text clipped - 4 lines] > > Yes two days ago, on this newsgroup. Please don't split threads - it would have made more sense to add a follow-up to the earlier question. > > This post reminds me of it, since it asks a question > > that itself raises many more questions. [quoted text clipped - 8 lines] > > I have a homework to do .. Ahh.. That explains a lot of why this exercise sounds quite 'arbitrary'. >.. i.e. writing a small project > in which I need to use some of security features, > but not sure if I understand them correctly. > > I believe that explanation of the question is pretty clear, > if not please let me know which part is not clear? I'm clear now. Arne asked you a very relevant question on the tail of the first thread. I was waiting to hear what you'd say, before launhcing into this matter. I initially thought that a strategy you might look into would be to launch the project as a sandboxed applet (or *from* an applet), or web start project. They both provide a 'default' security environment that prevents file access (OK - JWS has ways to get around that limitation - but only if we code them). OTOH - I do not think either of these solutions satisfies the basic requirement to assign 'fine grained' control over what the user can and cannot do. You might purszue the strategy of getting policy files to work as you want, but I don't mess with those usually - instead I would look into this little 'hack' to achieve what is required. <http://groups.google.com.au/group/comp.lang.java.programmer/msg/ f29ab45389d9f5f2> That one deals with calling System.exit(), but should be trivial to change for file access. -- Andrew T. PhySci.org > Please don't split threads - it would have made > more sense to add a follow-up to the earlier > question. ok, I'm not going do it again. [..] > Arne asked you a very relevant question on the > tail of the first thread. I was waiting to hear [quoted text clipped - 20 lines] > That one deals with calling System.exit(), but > should be trivial to change for file access. Huh;-) Your explanation is far too complicated to me, and not sure how it's related to my policy question. But thanks you very much for your time, I appreciate that. Regards, SignatureMarcin Kasprzak Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.