All geek questions in one place

Java SecurityManager @Override public void checkPermission (Permission perm)

I am creating a SWING application and I also need to write my own SecurityManager. If I write an empty class that extends SecurityManager, like this

public class Sandbox extends SecurityManager {}

it works fine, which means the GUI is displayed correctly and all privileges, such as I / O, are revoked. However, I need to configure the checkPermission method, and whenever I redefine it, nothing works. Why shouldn't something like this work?

 public class Sandbox extends SecurityManager { @Overide public void checkPermission(Permission perm) { super.checkPermission(perm); } }

Update: A very simple example that shows the problem is

 public static void main(String[] args) { System.setSecurityManager(new SecurityManager() { @Override public void checkPermission(Permission p) { if (some_condition_here) { // Do something here } else { // Resort to default implementation super.checkPermission(p); } } }); new JFrame().setVisible(true); }

Removing the "checkPermission" method the application works correctly, but I really can not get around this.

+6
source share
2 answers

Permissions are granted based on all the code in the stack. All subscribers must have the required permission. If you override the method and call the superclass method, your code is also on the stack, which implies that your code base (where your own SecurityManager belongs) must have the permission that you (your subscribers) request.

This is the difference between overriding or not. If you do not override this method, only the (possibly privileged) caller code will be on the stack and it will receive the requested permission. If you override this method, your code is also on the stack and must also have permission.

So, if you want to implement a custom SecurityManager that invokes an inherited verification method, you must configure the inherited (policy-based) logic to give your SecurityManager all the permissions it should grant. It is recommended that you share the SecurityManager with the rest of the application into a different code base, so only the SecurityManager and nothing else will receive generous permissions.

+1
source

If you call the superclass' checkPermission(p) , you do not need to override the class in the first place. Comment on this, then it works.

Superclas raises java.security.AccessController.checkPermission(perm) and seems to throw a java.security.AccessControlException if java.lang.SecurityManager is not called

in my case he says:

 Could not load Logmanager "null" java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.manager read)

and etc.

 public class SecurityManagerExample { public static void main(String[] args) { System.setSecurityManager(new SecurityManager() { @Override public void checkPermission(Permission p) { //super.checkPermission(p); } }); new JFrame().setVisible(true); } }

I found a tutorial on how to write a security manager. I also recommend that you go through the Java document and the examples provided by oracle.

UPDATE

Take a look at the description of the method and redefine the functionality that you want to disable. As I found out, you also need to explicitly enable the functionality you want to have.

Here is an example:

 public class SecurityManagerExample { public static void main(String[] args) { System.setSecurityManager(new SecurityManager() { @Override public void checkWrite(String file) { // no exception is thrown, ie creating files is allowed in general } @Override public void checkDelete(String file) { if (file.equals("test.xml")) { throw new SecurityException("Not allowed to delete test.xml!"); } } }); File f = new File("test.xml"); try { f.createNewFile(); } catch (IOException e) { } f.delete(); } }

OUTPUT

 Exception in thread "main" java.lang.SecurityException: Not allowed to delete test.xml! at main.SecurityManagerExample$1.checkDelete(SecurityManagerExample.java:60) at java.io.File.delete(File.java:902) at main.SecurityManagerExample.main(SecurityManagerExample.java:74)
0
source

Source: https://habr.com/ru/post/953075/

More articles:


All Articles