|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjava.lang.SecurityManager
gnu.cajo.invoke.NoSecurityManager
public final class NoSecurityManager
This utility class creates a trivial SecurityManager for developing proxy hosting clients. It allows trusted clients and servers to operate without restriction, and without the need for a security policy file. It effectively allows both clients and proxies full permissions on the machine. While this is very convenient for development purposes, this clearly would be very unwise to use in an untrusted environment. In production, the user better impose his own security policy, and use the following two interpreter switces:
-Djava.security.manager -Djava.security.policy=someURL
This URL, or file, would contain the restrictions governing what both the loaded proxy code, and the client code, are permitted to do. A minimal, but functional policy file, would contain at least the following:
grant { permission java.net.SocketPermission "*:1024-", "accept"; permission java.net.SocketPermission "*", "connect"; };
This would allow the client, and its loaded code to open server sockets on port 1024 and higher, and to connect to remote hosts on any port, and nothing else. It is slightly more permissive than a standard applet sandbox, but still very safe for hosting machines. Any attempt to install a SecurityManager should enclose the operation in a try/catch block, as the operation may be forbidden by the user via the technique described above. The assignment would then result in the throwing of a SecurityException.
If the server code is fully trusted, a more flexible policy file could be used such as:
grant codeBase "file:${java.class.path}" { permission java.security.AllPermission; }; grant { permission java.net.SocketPermission "*:1024-", "accept"; permission java.net.SocketPermission "*", "connect"; };
This will allow classes loaded from the local filesystem full permissions, while only allowing downloaded code to make socket connections in the manner of the first policy file.
Note: either way, to allow proxies to run within this VM invites the possibility of a denial of service attack, i.e. a proxy or, other object, could consume all the VMs memory and compute cycles maliciously, or even accidentially. Therefore, it is recommended that proxy hosting only be done on an expendible VM.
Field Summary |
---|
Fields inherited from class java.lang.SecurityManager |
---|
inCheck |
Constructor Summary | |
---|---|
NoSecurityManager()
Nothing is performed in the constructor. |
Method Summary | |
---|---|
void |
checkPermission(java.security.Permission perm)
In accordance with the SecurityManager paradigm, this method simply returns, to indicate that a requested client operation is permitted. |
Methods inherited from class java.lang.SecurityManager |
---|
checkAccept, checkAccess, checkAccess, checkAwtEventQueueAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkExit, checkLink, checkListen, checkMemberAccess, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPermission, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkSystemClipboardAccess, checkTopLevelWindow, checkWrite, checkWrite, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoader |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public NoSecurityManager()
Method Detail |
---|
public void checkPermission(java.security.Permission perm)
checkPermission
in class java.lang.SecurityManager
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |