A browser with JavaScript enabled is required for this page to operate properly.
Trail: Security Features in Java SE
Lesson: Signing Code and Granting It Permissions
Section: Steps for the Code Receiver
Signing Code and Granting It Permissions
Steps for the Code Signer
Download and Try the Sample Application
Create a JAR File Containing the Class File
Generate Keys
Sign the JAR File
Export the Public Key Certificate
Steps for the Code Receiver
Observe the Restricted Application
Import the Certificate as a Trusted Certificate
Set Up a Policy File to Grant the Required Permission
Start Policy Tool
Specify the Keystore
Add a Policy Entry with a SignedBy Alias
Save the Policy File
See the Policy File Effects
Home Page > Security Features in Java SE > Signing Code and Granting It Permissions
« Previous • Trail • Next »

See the Policy File Effects

In the previous steps you created an entry in the exampleraypolicy policy file granting code signed by susan permission to read files from the C:\TestData\ directory (or the testdata directory in your home directory if you're working on UNIX). Now you should be able to successfully execute the Count program to read and to count the characters in a file from the specified directory, even when you run the application with a security manager.

As described at the end of the Quick Tour of Controlling Applets lesson, there are two possible ways you can have the exampleraypolicy file be considered as part of the overall policy, in addition to the policy files specified in the security properties file. The first approach is to specify the additional policy file in a property passed to the runtime system. The second approach is to add a line in the security properties file specifying the additional policy file.

Approach 1

You can use a -Djava.security.policy command-line argument to specify a policy file that should be used in addition to or instead of the ones specified in the security properties file.

To run the Count application and have the exampleraypolicy policy file included, type the following while in the directory containing the sCount.jar and exampleraypolicy files: 

java -Djava.security.manager -Djava.security.policy=exampleraypolicy
  -cp sCount.jar Count C:\TestData\data

Note: The command should be typed on a single line, with a space between exampleraypolicy and -cp.

The program should report the number of characters in the specified file.

If it still reports an error, something is wrong in the policy file. Use the Policy Tool to check the permission you just created in the previous step, and change any typos or other errors.

Approach 2

You can specify a number of URLs -- including ones of the form "http://" -- in policy.url.n properties in the security properties file, and all the designated policy files will get loaded.

So one way to have your exampleraypolicy file's policy entries considered by the interpreter is to add an entry indicating that file in the security properties file.

Important:  If you are running your own copy of the JDK, you can easily edit your security properties file. If you are running a version shared with others, you may only be able to modify the system-wide security properties file if you have write access to it or if you ask your system administrator to modify the file when appropriate. However, it's probably not appropriate for you to make modifications to a system-wide policy file for this tutorial test; we suggest that you just read the following to see how it's done or that you install your own private version of the JDK to use for the tutorial lessons.
The security properties file is located at 
  Windows:
    java.home\lib\security\java.security 
  UNIX:
    java.home/lib/security/java.security
The java.home portion indicates the directory into which the JRE was installed.

To modify the security properties file, open it in an editor suitable for editing an ASCII text file. Then add the following line after the line starting with policy.url.2: 

  Windows:
    policy.url.3=file:/C:/Test/exampleraypolicy
  UNIX:
    policy.url.3=file:${user.home}/test/exampleraypolicy

On a UNIX system you can alternatively explicitly specify your home directory, as in 

policy.url.3=file:/home/susanj/test/exampleraypolicy
Next, in your command window, go to the directory containing the sCount.jar file, that is, the C:\Test or ~/test directory. Type the following command on one line: 
java -Djava.security.manager
        -cp sCount.jar Count C:\TestData\data

As with approach 1, if the program still reports an error, something is wrong with the policy file. Use the Policy Tool to check the permission you just created in the previous step, and change any typos or other errors.

Important: Before continuing, you may want to delete the line you just added in the security properties file (or comment it out), since you probably do not want the exampleraypolicy file included when you are not running the tutorial lessons.
« PreviousTrailNext »

Problems with the examples? Try Compiling and Running the Examples: FAQs.
Complaints? Compliments? Suggestions? Give us your feedback.

Previous page: Save the Policy File
Next page: Exchanging Files