See the Policy File Effects
examplepolicy policy file,
you can
execute the WriteFile applet to create and to write the
file writetest, as shown in the following figure.
Whenever you run an applet, or an application with a security manager, the policy files that are loaded and used by default are the ones specified in the "security properties file", which is located in one of the following directories:
Windows:
java.home\lib\security\java.security
UNIX:
java.home/lib/security/java.security
The policy file locations are specified as the values of properties whose names take the form
policy.url.n
n indicates a number. Specify each property
value in a line that takes the following form:
policy.url.n=URL
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
Note: Use of the notation
${propName}
in the security properties file is a way of
specifying the value of a property. Thus ${java.home} will be
replaced at runtime by the actual value of the "java.home" property,
which indicates the directory into which the JRE was installed, and
${user.home} will be
replaced by the value of the "user.home" property, for
example, C:\Windows.
examplepolicy. There are two possible ways you can have the
examplepolicy file
be considered as part of the overall policy, in addition to the policy files specified in
the security properties file. You can either specify the additional policy file in a
property passed to the runtime system, as described in
Approach 1,
or add a line in the security properties
file specifying the additional policy file, as described in
Approach 2.
Note: On a UNIX system, you must have DNS configured in order for the
WriteFile program
to be downloaded from the public web site, shown in the command below.
You need to have dns
in the list of lookup services for hosts in your
/etc/nsswitch.conf file, as in
hosts: dns files nis
/etc/resolv.conf file
with a list of nameservers.
Consult your system administrator for more information.
Approach 1
You can use theappletviewer
command-line argument, -J-Djava.security.policy, to specify a
policy file that should be used, in addition to the ones
specified in the security properties file.
To run the WriteFile applet with your new
examplepolicy policy file included, type the following in the
directory in which examplepolicy is stored:
appletviewer -J-Djava.security.policy=examplepolicy http://download.oracle.com/javase/tutorial/security/tour1/examples/WriteFile.html
Notes:
- Type this command as a single line, with a space between
examplepolicyand the URL, and no spaces in the URL. Multiple lines are used in this example for legibility purposes. - If this command line is longer than the maximum number of
characters you are allowed to type on a single line, do the following.
Create and save a text file containing the full
command, and name the file with a
.batextension, for example,wf.bat. Then in your command window, type the name of the.batfile instead of the command.
If the applet still reports an error,
you must troubleshoot the policy file.
Use the Policy Tool to open the examplepolicy file
(using File > Open) and
check the policy entries you just created in the
previous step,
Set Up a Policy File to Grant the Required Permissions.
To view or edit an existing policy entry, click on the line displaying that entry in the main Policy Tool window, then choose the Edit Policy Entry button. You can also double-click the line for that entry.
This launches the same type of Policy Entry dialog box that displays when you are adding a new policy entry after choosing the Add Policy Entry button, except in this case the dialog box is filled in with the existing policy entry information. To change the information, retype it (for the CodeBase and SignedBy values) or add, remove, or modify permissions.
Approach 2
You can specify a number of URLs (including ones of the form "http://") inpolicy.url.n properties in the security properties file, and
all the designated policy files will get loaded.
So one way to have our examplepolicy file's policy entry considered
by the appletviewer is to add
an entry specifying that policy file in the security properties file.
Important: If you are running your own copy of the JDK, you can easily edit your security properties file. If you are running a version shared with other users, you may only be able to modify the system-wide security properties file if you have write access to it or if you ask your system administrator to modify the file when appropriate. However, it's probably not appropriate for you to make modifications to a system-wide policy file for this tutorial test. We suggest that you just read the following to see how it is done or that you install your own private version of the JDK to use for the tutorial lessons.
To modify the security properties file, open it in an editor suitable for editing an
ASCII text file. Then add the following line after the line starting with
policy.url.2:
Windows:
policy.url.3=file:/C:/Test/examplepolicy
UNIX:
policy.url.3=file:${user.home}/test/examplepolicy
On a UNIX system you can also explicitly specify your home directory:
policy.url.3=file:/home/susanj/test/examplepolicy
Now you can run the following:
appletviewer http://download.oracle.com/javase/tutorial/security1.2/tour1/examples/WriteFile.html
If you still get a security exception, you must troubleshoot your new policy file. Use the Policy Tool to check the policy entry you just created in the previous step, Set Up a Policy File to Grant the Required Permissions. Change any typos or other errors.
Important: The
examplepolicy policy file is also used in the
Quick Tour of Controlling Applications
lesson. You do not need to include the examplepolicy file unless you are running this Tutorial lesson. To exclude this file, open the security properties file and delete the line you just added.
