Accessing System Resources |
Once you've completed writing yourSecurityManager
subclass, you can install it as the current security manager for your Java application. You do this with thesetSecurityManager()
method from theSystem
class.Here's a small test application, SecurityManagerTest, that installs the PasswordSecurityManager class from the previous page as the current security manager. Then to verify that the security manager is in place and operational, the SecurityManagerTest application opens two files--one for reading and one for writing--and copies the contents of the first file into the second.
The
main()
method begins by installing a new security manager:The bold line in the previous code snippet creates a new instance of the PasswordSecurityManager class with the password "Booga Booga". This instance is passed to System'stry { System.setSecurityManager(new PasswordSecurityManager("Booga Booga")); } catch (SecurityException se) { System.out.println("SecurityManager already set!"); }setSecurityManager()
method, which installs the object as the current security manager for the running application. This security manager will remain in effect for the duration of the execution of this application.You can set the security manager for your application only once. In other words, your Java application can invoke
System.setSecurityManager()
only one time during its lifetime. Any subsequent attempt to install a security manager within a Java application will result in a SecurityException.The rest of the program copies the contents of this file
inputtext.txt
into an output file namedoutputtext.txt
. This is a simple test to verify that the PasswordSecurityManager has been properly installed.The bold lines in the previous code snippet are restricted file system accesses. These method calls will result in a call to PasswordSecurityManager'stry { DataInputStream fis = new DataInputStream(new FileInputStream("inputtext.txt")); DataOutputStream fos = new DataOutputStream(new FileOutputStream("outputtext.txt")); String inputString; while ((inputString = fis.readLine()) != null) { fos.writeBytes(inputString); fos.writeByte('\n'); } fis.close(); fos.close(); } catch (IOException ioe) { System.err.println("I/O failed for SecurityManagerTest."); }checkAccess()
method.Running the Test Program
When you run the SecurityManagerTest application, you are prompted twice for a password: once when the application opens the input file and once when the application opens the output file. If you type in the correct password, the access is granted--the file object--and the application proceeds to the next statement. If you type in an incorrect password,checkXXX()
throws a SecurityException, which the test application makes no attempt to catch so the application terminates.This is an example of the output from the application when you type in the password correctly the first time, but incorrectly the second:
Notice that the error message that the application prints is the error message for theWhat's the secret password? Booga Booga What's the secret password? Wrong password java.lang.SecurityException: Not Even! at PasswordSecurityManager.checkWrite(PasswordSecurityManager.java:46) at java.io.FileOutputStream.(FileOutputStream.java) at SecurityManagerTest.main(SecurityManagerTest.java:15) checkWrite(String)
method.
Accessing System Resources |