UNPKG

epubjs

Version:

Render ePub documents in the browser, across many devices

github.com/futurepress/epub.js

futurepress/epub.js

98 lines (96 loc) 13.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><head><title>Policy Files</title><link rel="stylesheet" href="core.css" type="text/css"/><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"/></head><body><div class="sect1" title="Policy Files"><div class="titlepage"><div><div><h1 class="title"><a id="learnjava3-CHP-3-SECT-6"/>Policy Files</h1></div></div></div><p>One of the truly novel things about Java is that security is built into the language. As described in <a class="xref" href="ch01.html" title="Chapter 1. A Modern Language">Chapter 1</a>, the Java VM can verify class files and Java’s security manager can impose limits on what classes do. In early versions of Java, it was necessary to implement security policies <span class="emphasis"><em>programmatically</em></span> by writing a Java security manager class and using it in your application. Later, a <a id="I_indexterm3_id646447" class="indexterm"/><span class="emphasis"><em>declarative</em></span> security system was added. This system allows you to write <span class="emphasis"><em>policy files</em></span>—text-based descriptions of permissions—which are much simpler and don’t require code changes. These policy files tell the security manager what to allow and disallow and for whom.</p><p>In early versions of Java, much of the buzz had to do with the security of applets. Applets that were downloaded from untrusted locations could be run with security restrictions that prevented them from doing questionable things such as reading from or writing to the disk or contacting arbitrary computers on the network. With security policy files, it’s easy to apply applet-style security to any application without modifying it. Furthermore, it’s easy to fine-tune the access you grant. For example, you can allow an application to access only a specific directory on the disk, or you can allow network access to certain addresses.</p><p>Understanding security and security policies can be important, so we’ll cover it here. However, in practice, you probably won’t use this facility yourself, unless you are writing a framework for running applications from many unknown sources or need to restrict an application for some other reason.</p><div class="sect2" title="The Default Security Manager"><div class="titlepage"><div><div><h2 class="title"><a id="learnjava3-CHP-3-SECT-6.1"/>The Default Security Manager</h2></div></div></div><p><a id="idx10123" class="indexterm"/> <a id="I_indexterm3_id646502" class="indexterm"/>By default, no security manager is installed when you launch a Java application locally. You can turn on security using an option of the <span class="emphasis"><em>java</em></span> interpreter to install a default security manager. The default security policy enforces many of the same rules as for applets. To see how this works, let’s write a little program that does something questionable: it makes a network connection to some computer on the Internet. (We cover the specifics of network programming in Chapters <a class="xref" href="ch13.html" title="Chapter 13. Network Programming">13</a> and <a class="xref" href="ch14.html" title="Chapter 14. Programming for the Web">14</a>.)</p><a id="I_3_tt104"/><pre class="programlisting"> <code class="kn">import</code> <code class="nn">java.net.*</code><code class="o">;</code> <code class="kd">public</code> <code class="kd">class</code> <code class="nc">EvilEmpire</code> <code class="o">{</code> <code class="kd">public</code> <code class="kd">static</code> <code class="kt">void</code> <code class="nf">main</code><code class="o">(</code><code class="n">String</code><code class="o">[]</code> <code class="n">args</code><code class="o">)</code> <code class="kd">throws</code> <code class="n">Exception</code><code class="o">{</code> <code class="k">try</code> <code class="o">{</code> <code class="n">Socket</code> <code class="n">s</code> <code class="o">=</code> <code class="k">new</code> <code class="n">Socket</code><code class="o">(</code><code class="s">"207.46.131.13"</code><code class="o">,</code> <code class="mi">80</code><code class="o">);</code> <code class="n">System</code><code class="o">.</code><code class="na">out</code><code class="o">.</code><code class="na">println</code><code class="o">(</code><code class="s">"Connected!"</code><code class="o">);</code> <code class="o">}</code> <code class="k">catch</code> <code class="o">(</code><code class="n">SecurityException</code> <code class="n">e</code><code class="o">)</code> <code class="o">{</code> <code class="n">System</code><code class="o">.</code><code class="na">out</code><code class="o">.</code><code class="na">println</code><code class="o">(</code><code class="s">"SecurityException: could not connect."</code><code class="o">);</code> <code class="o">}</code> <code class="o">}</code> <code class="o">}</code></pre><p>If you run this program with the Java interpreter, it makes the network connection:</p><a id="I_3_tt105"/><pre class="programlisting"> <code class="nl">C:</code><code class="err">\</code><code class="o">&gt;</code> <strong class="userinput"><code><code class="n">java</code> <code class="n">EvilEmpire</code></code></strong> <code class="n">Connected</code><code class="o">!</code></pre><p>But because this program is “evil,” let’s install the default security manager, like this:</p><a id="I_3_tt106"/><pre class="programlisting"> <code class="nl">C:</code><code class="err">\</code><code class="o">&gt;</code> <strong class="userinput"><code><code class="n">java</code> <code class="o">-</code><code class="n">Djava</code><code class="o">.</code><code class="na">security</code><code class="o">.</code><code class="na">manager</code> <code class="n">EvilEmpire</code></code></strong> <code class="nl">SecurityException:</code> <code class="n">could</code> <code class="n">not</code> <code class="n">connect</code><code class="o">.</code></pre><p>That’s better, but suppose that the application actually has a legitimate reason to make its network connection. We’d like to leave the default security manager in place, just to be safe, but we’d like to grant this application permission to make a network connection.<a id="I_indexterm3_id646591" class="indexterm"/></p></div><div class="sect2" title="The policytool Utility"><div class="titlepage"><div><div><h2 class="title"><a id="learnjava3-CHP-3-SECT-6.2"/>The policytool Utility</h2></div></div></div><p><a id="idx10125" class="indexterm"/> <a id="idx10130" class="indexterm"/>To permit our <code class="literal">EvilEmpire</code> example to make a network connection, we need to create a <span class="emphasis"><em>policy file</em></span> that contains the appropriate permission. A handy utility called <span class="emphasis"><em>policytool</em></span>, included with the JDK, helps make policy files. Fire it up from a command line like this:</p><a id="I_3_tt107"/><pre class="programlisting"> <code class="nl">C:</code><code class="err">\</code><code class="o">&gt;</code> <strong class="userinput"><code><code class="n">policytool</code></code></strong></pre><p>You may get an error message when <span class="emphasis"><em>policytool</em></span> starts up about not finding a default policy file. Don’t worry about this; just click <span class="emphasis"><em>OK</em></span> to make the message go away.</p><p>We now add a network permission for the <code class="literal">EvilEmpire</code> application. The application is identified by its origin, also called a <a id="I_indexterm3_id646677" class="indexterm"/><span class="emphasis"><em>codebase</em></span>, described by a URL. In this case, it is a <code class="literal">file:</code> URL that points to the location of the <code class="literal">EvilEmpire</code> application on your disk.</p><p>If you started up <span class="emphasis"><em>policytool</em></span>, you should see its main window, shown in <a class="xref" href="ch03s07.html#learnjava3-CHP-3-FIG-2" title="Figure 3-2. The Policy Tool window">Figure 3-2</a>. Click on <span class="emphasis"><em>Add Policy Entry</em></span>. Another window pops up, like the one shown in <a class="xref" href="ch03s07.html#learnjava3-CHP-3-FIG-3" title="Figure 3-3. Adding a policy entry">Figure 3-3</a> (but with the fields empty).</p><div class="figure"><a id="learnjava3-CHP-3-FIG-2"/><div class="figure-contents"><div class="mediaobject"><a id="I_3_tt108"/><img src="httpatomoreillycomsourceoreillyimages1707610.png" alt="The Policy Tool window"/></div></div><p class="title">Figure 3-2. The Policy Tool window</p></div><div class="figure"><a id="learnjava3-CHP-3-FIG-3"/><div class="figure-contents"><div class="mediaobject"><a id="I_3_tt109"/><img src="httpatomoreillycomsourceoreillyimages1707611.png" alt="Adding a policy entry"/></div></div><p class="title">Figure 3-3. Adding a policy entry</p></div><p>First, fill in the codebase with the URL of the directory containing <code class="literal">EvilEmpire</code>. Then click on <span class="emphasis"><em>Add Permission</em></span>. Yet another window pops up as shown in <a class="xref" href="ch03s07.html#learnjava3-CHP-3-FIG-4" title="Figure 3-4. Creating a new permission">Figure 3-4</a>.</p><p>Choose SocketPermission from the first combo box. Then fill out the second text field on the right side with the network address that <code class="literal">EvilEmpire</code> will connect to. Finally, choose Connect from the third combo box. Click on <span class="emphasis"><em>OK</em></span>; you should see the new permission in the policy entry window, as shown in <a class="xref" href="ch03s07.html#learnjava3-CHP-3-FIG-3" title="Figure 3-3. Adding a policy entry">Figure 3-3</a>.</p><div class="figure"><a id="learnjava3-CHP-3-FIG-4"/><div class="figure-contents"><div class="mediaobject"><a id="I_3_tt110"/><img src="httpatomoreillycomsourceoreillyimages1707612.png" alt="Creating a new permission"/></div></div><p class="title">Figure 3-4. Creating a new permission</p></div><p>Click on <span class="emphasis"><em>Done</em></span> to finish creating the policy. Then choose Save As from the File menu and save the policy file as something memorable, such as <span class="emphasis"><em>EvilEmpire.policy</em></span>. You can quit <span class="emphasis"><em>policytool</em></span> now; we’re all done with it.</p><p>The policy file you just created is not complicated. Take a look at it with a text editor, which shows the simple syntax of the policy we created:</p><a id="I_3_tt111"/><pre class="programlisting"> <code class="n">grant</code> <code class="n">codeBase</code> <code class="s">"file:/c:/Projects/Exploring/"</code> <code class="o">{</code> <code class="n">permission</code> <code class="n">java</code><code class="o">.</code><code class="na">net</code><code class="o">.</code><code class="na">SocketPermission</code> <code class="s">"207.46.131.13"</code><code class="o">,</code> <code class="s">"connect"</code><code class="o">;</code> <code class="o">};</code></pre><p>You can eschew <span class="emphasis"><em>policytool</em></span> entirely and just create policy files with a text editor if you’re more comfortable that way.<a id="I_indexterm3_id646844" class="indexterm"/><a id="I_indexterm3_id646852" class="indexterm"/></p></div><div class="sect2" title="Using a Policy File with the Default Security Manager"><div class="titlepage"><div><div><h2 class="title"><a id="learnjava3-CHP-3-SECT-6.3"/>Using a Policy File with the Default Security Manager</h2></div></div></div><p><a id="I_indexterm3_id646866" class="indexterm"/> <a id="idx10124" class="indexterm"/> <a id="I_indexterm3_id646885" class="indexterm"/>Now that we’ve gone to the trouble of creating a policy file, let’s use it. You can tell the default security manager to use the policy file with another command-line option to the <code class="literal">java</code> interpreter:</p><a id="I_3_tt112"/><pre class="programlisting"> <code class="nl">C:</code><code class="err">\</code><code class="o">&gt;</code> <strong class="userinput"><code><code class="n">java</code> <code class="o">-</code><code class="n">Djava</code><code class="o">.</code><code class="na">security</code><code class="o">.</code><code class="na">manager</code> <code class="o">-</code><code class="n">Djava</code><code class="o">.</code><code class="na">security</code><code class="o">.</code><code class="na">policy</code><code class="o">=</code><code class="n">EvilEmpire</code><code class="o">.</code><code class="na">policy</code> <code class="n">EvilEmpire</code></code></strong> <code class="n">Connected</code><code class="o">!</code></pre><p><code class="literal">EvilEmpire</code> can now make its socket connection because we have explicitly granted it permission with a policy file. The default security manager still protects us in other ways, however. <code class="literal">EvilEmpire</code> cannot write or read files on the disk except in the directory it came from, and it cannot make connections to any other network addresses except the one we specified. Take a moment and bask in this warm fuzzy feeling.</p></div></div></body></html>