Chapter 18: Java Access: The Security Manager

Introduction

In Java 1.1, there was security to prevent Java Applets from accessing local system resources such as the local area network and the local file system. As time progressed, Java 2 needed to treat remote applications like Java Applets and local applications in a similar manner because local applications also needed the same security precautions . The Java architecture needed a means to change the permissions on applications dynamically without changing code. There arose the need for a security policy file for the application that could be changed similar to a properties file with a set of permissions to protect the domain.

The protection domain is a specific set of permissions. As time progressed and the security manager utility managed permissions, there arose the need to modify and extend permissions for a more robust protection domain to fine-tune the permissions. The security manager was permission-specific and had individual checkXXX ( ) methods per each permission operation. An access controller was added to check any class derived from the Permission class so that permissions could be extended without changing Java code. This made up the Java 2 security sandbox. The Java security sandbox begins at the time that a class is loaded into a JVM.

For a class file to load up in the Java virtual machine (JVM), there are many checks that must be performed to ensure that the Java application functions properly. A class file is a runnable Java file. The basic flow of a class file is that it first must be loaded by a JVM. The JVM loads a class file using the java.lang.ClassLoader class. The class loader first checks the byte stream to ensure that the class file is a valid Java class file. An example of what it will check for is the 0xCAFEBABE (Caf Babe) magic number at the beginning of the class file. After it ensures that the class is structured and follows a valid class format, it loads up the reference classes and fields. Then the JVM checks to see if a SecurityManager is defined for the class file, and if so, it checks the permissions and operations against any defined system resources.

If the security manager is set, and the application tries to access a system resource that is not defined for access in the protection domain, the security manager throws a SecurityException . The security manager uses an access controller to check the permissions that are defined in a protection domain. The protection domain is a set of permissions and their associated system resources. Figure 18-1 displays the basic interaction. If no security manager is defined, then the application can access any system resource. Java Applets automatically have a security manager defined, so they have limited access to the local system.

Figure 18-1: The basic class flow