Policy File

A policy file is a file that contains a set of permissions and associates these permissions with a principal or a set of files. The policy file contains a class to associate to a resource. This class gives the permission to that file. For instance, to give a read permission to a file, a FilePermission class is used that allows read, write, execute, or delete permissions or any combination thereof. The grant keyword is used to grant permissions of a particular type to a specific resource. This is commonly known as a grant entry . Listing 8-8 shows a grant entry for giving read permissions to the java.policy file located under the Windows operating system path from the $JRE subdirectory.

Listing 8-8: Grant entry example

 grant{  permission java.io.FilePermission "  D:\jdk1.4\jre\lib\security\java.policy" "read"; } 

 

To specify the type of permission, or permission entry, the permission keyword must be used to define the entry. In Listing 8-8, the java.io.FilePermission is known as the permission_class_name where the Java class is associated with the resource. The action is the action that the permission can exercise on the resource. The target resource name is referred to as the target_name . The permission_class_name contains a set of permissions that can be associated with the class to the resource, such as the action of reading a file. The FilePermission knows what this action means and how to operate on it. However, the class understands only the set of permissions that it can operate on. For example, the FilePermission does not understand a "connect" action because that is something specific to the SocketPermission . The behavior of using the policy file is similar to returning permission in code. For instance:

 perm = new  java.io.FilePermission("D:\jdk1.4\jre\lib\security\java.policy", "read"); 

The difference is that the policy file is giving access into the system versus a particular use in the code and hides the coding implementation. The policytool is designed to edit these files and does ensure that the file is formatted correctly. Many developers edit these by using text editors, but the policytool provides a GUI that lists the correct fields to input and other useful utilities.

The FilePermission class is a standard class that is distributed with the JDK 1.4, but this does not limit the developer to those that are distributed with the JDK 1.4. New permissions can be extended from the java.security.Permission class to develop any permission that the user may require.

The signedBy property can also be applied in the policy file to the target name. This property represents a certificate stored in a keystore . The public key within the certificate is used to authenticate the target and verify the digital signature of the code. A private key of the corresponding public key is used to sign the digital certificate. Multiple aliases from the keystore are comma-delimited.

For instance, a certificate from rich and richware are represented as "rich, richware" . This means that the target resource was signed by "rich" and "richware" . If this field is omitted, it means that the authentication and validation can be any signer. It doesn't matter if the code is signed or not. Here is an example:

 grant signedBy "rich,richware" {permission java.io.FilePermission  "/jdk1.4/jre/lib/security/java.policy", "read"; }; 

Two other properties that can be optionally set for the policy file are codeBase and the principal . The codeBase property indicates a code source location. The code is represented specifying the file using the slashes that are typically used in the UNIX operating system. An example that retrieves any JAR or class file in the JDK extensions directory is as follows :

 grant codeBase "file:/D:/jdk1.4/lib/ext/*" {       ...     }; 

The principal property defines a principal that is associated with the authentication of the resource. The principal must be verified before accessing the resource. If the principal name is specified in the policy file, an X509 certificate must be retrieved from the keystore for authentication. The principal authentication follows the X500 authentication and is implemented using the javax.security.auth.x500.X500Principal class. If the certificate is ignored or cannot be authenticated, access to the target resource is denied . Here is an example:

 grant principal javax.security.auth.x500.X500Principal "cn=rich" {     permission java.io.FilePermission  "/jdk1.4/jre/lib/security/java.policy", "read";   }; 

It is also possible to specify an additional policy file at runtime of an application. This is done by defining a java.security.policy system property using the -Djava.security.policy command. The security policy property is set to a URL that specifies the URL of a policy file. For example, the URL could be set to www.richware.com/java.policy .

The policy file can contain other entries besides the grant entries. Another entry that can be specified in the policy file is the keystore entry. The keystore must be specified in the policy file if any of the signedBy entries are specified so that the certification matching the signer of the grant entry may be retrieved from the specified keystore . Only the first keystore entry in the file is used. Other entries are ignored. The keyword keystore, the keystore URL, and the keystore type specify the format. The following example shows that the keystore file is being accessed from the root of the richware domain. The type of the keystore is the Sun Java KeyStore (JKS):

 keystore "www.richware.com/.keystore", "JKS"; 

All the entries that have been mentioned so far are entries into a single file, but there might be a situation where a policy file is needed to run one application and another is used to run a different application. Instead of keeping all these policies in one policy file, a policy entry can be used to reference the file instead. This gives the environment the opportunity to have a system-wide file to reference all policy files that need to be referenced. This is done by listing all the other policy files as URLs in the main policy file, as the following two lines demonstrate :

 policy.url.1=file:${java.home}/jre/lib/security/java.policy policy.url.2=file:${user.home}/.java.policy 

This example shows that the policy entry is referencing the default policy from the JDK 1.4 directory and the policy file from the user's home directory. These entries are defined in a single policy file that could be referenced from the -Djava.security.policy property.