Java/Security/Grant

grant ability to create and write c:\temp\myfile

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "c:\\temp\\myfile", "write";
   };
  
 </source>
   
  
 
  

grant ability to delete any file or directory in c:\temp\mydir

   <source lang="java">

   grant codeBase "http://127.0.0.1/*" {
       permission java.io.FilePermission "c:\\temp\\mydir\*", "delete";
   };
  
 </source>
   
  
 
  

grant ability to execute (see Runtime.exec()) the file c:\java.exe

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "c:\\java.exe", "execute";
   };
  
 </source>
   
  
 
  

grant ability to list files in the user"s home directory

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "${user.home}", "read";
   };
  
 </source>
   
  
 
  

grant ability to read all properties that start with "myprops."

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.util.PropertyPermission "myprops.*", "read";
   };
  
 </source>
   
  
 
  

grant ability to read all system properties

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.util.PropertyPermission "*", "read";
   };
  
 </source>
   
  
 
  

grant ability to read and write all system properties

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.util.PropertyPermission "*", "read,write";
   };
  
 </source>
   
  
 
  

grant ability to read and write any file in current directory

   <source lang="java">

   // Note: this is equivalent to ${user.dir}/*
   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "*", "read,write";
   };
  
 </source>
   
  
 
  

grant ability to read and write the "myprop" system properties

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.util.PropertyPermission "myprop", "read,write";
   };
  
 </source>
   
  
 
  

grant ability to read any file

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "<<ALL FILES>>", "read";
   };
  
 </source>
   
  
 
  

grant ability to read any file or directory under c:\temp

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "c:\\temp\\-", "read";
   };
  
 </source>
   
  
 
  

grant ability to read any file under current directory

   <source lang="java">

   // Note: this is equivalent to ${user.dir}/-
   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "-", "read";
   };
  
 </source>
   
  
 
  

grant ability to write all system properties

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.util.PropertyPermission "*", "write";
   };
  
 </source>
   
  
 
  

grant ability to write the "myprop" system properties

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.util.PropertyPermission "myprop", "write";
   };
  
 </source>
   
  
 
  

grant all classes loaded from h1.com ability to read \temp\myfile

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "c:\\temp\\myfile", "read";
   };
  
 </source>
   
  
 
  

grant all classes loaded from h1.com ability to read the "myprop" system properties

   <source lang="java">

   grant codeBase "http://127.0.0.1/-" {
       permission java.util.PropertyPermission "myprop", "read";
   };
  
 </source>
   
  
 
  

Policy File: Give permission to execute all runtime-protected methods

   <source lang="java">

   grant codeBase "file:${user.home}/*" {
       // Give permission to execute all runtime-protected methods
       permission java.lang.RuntimePermission "*";
   };
  
 </source>
   
  
 
  

Policy File: Give permission to read all system properties

   <source lang="java">

   grant codeBase "http://java.sun.ru/-" {
       // Give permission to read all system properties
       permission java.util.PropertyPermission "*", "read";
   };
  
 </source>
   
  
 
  

Policy File: Use policytool to create or edit an existing policy file

   <source lang="java">

c:\jdk\policytool -file .policy

   keystore ".keystore";
   grant signedBy "yourName"  {
         permission java.io.FilePermission "${user.dir}/-", "read";
   };
   grant codeBase "http://someserver/myjar.jar" {
       permission java.util.PropertyPermission "file.encoding", "read";
   }
  
 </source>