Java/Security/Service
Secure Service
<source lang="java">
/*
* Copyright (c) 2000 David Flanagan. All rights reserved. * This code is from the book Java Examples in a Nutshell, 2nd Edition. * It is provided AS-IS, WITHOUT ANY WARRANTY either expressed or implied. * You may study, use, and modify it for any non-commercial purpose. * You may distribute it non-commercially as long as you retain this notice. * For a commercial use license, or to purchase the book (recommended), * visit http://www.davidflanagan.ru/javaexamples2. */
import java.io.File; import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.PrintWriter; import com.sun.corba.se.spi.activation.Server; /**
* This is a demonstration service. It attempts to do things that may or may not * be allowed by the security policy and reports the results of its attempts to * the client. */
public class SecureService implements Server.Service {
public void serve(InputStream i, OutputStream o) throws IOException {
PrintWriter out = new PrintWriter(o);
// Try to install our own security manager. If we can do this,
// we can defeat any access control.
out.println("Trying to create and install a security manager...");
try {
System.setSecurityManager(new SecurityManager());
out.println("Success!");
} catch (Exception e) {
out.println("Failed: " + e);
}
// Try to make the Server and the Java VM exit.
// This is a denial of service attack, and it should not succeed!
out.println();
out.println("Trying to exit...");
try {
System.exit(-1);
} catch (Exception e) {
out.println("Failed: " + e);
}
// The default system policy allows this property to be read
out.println();
out.println("Attempting to find java version...");
try {
out.println(System.getProperty("java.version"));
} catch (Exception e) {
out.println("Failed: " + e);
}
// The default system policy does not allow this property to be read
out.println();
out.println("Attempting to find home directory...");
try {
out.println(System.getProperty("user.home"));
} catch (Exception e) {
out.println("Failed: " + e);
}
// Our custom policy explicitly allows this property to be read
out.println();
out.println("Attempting to read service.tmp property...");
try {
String tmpdir = System.getProperty("service.tmp");
out.println(tmpdir);
File dir = new File(tmpdir);
File f = new File(dir, "testfile");
// Check whether we"ve been given permission to write files to
// the tmpdir directory
out.println();
out.println("Attempting to write a file in " + tmpdir + "...");
try {
new FileOutputStream(f);
out.println("Opened file for writing: " + f);
} catch (Exception e) {
out.println("Failed: " + e);
}
// Check whether we"ve been given permission to read files from
// the tmpdir directory
out.println();
out.println("Attempting to read from " + tmpdir + "...");
try {
FileReader in = new FileReader(f);
out.println("Opened file for reading: " + f);
} catch (Exception e) {
out.println("Failed: " + e);
}
} catch (Exception e) {
out.println("Failed: " + e);
}
// Close the Service sockets
out.close();
i.close();
}
} /* //Server.policy //These lines grant permissions to any code loaded from the directory shown. //Edit the directory to match the installation on your system. //On Windows systems, change the forward slashes to double backslashes: "\\". grant codeBase "file:/home/david/Books/JavaExamples2/Examples" {
// Allow the server to listen for and accept network connections // from any host on any port > 1024 permission java.net.SocketPermission "*:1024-", "listen,accept";
};
- /
</source>
