Search code examples
javanetbeanssecuritymanager

Java: trouble applying permissions in private policy file

I'm trying to follow the oracle tutorial on using a security manager to grant or deny access to system resources in Java applications: http://docs.oracle.com/javase/tutorial/security/tour2/index.html

I would like to grant my NetBeans projects access to "java.home" and "user.home" properties. For that purpose, I've generated a private policy file named $HOME/.java.policy:

grant codeBase "file:/home/myself/NetBeansProjects/" {
  permission java.util.PropertyPermission "user.home", "read";
  permission java.util.PropertyPermission "java.home", "read";
};

Where codeBase points to the directory where my NetBeans projects are (/home/myself/NetBeansProjects/)

In the java.security I have the following url's defined:

# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy

Now one of my NetBeans projects is trying to read the "java.home" and "user.home" properties:

System.out.println("About to get user.home property value");
s = System.getProperty("user.home", "not specified");
System.out.println("  Your user home directory is: " + s);


System.out.println("About to get java.home property value");
s = System.getProperty("java.home", "not specified");
System.out.println("  Your JRE installation directory is: " + s);

But If I try to run the Java program from command line with security manager enabled, I still get an AccessControlException:

$ pwd
/home/myself/NetBeansProjects/GetProps/src

$ java -Djava.security.manager getprops.GetProps

About to get user.home property value
Caught exception java.security.AccessControlException: access denied  ("java.util.PropertyPermission" "user.home" "read")

I was wondering if the problem resides in the codeBase path in my private policy file?

System & Software I'm testing with: NetBeans IDE 7.4 (Build 201310111528) Java: 1.7.0_45; OpenJDK Client VM 24.45-b08 Runtime: OpenJDK Runtime Environment 1.7.0_45-b31 System: Linux version 3.12.3-1-ARCH running on i386; UTF-8; es_ES (nb)

Solution

  • Assuming your project code is actually in subdirectories, you probably want:

    grant codeBase "file:/home/myself/NetBeansProjects/-" {

    (which grants permission recursively to all sub-directories).