I'm new to java security policy, referring to [Java core programming] volume 2, there's sample of using policy file to specify permissions for file, etc.
My question is:
(1) When I develop my own application or applet, I can use this policy to restrict the permission of my own program. But it doesn't make much sense to restrict myself----I think the meaning of policy is to restrict unknown source or classes from network or others. So how to do this kind of restriction? I didn't find good example from the book or net.
(2) Other then using applet(obsoleted nowadays), what the usual scenario of using java.policy files in production environment?
Thanks a lot.
But it doesn't make much sense to restrict myself.
It can make sense. For example, suppose that you implemented a webserver in pure Java and it needed to be exposed on a public IP address. Suppose that you were concerned that there might be security flaws in your code (or in Java SE or 3rd-party libraries) that might result in your JVM being compromised. One possible way to protect your system might be to implement the webserver to use the Java Security framework to restrict the (hypothetically) compromised code's ability to read / write files in the file system, launch separate processes, establish network connections and so on.
(Note that there are other ways to deal with problems like the above; e.g. SE Linux and Apparmor.)
I think the meaning of policy is to restrict unknown source or classes from network or others. So how to do this kind of restriction?
Yes, that is the normal use for security policies.
The basic idea is that the application starts with full privilege. To run code that is not trusted, you instantiate a security manager with the policy file. Then you instantiate a (sandbox) classloader using that security manager. Then you load the untrusted code using the sandbox classloader.
Other then using applet(obsoleted nowadays), what the usual scenario of using java.policy files in production environment?
See above for one scenario.
Another scenario is when you need to run untrusted Java code that is NOT applet based. For example, running plugins for an application that were provided by end-users, or setting up a public server for doing competitive coding.