|
|
Start of Tutorial > Start of Trail > Start of Lesson |
Search
Feedback Form |
Below is a complete policy file for a user wanting to runTerrysGame.The policy file syntax is not described here; if you're interested, see Default Policy Implementation and Policy File Syntax
on the public
java.sun.comweb site.You don't need to know the syntax; you can always use the Policy Tool to create policy files, as shown in Quick Tour of Controlling Applets
, Quick Tour of Controlling Applications
, and Signing Code and Granting It Permissions
lessons.
Below is the sample policy file, followed by a description of the individual entries. Assume that
Here's the policy file:
- The policy file is on Kim's computer, and Kim's keystore is named
kim.keystore.
TerrysGamehas been signed by the game creator Terry's private key, and the corresponding public key is in the keystore entry aliased by"terry".
- The
HighScoreandHighScorePermissionsclasses were signed by the private key of the person who implemented them (Chris), and the corresponding public key is in the keystore entry aliased by"chris".keystore "kim.keystore"; // Here is the permission TerrysGame needs. // It grants code signed by "terry" the HighScorePermission, if the // HighScorePermission was signed by "chris" grant SignedBy "terry" { permission com.scoredev.scores.HighScorePermission "TerrysGame", signedBy "chris"; }; // Here is the set of permissions the HighScore class needs: grant SignedBy "chris" { // The HighScore class needs permission to read "user.home" to find // the location of the highscore file permission java.util.PropertyPermission "user.home", "read"; // It needs permission to read and write the high score file itself permission java.io.FilePermission "${user.home}${/}.highscore", "read,write"; // It needs to get granted its own permission, // so it can call checkPermission // to see if its caller has permission. // Only grant it the permission // if the permission itself was signed by "chris" permission com.scoredev.scores.HighScorePermission "*", signedBy "chris"; };
A keystore is a repository of keys and certificates, and is used to look up the public keys of the signers specified in the policy file (
"terry"and"chris"in this example).The
keytoolutility is used to create and administer keystores.For this lesson, assume Kim would like to play
TerrysGame. If Kim's keystore is namedkim.keystore, then Kim's policy file needs the following line at the very beginning:keystore "kim.keystore";
A policy file entry specifies one or more permissions for code from a particular code source - either code from a particular location (URL), or code signed by a particular entity, or both.
Our policy file needs an entry for each game, granting code signed by a key from that game's creator a
HighScorePermissionwhose name is the game name. That permission allows the game to call theHighScoremethods to get or update the user's high score value for that particular game.The entry required for
TerrysGameis:grant SignedBy "terry" { permission com.scoredev.scores.HighScorePermission "TerrysGame", signedBy "chris"; };Requiring that
TerrysGamebe signed by"terry"enables Kim to know that the game is the actual game that Terry developed. For this to work, Kim must have already stored Terry's public key certificate intokim.keystoreusing the alias"terry".Notice that the
HighScorePermissionneeds to be signed by"chris", the person who actually implemented that permission. This ensures thatTerrysGameis granted the actual permission implemented by"chris", and not someone else. As before, for this to work Kim must have already stored Chris's public key certificate intokim.keystoreusing the alias"chris".
The final entry in the policy file grants permissions to theHighScoreclass. More specifically, it grants permissions to code signed by"chris", who created and signed the class. Requiring the class to be signed by"chris"ensures that whenTerrysGamecalls upon this class to update the user's high score,TerrysGameknows for sure that it is using the original class implemented by"chris".To update the user's high score value for any games that call upon it do so, the
HighScoreclass requires three permissions:1. Permission to read the
"user.home"property value.The
HighScoreclass stores the user's high score values in a.highscorefile in the user's home directory. Therefore this class needs ajava.util.PropertyPermissionthat allows it to read the"user.home"property value to find out exactly where the user's home directory resides:permission java.util.PropertyPermission "user.home", "read";2. Permission to read and write to the high score file itself.
This permission is needed so the
HighScoregetHighScoreandsetHighScoremethods can access the user's.highscorefile to get or set, respectively, the current high score for the current game.Here's the required permission:
Note: The notationpermission java.io.FilePermission "${user.home}${/}.highscore", "read,write";${propName}specifies the value of a property. Thus,${user.home}will be replaced by the value of the"user.home"property. The notation${/}is a platform-independent way of specifying a file separator.3. All HighScorePermissions (i.e, HighScorePermissions of any name).
This permission is needed so that the
HighScorechecks to ensure the calling game has been granted aHighScorePermissionwhose name is the game name will work. That is, theHighScoreclass must also be granted the permission, since a permission check requires that all code currently on the stack have the specified permission.Here's the required permission:
As before, thepermission com.scoredev.scores.HighScorePermission "*", signedBy "chris";HighScorePermissionitself needs to be signed by"chris", the person who actually implemented the permission.
|
|
Start of Tutorial > Start of Trail > Start of Lesson |
Search
Feedback Form |
Copyright 1995-2004 Sun Microsystems, Inc. All rights reserved.