The Java Developers Almanac 1.4


Order this book from Amazon.

   
Home > List of Packages > java.security  [30 examples] > Policy Files  [4 examples]

e221. Protecting Files

Access to files is controlled with a policy file (see e220 Managing Policy Files). Here are examples of policy file entries for controlling access to the system.
    // grant all classes loaded from h1.com ability to read \temp\myfile
    grant codeBase "http://h1.com/-" {
        permission java.io.FilePermission "c:\\temp\\myfile", "read";
    };
    
    // grant ability to create and write c:\temp\myfile
    // Note: if \temp\myfile does not exist, it could be created as a directory
    grant codeBase "http://h2.com/-" {
        permission java.io.FilePermission "c:\\temp\\myfile", "write";
    };
    
    // grant ability to list files in the user's home directory
    grant codeBase "http://h3.com/-" {
        permission java.io.FilePermission "${user.home}", "read";
    };
    
    // grant ability to read any file or directory under c:\temp
    // Note: does not grant ability to read c:\temp itself, i.e. no permission
    // to call File.list() on c:\temp
    grant codeBase "http://h4.com/-" {
        permission java.io.FilePermission "c:\\temp\\-", "read";
    };
    
    // grant ability to delete any file or directory in c:\temp\mydir
    // Note: does not grant ability to delete c:\temp\mydir itself
    grant codeBase "http://h5.com/*" {
        permission java.io.FilePermission "c:\\temp\\mydir\*", "delete";
    };
    
    // grant ability to execute (see Runtime.exec()) the file c:\java.exe
    grant codeBase "http://h6.com/-" {
        permission java.io.FilePermission "c:\\java.exe", "execute";
    };
    
    // grant ability to read and write any file in current directory
    // Note: this is equivalent to ${user.dir}/*
    grant codeBase "http://h7.com/-" {
        permission java.io.FilePermission "*", "read,write";
    };
    
    // grant ability to read any file under current directory
    // Note: this is equivalent to ${user.dir}/-
    grant codeBase "http://h8.com/-" {
        permission java.io.FilePermission "-", "read";
    };
    
    // grant ability to read any file
    grant codeBase "http://h9.com/-" {
        permission java.io.FilePermission "<<ALL FILES>>", "read";
    };

 Related Examples
e219. Creating a New Policy File
e220. Managing Policy Files
e222. Protecting System Properties

See also: Key Store    Message Digests    Permissions    Public and Private Keys    Signatures   


© 2002 Addison-Wesley.