org.apache.river.tool

Class SecurityPolicyWriter

java.lang.Object

java.lang.SecurityManager

org.apache.river.api.security.CombinerSecurityManager

org.apache.river.tool.SecurityPolicyWriter

All Implemented Interfaces:

CachingSecurityManager

public class SecurityPolicyWriter
extends CombinerSecurityManager

This SecurityManager can be used in a simulation environment to generate policy files that conform to the principle of least privilege.

It should be installed from the command line using the following system property:
-Djava.security.manager=org.apache.river.tool.SecurityPolicyWriter

The policy file generated will be specific to the runtime where it is generated. Users should edit the files after generation if they wish to deploy the policy else where, replacing file path characters etc.

Note that the file generated will not contain the ProtectionDomain of the jar file containing this SecurityManager, neither will it contain Java platform jars.

The following properties should be set to obtain CodeSource signer Certificate Aliases.

System Properties

System Property	Explanation
org.apache.river.tool.SecurityPolicyWriter.Directory	Directory to create policy files in.
javax.net.ssl.trustStore	The location of the KeyStore, if no location is specified, then the cacerts file in the lib/security subdirectory of the JDK installation directory is used. If specified, the location is treated as a URL. If no protocol is specified in the URL or it is an unknown protocol, then, the location is treated as a file name.
javax.net.ssl.trustStoreType	The KeyStore type, If no keystore type is specified, then the type returned by KeyStore.getDefaultType() is used.
javax.net.ssl.trustStorePassword	The KeyStore password, if no password is specified, then no password is used when loading the keystore.

Since:

3.0.0

Author:

Peter Firmstone

See Also:

KeyStore

Field Summary

Fields inherited from class java.lang.SecurityManager

inCheck

Constructor Summary

Constructors

Constructor and Description
SecurityPolicyWriter()

Method Summary

Modifier and Type	Method and Description
protected boolean	checkPermission(ProtectionDomain pd, Permission p)

Methods inherited from class org.apache.river.api.security.CombinerSecurityManager

checkPermission, checkPermission, clearCache, getSecurityContext

Methods inherited from class java.lang.SecurityManager

checkAccept, checkAccess, checkAccess, checkAwtEventQueueAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkExit, checkLink, checkListen, checkMemberAccess, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkSystemClipboardAccess, checkTopLevelWindow, checkWrite, checkWrite, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getThreadGroup, inClass, inClassLoader

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityPolicyWriter

public SecurityPolicyWriter()

Method Detail

checkPermission

protected boolean checkPermission(ProtectionDomain pd,
                                  Permission p)

Overrides:

checkPermission in class CombinerSecurityManager