/*
* Copyright (c) 2000 David Flanagan. All rights reserved.
* This code is from the book Java Examples in a Nutshell, 2nd Edition.
* It is provided AS-IS, WITHOUT ANY WARRANTY either expressed or implied.
* You may study, use, and modify it for any non-commercial purpose.
* You may distribute it non-commercially as long as you retain this notice.
* For a commercial use license, or to purchase the book (recommended),
* visit http://www.davidflanagan.com/javaexamples2.
*/
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import com.sun.corba.se.spi.activation.Server;
/**
* This is a demonstration service. It attempts to do things that may or may not
* be allowed by the security policy and reports the results of its attempts to
* the client.
*/
public class SecureService implements Server.Service {
public void serve(InputStream i, OutputStream o) throws IOException {
PrintWriter out = new PrintWriter(o);
// Try to install our own security manager. If we can do this,
// we can defeat any access control.
out.println("Trying to create and install a security manager...");
try {
System.setSecurityManager(new SecurityManager());
out.println("Success!");
} catch (Exception e) {
out.println("Failed: " + e);
}
// Try to make the Server and the Java VM exit.
// This is a denial of service attack, and it should not succeed!
out.println();
out.println("Trying to exit...");
try {
System.exit(-1);
} catch (Exception e) {
out.println("Failed: " + e);
}
// The default system policy allows this property to be read
out.println();
out.println("Attempting to find java version...");
try {
out.println(System.getProperty("java.version"));
} catch (Exception e) {
out.println("Failed: " + e);
}
// The default system policy does not allow this property to be read
out.println();
out.println("Attempting to find home directory...");
try {
out.println(System.getProperty("user.home"));
} catch (Exception e) {
out.println("Failed: " + e);
}
// Our custom policy explicitly allows this property to be read
out.println();
out.println("Attempting to read service.tmp property...");
try {
String tmpdir = System.getProperty("service.tmp");
out.println(tmpdir);
File dir = new File(tmpdir);
File f = new File(dir, "testfile");
// Check whether we've been given permission to write files to
// the tmpdir directory
out.println();
out.println("Attempting to write a file in " + tmpdir + "...");
try {
new FileOutputStream(f);
out.println("Opened file for writing: " + f);
} catch (Exception e) {
out.println("Failed: " + e);
}
// Check whether we've been given permission to read files from
// the tmpdir directory
out.println();
out.println("Attempting to read from " + tmpdir + "...");
try {
FileReader in = new FileReader(f);
out.println("Opened file for reading: " + f);
} catch (Exception e) {
out.println("Failed: " + e);
}
} catch (Exception e) {
out.println("Failed: " + e);
}
// Close the Service sockets
out.close();
i.close();
}
}
/*
//Server.policy
//These lines grant permissions to any code loaded from the directory shown.
//Edit the directory to match the installation on your system.
//On Windows systems, change the forward slashes to double backslashes: "\\".
grant codeBase "file:/home/david/Books/JavaExamples2/Examples" {
// Allow the server to listen for and accept network connections
// from any host on any port > 1024
permission java.net.SocketPermission "*:1024-", "listen,accept";
};
*/
|