Java Technology Home Page
A-Z Index

Java Developer Connection(SM)
Online Training

Downloads, APIs, Documentation
Java Developer Connection
Tutorials, Tech Articles, Training
Online Support
Community Discussion
News & Events from Everywhere
Products from Everywhere
How Java Technology is Used Worldwide
 

Help is available for each task, or you can go straight to the solution source code.



Task 1

When creating your own security manager, you have to subclass SecurityManager. The java.lang.SecurityManager implementation throws security exceptions when attempting any operation. So, instead of subclassing, overriding everything, and doing something special for the methods related to file access, you'll create a null security manager that overrides everything and doesn't throw any security exceptions. This involves compiling the NullSecurityManager.java file provided.


Shift-click on the filename NullSecurityManager.java to save it and compile with javac.
javac NullSecurityManager.java

Task 2

Next, save the MySecurityManager.java skeleton. This is an empty subclass of the NullSecurityManager just created. You will need to fill in the checkRead and checkWrite methods next as they are the methods used to restrict file access.


Shift-click on the filename MySecurityManager.java to save it

Task 3

Starting with checkWrite, there are two varieties to look into: public void checkWrite(FileDescriptor fd) and public void checkWrite(String filename). With the FileDescriptor variety, you do not have to do anything. When creating an object that has a method that returns a FileDescriptor, the object will do the appropriate security checks before a FileDescriptor is available.

So, this leaves you with overriding public void checkWrite(String filename). If the filename provided in the method does not end with the file extension .tmp, throw a SecurityException.


The String class defines a method endsWith to use for comparing the contents of the end of the filename parameter.
public void checkWrite(String file) { 
  if (!file.endsWith(".tmp")) {
    throw new SecurityException ("Write attempt: " 
      + file);
  }
}

Task 4

There are three varieties of checkRead to worry about: public void checkRead(FileDescriptor fd) public void checkRead(String filename), and public void checkRead(String filename, Object context). As with checkWrite, you can ignore the FileDescriptor variety. For the two argument variety, this acts like a proxy where the context parameter is the results of a previous call to SecurityManager.getSecurityContext. This allows one object to check access for another object, like in the case of RMI, where the other object could reside with another virtual machine. In this magercise's particular case, the context is irrelevant, only the filename is important. So, just have the two argument filename variety call the one argument filename variety.


public void checkRead(String file, Object context) { 
  checkRead (file);
}

Task 5

For the public void checkRead(String filename) variety, have the method throw a SecurityException if the filename parameter doesn't end with .tmp.


public void checkRead(String file) {
  if (!file.endsWith(".tmp")) {
    throw new SecurityException ("Read attempt: " 
      + file);
  }
}

Task 6

That's all there is to MySecurityManager. Compile the class now.


javac MySecurityManager.java

Task 7

The SMTester.java program tests out the new security manager. The program includes tests for reading and writing the files joe.txt and joe.tmp, before and after a security manager is installed. It is your job to install the security manager previously defined.


Use the setSecurityManager method of the System class to install the new security manager. Don't forget to create an instace of the class to install.
System.setSecurityManager(new MySecurityManager());

Task 8

Compile and run the program. The program doesn't read/write to any files. Instead, it uses File.exist and File.canWrite to see if it has permissions to read or write.


javac SMTester.java
java SMTester
Copyright © 1998 MageLang Institute. All Rights Reserved.

[ This page was updated: 16-Nov-99 ]

Products & APIs | Developer Connection | Docs & Training | Online Support
Community Discussion | Industry News | Solutions Marketplace | Case Studies
Glossary - Applets - Tutorial - Employment - Business & Licensing - Java Store - Java in the Real World
FAQ | Feedback | Map | A-Z Index
For more information on Java technology
and other software from Sun Microsystems, call:
(800) 786-7638
Outside the U.S. and Canada, dial your country's AT&T Direct Access Number first.
Sun Microsystems, Inc.
Copyright © 1995-99 Sun Microsystems, Inc.
All Rights Reserved. Legal Terms. Privacy Policy.