Java Tools for Development and Testing:
policytool

What is the policytool utility and what can it do for you?

Java platforms provide a utility called policytool that can be used in conjunction with the Java policy manager to tailor the permissions applicable to a Java program running in a given Java environment.

For example, a general policy might be in place that restricts Java programs from doing certain things (connecting to a certain web site, for example). The policytool utility can be used to create a "policy file" that overrides this global policy for a certain program when that program runs.

To see how this works in a very simple situation, perform the following steps with the EvilEmpire.java sample program from Misc | Security:

  1. Try the following command and you should be able to connect to the "Evil Empire" with no trouble: 
    java EvilEmpire
  2. Then try the command along with the "default security manager" in place, and you should not be able to connect: 
    java EvilEmpire -Djava.security.manager EvilEmpire
  3. However, we can create a "policy file" that permits this security policy to be bypassed for this file, as follows:
    1. Start up the policy tool utility with the following command: 
          policytool
      If you get an error message, just click OK.
    2. In the Policy Tool window, click on Add Policy Entry.
    3. In the Policy Entry window, fill in the Codebase entry box with the URL of the directory containing the EvilEmpire program you want to run. This URL should have this form: 
          file:/full_path_to_required_directory
    4. Then click on Add Permission.
    5. A third Permission window will pop up and you should choose SocketPermission from the first combo box, Target Name from the second and enter the host to which you wish to connect [cstest.smu.ca] in the second column, and finally choose connect from the third combo box.
    6. Now click OK, and then Done.
    7. Finally, choose Save As from the File menu and save the policy file as EvilEmpire.policy or something equally memorable.
  4. Now give the following command, and you should be able to connect once again: 
    java -Djava.security.manager -Djava.security.policy=EvilEmpire.policy EvilEmpire

List of All Topics