Wednesday, June 11, 2008

Limiting permissions to Java programs with policies

I wanted to limit the permissions for a Java program to only connect to a certain host.. and the way to do this is by defining your own policy file, and passing this as an argument to the Java command as follows:

grant {
//permission "","connect,resolve";
permission "<>", "read, write, delete, execute";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "*";
permission java.lang.reflect.ReflectPermission "*";

The above policy will not grant the process any SocketPermissions, however, if you only wanted it to connect to a specific IP address or hostname, you can uncomment the first line, and edit it appropriately.

For more information refer to:

Now to start your program using the above policy file, use:

java -cp some.jar MainClass

No comments: