10.10.4. Write a Java Security Manager Policy


An application called policytool is included with most JDK and JRE distributions, for the purpose of creating and editing Java Security Manager security policies. Detailed information about policytool is linked from http://docs.oracle.com/javase/6/docs/technotes/tools/.

Basic Information

A security policy consists of the following configuration elements:

The URL location (excluding the host and domain information) where the code originates from. This parameter is optional.
The alias used in the keystore to reference the signer whose private key was used to sign the code. This can be a single value or a comma-separated list of values. This parameter is optional. If omitted, presence or lack of a signature has no impact on the Java Security Manager.
A list of principal_type/principal_name pairs, which must be present within the executing thread's principal set. The Principals entry is optional. If it is omitted, it signifies "any principals".
A permission is the access which is granted to the code. Many permissions are provided as part of the Java Enterprise Edition 6 (Java EE 6) specification. This document only covers additional permissions which are provided by JBoss EAP 6.

Procedure 10.35. Setup a new Java Security Manager Policy

  1. Start policytool.

    Start the policytool tool in one of the following ways.
    • Red Hat Enterprise Linux

      From your GUI or a command prompt, run /usr/bin/policytool.
    • Microsoft Windows Server

      Run policytool.exe from your Start menu or from the bin\ of your Java installation. The location can vary.
  2. Create a policy.

    To create a policy, select Add Policy Entry. Add the parameters you need, then click Done.
  3. Edit an existing policy

    Select the policy from the list of existing policies, and select the Edit Policy Entry button. Edit the parameters as needed.
  4. Delete an existing policy.

    Select the policy from the list of existing policies, and select the Remove Policy Entry button.

Permission Specific to JBoss EAP 6

Provides access to the org.jboss.security.SecurityAssociation. getPrincipal() and getCredential() methods. The risk involved with using this runtime permission is the ability to see the current thread caller and credentials.
Provides access to the org.jboss.security.SecurityAssociation. getSubject() method.
Provides access to the org.jboss.security.SecurityAssociation. setPrincipal(), setCredential(), setSubject(), pushSubjectContext(), and popSubjectContext() methods. The risk involved with using this runtime permission is the ability to set the current thread caller and credentials.
Provides access to the org.jboss.security.SecurityAssociation. setServer() method. The risk involved with using this runtime permission is the ability to enable or disable multi-thread storage of the caller principal and credential.
Provides access to the org.jboss.security.SecurityAssociation. pushRunAsRole(), popRunAsRole(), pushRunAsIdentity(), and popRunAsIdentity() methods. The risk involved with using this runtime permission is the ability to change the current caller run-as role principal.
Provides access to the org.jboss.security.SecurityAssociation. accessContextInfo(), and accessContextInfo() getter and setter methods. This allows you to both set and get the current security context info.
Provides special permissions to files and directories in a specified JNDI tree path, or recursively to all files and subdirectories. A JndiPermission consists of a pathname and a set of valid permissions related to the file or directory.
The available permissions include:
  • bind
  • rebind
  • unbind
  • lookup
  • list
  • listBindings
  • createSubcontext
  • all
Pathnames ending in /* indicate that the specified permissions apply to all files and directories of the pathname. Pathnames ending in /- indicate recursive permissions to all files and subdirectories of the pathname. Pathnames consisting of the special token <<ALL BINDINGS>> matches any file in any directory.
A custom permission class for protecting access to sensitive SRP information like the private session key and private key. This permission does not have any actions defined. The getSessionKey() target provides access to the private session key which results from the SRP negotiation. Access to this key allows you to encrypt and decrypt messages that have been encrypted with the session key.
This permission class provides basic permissions to secure Hibernate sessions. The target for this property is the entity name. The available actions include:
  • insert
  • delete
  • update
  • read
  • * (all)
Provides a custom permission class for controlling how callers interact with the metadata stack. The available permissions are:
  • modify
  • push (onto the stack)
  • pop (off the stack)
  • peek (onto the stack)
  • * (all)
Secures setting of configuration properties. Defines only permission target names, and no actions. The targets for this property include:
  • <property name> (the property this code has permission to set)
  • * (all properties)
Secures access to the kernel configuration. Defines only permission target names and no actions. The targets for this property include:
  • access (to the kernel configuration)
  • configure (implies access)
  • * (all)
Secures access to the kernel. Defines only permission target names and no actions. The targets for this property include:
  • kernel
  • * (all)