Providing Your Own Security Manager
Security becomes a major concern when writing and using programs
that interact with the Internet. Will you download something that
corrupts your file system? Will you be open for a virus attack?
It's unlikely that computers on the Internet will ever be completely
safe from attack from the few evil-doers out there. However,
you can take steps to provide a significant level of protection
and security for your computers and data. One of the ways that
Java provides protection from attack is through the use of security
managers. A security manager implements and imposes the security
policy for an application.
The security manager is an application-wide object that determines
whether potentially threatening operations should be allowed. The
classes in the Java packages cooperate with the security manager
by asking the application's security manager for permission to
perform certain operations.
This section walks you through a simple implementation
of a security manager that requires the user to type in a password
each time the application tries to open a file for reading or writing.
This page shows you how to put your security manager on duty for
your Java application.
Note: The security manager for an application
can be set only once. Typically, a browser sets its security manager
during its startup procedure. So most of the time, applets cannot
set the security manager because it's already been set. A
SecurityException will result if your applet attempts to do so.
See
Understanding Applet Capabilities and Restrictions
for information.
And finally, this page looks at the SecurityManager class in
greater detail, showing you which methods in the SecurityManager
class affect which kinds of operations and helping you decide
which methods your security manager needs to override.
