Previous | Next | Trail Map | Security in JDK 1.2 | Quick Tour of Controlling Applets

See the Policy File Effects

Now that you have created the mypolicy policy file, you should be able to successfully execute the WriteFile applet to create and write the file writetest.

How To Load Policy Files

Whenever you run an applet (or an application with a security manager), the policy files that are loaded and used by default are the ones specified in the "security properties file", which is located at 

java.home/lib/security/java.security  (Solaris)
java.home\lib/security\java.security  (Windows)
Note: java.home indicates the directory into which the JDK was installed.

The policy file locations are specified as the values of properties whose names are of the form 

policy.url.n
Here, n indicates a number. You specify each such property value in a line of the following form: 
policy.url.n=URL
Here, URL is a URL specification. For example, the default policy files, sometimes referred to as the "system" and "user" policy files, respectively, are defined in the security properties file as 
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
Note: Use of the notation ${propName} in the security properties file is a way of specifying the value of a property. Thus, ${java.home} will be replaced at runtime by the actual value of the "java.home" property, which indicates the directory into which the JDK was stored, and ${user.home} will be replaced by the value of the "user.home" property, for example, /home/susanj.
In the previous step, you did not modify one of these policy files. You created a policy file named mypolicy. There are two possible ways you can have the mypolicy file be considered as part of the overall policy, in addition to the policy files specified in the security properties file:
  1. Approach 1: Specify the additional policy file in a property passed to the runtime system, or
  2. Approach 2: Add a line in the security properties file specifying the additional policy file

Approach 1: Indicating a policy file in the command

You can use a "-J-Djava.security.policy" appletviewer command-line argument to specify a policy file that should be used in addition to or instead of the ones specified in the security properties file.

To run the WriteFile applet and have the mypolicy policy file included, type the following in the directory in which mypolicy is stored: 

appletviewer -J-Djava.security.policy=mypolicy  
  http://java.sun.com/docs/books/tutorial/security1.2/tour1/
    example-1dot2/WriteFile.html
Notes:
  • This must be typed as a single line, with a space between "mypolicy" and the URL, and no spaces in the URL. Multiple lines are used in the example just for legibility purposes.

  • If this command line is longer than the maximum number of characters you are allowed to type on a single line, do the following: Create a text file containing the full command, and name the file with a .bat extension, for example, wf.bat. Then in your command window, simply type the name of the .bat file instead of the command. This results in execution of the full command.

If the applet still reports an error, there must be something wrong in the policy file. Use the Policy Tool to open the mypolicy file (using File/Open) and check the policy entries you just created in the previous step, Set up a Policy File to Grant the Required Permissions. Change any typos or other errors.

To view or edit an existing policy entry, select the line for that entry in the main "Policy Tool" window, then select the Edit Policy Entry button. Alternatively, you can simply double-click the line for that entry.

This brings up the same type of "Policy Entry" dialog box as appears when you are adding a new policy entry after selecting the Add Policy Entry button, except in this case the dialog box is filled in with the existing policy entry information. To change the information, simply retype it (for the CodeBase and SignedBy values) or add, remove, or modify permissions.

Approach 2: Modifying the security properties file

You can specify a number of URLs (including ones of the form "http://") in policy.url.n properties in the security properties file, and all the designated policy files will get loaded.

So one way to have our mypolicy file's policy entry considered by the appletviewer is to add an entry specifying that policy file in the security properties file.

Important: If you are running your own copy of the JDK, you can easily edit your security properties file, as described below. If you are running a version shared with others, you may only be able to modify the system-wide security properties file if you have write access to it or if you ask your system administrator to modify the file when appropriate. However, it's probably not appropriate for you to make modifications to a system-wide policy file for this tutorial test; we suggest that you just read the following to see how it's done, or that you install your own private version of the JDK to use for the tutorial lessons.

To modify the security properties file, open it in an editor suitable for editing an ASCII text file. Then add the following line after the line starting with "policy.url.2":

If you're on a Windows system, add: 

policy.url.3=file:/C:/Test/mypolicy

If you're on a Solaris system, you can add: 

policy.url.3=file:${user.home}/test/mypolicy

Alternatively, you can explicitly specify your home directory, as in 

policy.url.3=file:/home/susanj/test/mypolicy

Now you should be able to successfully run the following: 

appletviewer http://java.sun.com/docs/books/tutorial/
    security1.2/tour1/example-1dot2/WriteFile.html
(Type all that on one line, without spaces in the URL.)

As with Approach 1, if you still get a security exception, there must be something wrong in the policy file. Use the Policy Tool to check the policy entry you just created in the previous step, Set up a Policy File to Grant the Required Permissions. Change any typos or other errors.

Important: The mypolicy policy file is also used in the Quick Tour of Controlling Applications(in the Java Security 1.2 trail) lesson. If you will not be doing that lesson, you may want to delete the line you just added in the security properties file (or comment it out), since you probably do not want the mypolicy file included when you are not running the tutorial lessons.

Previous | Next | Trail Map | Security in JDK 1.2 | Quick Tour of Controlling Applets