20-CS-694 Advanced Programming Techniques Spring 2012
Special Classes

Interfaces, Exceptions, Graphics, Animation, Threads, Reflection, Networking, RMI, JDBC, JNI

     Previous     
Security Manager Class      SecurityException Class     All lectures    
SecurityApplet.java      NullSecurityManager.java      MySecurityManager.java

Security Manager

A simple security manager that does not allow loading a file that contains the word 'pornography' and does not allow any file saves. The security manager subclasses a 'null security manager' so that most of the checks made by the security manager can be seen (there are plenty) in the 'NullSecurityManager messages' window. Choose load/save etc from the Editor menu.

Note: A set security manager can be removed by System.setSecurityManager(null), but checkPermission is executed first to make sure doing so is OK. See this link for more information.

import java.io.*;
import javax.swing.*;

class MySecurityManager extends NullSecurityManager {
   SmallFrame sf;
   String savefile;
   
   public MySecurityManager (SmallFrame sf) {  this.sf = sf;  }

   // Returns true if string a contains string b
   public boolean contains (String a, String b) {
      int i = 0;
      for ( ; i < a.length() - b.length() + 1 ; i++) {
         int j = 0;
         for ( ; j < b.length() ; j++)
            if (a.charAt(i+j) != b.charAt(j)) break;
         if (j >= b.length()) return true;
         i += j;
      }
      return false;
   }

   public void checkRead (String file) {
      // The null check on savefile is important - we do not want any
      // checks to take place until there is a file to check!!
      // If there is a file to check but its name does not appear in
      // the filename sent to checkRead, then forget it as well.
      if (savefile == null) return;
      else if (!contains(file, savefile)) {
         sf.text.append("==========================\n");
         sf.text.append("File "+file+" Pass\n");
         sf.text.append("==========================\n");
         sf.text.setCaretPosition(sf.text.getDocument().getLength());
         return;
      }

      sf.messages.setText("CheckRead: "+file+" ");
      sf.text.append("-----------\n");
      sf.text.append("CheckRead: "+file+"\n");
      sf.text.append("-----------\n");
      sf.text.setCaretPosition(sf.text.getDocument().getLength());

      // Check whether file contains 'pornography'
      InputStream is = null;
      String command = "grep pornography "+file;
      try { is = Runtime.getRuntime().exec(command).getInputStream(); } 
      catch (IOException e) {  
         sf.text.append(e.toString()+"\n"); 
         sf.text.setCaretPosition(sf.text.getDocument().getLength());
      }
      String str = null;
      try { 
         BufferedReader br = new BufferedReader(new InputStreamReader(is));
         str = br.readLine();
      } catch (IOException e) { 
         sf.text.append("IOException (10): "+e.toString());
         sf.text.setCaretPosition(sf.text.getDocument().getLength());
      }

      // Either pass the file or abort
      if (str == null) {
         sf.messages.setText(savefile + " OK");
         sf.text.append("-----------\n");
         sf.text.append(savefile + " OK.\n");
         sf.text.append("-----------\n");
         sf.text.setCaretPosition(sf.text.getDocument().getLength());
         savefile = null;      // important
         return;
      } else {
         sf.messages.setText(savefile + " contains bad word, aborting.");
         sf.text.append("-----------\n");
         sf.text.append(savefile + " contains bad word, aborting.\n");
         sf.text.append("-----------\n");
         sf.text.setCaretPosition(sf.text.getDocument().getLength());
         savefile = null;     // important 
         throw new SecurityException("no good");
      }
   }
   
   public void checkWrite (String s) {
      if (sf.writing) {
         sf.writing = false;
         sf.messages.setText("Checkwrite: cannot write file");
         sf.text.append("CheckWrite: " + s + " writing=" + sf.writing+"\n");
         sf.text.setCaretPosition(sf.text.getDocument().getLength());
         throw new SecurityException ("CheckWrite security violation on "+s);
      }
   }
}