Choose SocketPermission from the first combo box. Then
Choose SocketPermission from the first combo box. Then fill out the second text field on the right side with the network address that EvilEmpire will connect to. Finally, choose connect from the third combo box. Click on OK; you should see the new permission in the policy entry window, as shown in Figure 3.3. Click on Done to finish creating the policy. Then choose Save As from the File menu and save the policy file as something memorable, like EvilEmpire.policy. You can quit policytool now; we’re all done with it. There’s nothing magical about the policy file you just created. Take a look at it with a text editor. It has a simple syntax; here’s the important part, showing the policy we just created: grant codeBase “file:/c:/Projects/Exploring/” { permission java.net.SocketPermission “207.46.131.13″, “connect”; }; You can eschew policytool entirely and just create policy files with a text editor, if you’re more comfortable that way. 3.2.3 Using a Policy File with the Default Security Manager Now that we’ve gone to the trouble of creating a policy file, let’s use it. You can tell the default security manager to use the policy file with another command-line option to the java interpreter: C:> java -Djava.security.manager -Djava.security.policy=EvilEmpire.policyEvilEmpire Connected! EvilEmpire can now make its socket connection because we have explicitly granted it permission with a policy file. The default security manager still protects us in other ways, however; EvilEmpire cannot write or read files on the disk except in the directory it came from; it cannot make connections to any other network addresses except the one we specified. Take a moment and bask in this warm fuzzy feeling. Later, in Chapter 20, you’ll see policytool again when we explain signed applets. In this chapter, codebases are identified by URLs, which isn’t the most secure option. Through tricky network shenanigans, a clever forger may be able to give you code that appears to be from somewhere it’s not. Crytpographically signed code is even more trustworthy; see Chapter 20 for the full details. - 58
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost JSP Web Hosting services