Baffled by FilePermission access denied
I am trying to read through a directory and check whether I can read the files located in that directory. When I don't use a security manager the canRead() function always returns true. So I'm trying to implement a security manager and can't figure out what I'm doing wrong.
I created the following policy file. Originally I entered a code base, but with this version I removed it to try and narrow down the problem.
grant{
permission java.io.FilePermission"<<ALL FILES>>","read";
};
The following command is used:
java -cp"C:\Documents and Settings\Carl\My Documents\Java\Baseline\DirectoryList" -Djava.security.manager
-D.security.policy=directoryList.policy directoryList
I also provide two parameters. The first is the output file and the second is the directory where I want the program to start. I broke these out to help the readability of the java command.
"C:\\Documents and Settings\\Carl\\My
Documents\\Java\\Baseline\\DirectoryList\\output"
"C:\\Documents and Settings\\Carl\\My
Documents\\Java\\Baseline\\DirectoryList"
I have tried countless varieties and always receive the following error:
Security Exceptionjava.security.AccessControlException: access denied (java.io.FilePermission C:\Documents and Settings\Carl\My Documents\Java\Baseline\DirectoryList read)
The portion of my code that is throwing the error is:
File start =new File ( args[j] );
File list[] = start.listFiles();
I have access to the directory and files I'm trying to read since they are located with the class files. So really I should have two ways of getting authorization to read these files; however, nothing seems to work. I've looked through the forums and did the tutorials to see if I missed anything and can't find the problem. I would really appreciate any assistance you could provide.
[2188 byte] By [
ce-cona] at [2007-11-26 12:41:24]
# 1
>The following command is used:
> java -cp "C:\Documents and Settings\Carl\My Documents\Java\Baseline\DirectoryList" -Djava.security.manager
> -D.security.policy=directoryList.policy directoryList
There is a syntax error in the command above. You should use -Djava.security.policy
and not -D.security.policy
That may be the problem because the command above would be using the
default (sandbox) policy instead, which does not allow all file read permission...
If that doesn't solve the problem, try adding the -Djava.security.debug=access option
and inspecting the debug output to see what codebase or protection domain is
causing the access denied exception.
# 2
Thanks Smullan, I might not of caught that problem for a long time.
Unfortunately, my program doesn抰 produce the results I was expecting. I was trying to use the File class canRead() method to check whether my program was authorized to access a file. The canRead() will throw a security exception if you are using a security manager, which is why I was trying to implement the policies. However, it appears the canRead() method and security manager are only checking whether the JVM will permit the application to try and access the file. The results don抰 indicate whether the OS files permissions will allow you to read the file.
As far as I can tell, the only way to find out whether you have security permissions to a file is to open an InputStream and check for an IOException. Since I really don抰 want to open the file and only want to determine the security permissions, I am disappointed to learn this.
Can anyone confirm whether my understanding is correct on the security manager or offer another option to check the security rights to a file without trying to exercise those rights?
Thanks,
# 3
File.canRead() will consult the O/S for the static file
permissions in the directory. If a security manager is
present, it will also check the java.policy permissions.
However one thing that can only be checked by trying it is
whether someone has the file opened and locked.
File.canRead() can't do that check without opening the file
itself, which it doesn't. So opening a file can still throw an
IOException.
That being so, it's clear that using File.canRead() when
you also going to try to open the file is really a waste of
time. Just open the file and cope with the exception if it
happens.
ejpa at 2007-7-7 16:14:22 >
# 4
My testing has shown that the File.canRead() method returns true even if I don't have read access to the file. I've setup two files on my Windows system and removed access by using a different login id. The windows permissions allow me to list the file, but do not allow me to read the file. I've tried this with j2sdk1.4.2_01 and jdk1.5.0_05. Does 1.6 perform the security checking?
"f" is my file object
boolean haveAccess = false;
try{
if ( f.canRead() ) {
haveAccess = true;
}
else {
System.out.println ( "canRead() method can't read " + f );
haveAccess = false;
}
}
catch ( SecurityException se ) {
System.out.println(f + "\t" + f.lastModified() + "\t" + f.length() + se );
haveAccess = false;
}
This code always returns true.
For my program, I don't want to open the files. I just want to scan the directory and determine whether anyone can read the files or only list the directory contents. I would also like to make this test even if the file is in use. So the attempt to read the file would give me the wrong answer if someone else had it in use. I want to find out if I'm ever allowed to read the document.Not just at the very minute I scan the file.
Basically, I want to scan a directory and determine the file permissions of each file.Can I list it, read it, or write to it.
Thanks
