Microsoft SDK for Java

Asserting Permission in Your Java code

It is important to know when, why, and how to assert permission in your Java code. An applet, even if it is fully trusted, must assert permission in cases where there will be an untrusted caller above it on the call stack. This can occur if the applet performs trusted operations in the applet's default constructor, in the init, start, stop, or destroy methods, or in a method called by a script.

Security Exceptions

In the Microsoft virtual machine (build 2252 or higher), the security manager crawls the call stack when an applet is run from a signed cabinet file. When trusted operations are performed, the security manager first ensures that the object is trusted to perform the operation, and then crawls the call stack to ensure that all callers are also entrusted to make the call. During this process, the security manager may throw one of the following exceptions:

Asserting Permission

You can do one of the following to prevent these exceptions:

Using the assertPermission(PermissionId pid) method in the PolicyEngine class prevents the security manager from crawling the call stack and enables your applet to perform trusted operations even when methods on the call stack are not trusted. You should only assert permissions if you are sure an untrusted member of the call stack cannot harm the user’s system.

A logical place to assert permissions is at the beginning of the method that is making the trusted call. Once this method returns, subsequent public methods called from outside the VM must also assert permission before making trusted calls.

The PermissionID class has predefined granular permissions, such as NETIO, FILEIO, and so forth. To grant full permissions to the applet, use the SYSTEM permission. This is required for calling J/Direct, COM, and native methods.

Example

The following sample applet demonstrates reading a character from a Web page, which is a trusted operation. This example must be trusted either by placing the file in a signed cabinet, running the project from Microsoft® Developer Studio®, or by placing the class in the class path.

 import com.ms.security.*;
 
    import java.applet.Applet;
    import java.net.*;
    import java.io.*;
    import java.awt.*;
 
    public class myApplet1 extends Applet {
      TextField message=null;
 
      public myApplet1() {
        message=new TextField();
        setLayout(new BorderLayout());
        add("Center",message);
      }
 
 public void init() 
 { 
    /* Our init function needs to read a character from a URL, which is a 
       trusted operation. We assert NET permission to stop the stack 
       crawling since the Web page isn't trusted. The applet must be 
       signed so the init() function has permission to perform net 
       operations. 
    */
 
    try { 
      if (Class.forName("com.ms.security.PolicyEngine") != null) { 
        PolicyEngine.assertPermission(PermissionID.NETIO);
      }
  } catch (Throwable cnfe) {
  } 
 
 try { 
    URL url = new URL("http://www.microsoft.com/"); 
    DataInputStream dis;
    dis = new DataInputStream(url.openConnection().getInputStream()); 
    dis.readChar();
    message.setText("Read character.");
  } catch (MalformedURLException mue) {
    message.setText("MalformedURL");
    mue.printStackTrace();
  } catch (Throwable t) { 
    message.setText(t.toString());
    t.printStackTrace();
  } 
 } 
}

© 1999 Microsoft Corporation. All rights reserved. Terms of use.