The Java Tutorials have been written for JDK 8. Examples and practices described in this page don't take advantage of improvements introduced in later releases and might use technology no longer available.
See Java Language Changes for a summary of updated language features in Java SE 9 and subsequent releases.
See JDK Release Notes for information about new features, enhancements, and removed or deprecated options for all JDK releases.
The last part of the
Quick Tour of Controlling Applications lesson shows how an application can be run under a security manager by invoking the interpreter with the new -Djava.security.manager
command-line argument. But what if the application to be invoked resides inside a JAR file?
One of the interpreter options is the -cp
(for class path) option, that lets you specify a search path for application classes and resources. Therefore, to execute the Count
application inside the sCount.jar
JAR file, specifying the file C:\TestData\data
as its argument, you can type the following command while in the directory containing sCount.jar
:
java -cp sCount.jar Count C:\TestData\data
To execute the application with a security manager, add -Djava.security.manager
, as shown below:
java -Djava.security.manager -cp sCount.jar Count C:\TestData\data
Important: When you run this command, your Java interpreter will throw an exception shown below:
Exception in thread "main" java.security.AccessControlException: access denied (java.io.FilePermission C:\TestData\data read) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at java.lang.SecurityManager.checkRead(Compiled Code) at java.io.FileInputStream.<init>(Compiled Code) at Count.main(Compiled Code)
In this example, AccessControlException
reported that the count
application does not have permission to read the file C:\TestData\data
. Your interpreter raised this exception because it will not allow any application running under a security manager to read a file or to access other resources unless it has explicit permission to do so -- usually specified in a grant
statement contained in a policy
file.