Lesson: Quick Tour of Controlling Applications
The Java Tutorials have been written for JDK 8. Examples and practices described in this page don't take advantage of improvements introduced in later releases and might use technology no longer available.
See Java Language Changes for a summary of updated language features in Java SE 9 and subsequent releases.
See JDK Release Notes for information about new features, enhancements, and removed or deprecated options for all JDK releases.
See the Policy File Effects
Now that you have added the required policy entry to the examplepolicy policy file, you should be able to read the specified properties when you execute the GetProps application with a security manager, as shown in the following figure.
Whenever you run an applet, or an application with a security manager, the policy files that are loaded and used by default are the ones specified in the "security properties file", which is located in one of the following directories:
- Windows:
java.home\lib\security\java.security - UNIX:
java.home/lib/security/java.security
Note: The java.home environment variable names the directory into which the JRE was installed.
The policy file locations are specified as the values of properties whose names take the form:
policy.url.n
Where the variable n indicates a number. Specify each property value in a line that takes the following form:
policy.url.n=URL
Where URL is a URL specification. For example, the default policy files, sometimes referred to as the system and user policy files, respectively, are defined in the security properties file as
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
Note: Use of the notation
${propName} in the security properties file is a way of specifying the value of a property. Thus ${java.home} will be replaced at runtime by the actual value of the "java.home" property, which indicates the directory into which the JRE was installed, and ${user.home} will be replaced by the value of the "user.home" property, for example, C:\Windows.
There are two possible ways you can have the examplepolicy file be considered as part of the overall policy, in addition to the policy files specified in the security properties file. You can either specify the additional policy file in a property passed to the runtime system, as described in Approach 1, or add a line in the security properties file specifying the additional policy file, as discussed in Approach 2.
Approach 1
You can use a -Djava.security.policy interpreter command line argument to specify a policy file that should be used in addition to the ones specified in the security properties file.
Make sure that you are in the directory containing GetProps.class and examplepolicy. Then you can run the GetProps application and pass the examplepolicy policy file to the interpreter by typing the following command on one line:
java -Djava.security.manager -Djava.security.policy=examplepolicy GetProps
Note: Remember that -Djava.security.manager is required in order to run an application with a security manager, as shown in the See How to Restrict Applications step.
The program reports the values of the "user.home" and "java.home" properties.
If the application still reports an error, something is wrong in the policy file. Use the Policy Tool to check the policy entry you just created in the Set up the Policy File to Grant the Required Permissions step.
Approach 2
You can specify a number of URLs in policy.url.n properties in the security properties file, and all the designated policy files will get loaded. So one way to have your examplepolicy file's policy entries considered by the java interpreter is to add an entry specifying that policy file in the security properties file.
Important: If you are running your own copy of the JDK, you can easily edit your security properties file. If you are running a version shared with other users, you may only be able to modify the system-wide security properties file if you have write access to it or if you ask your system administrator to modify the file when appropriate. However, it's probably not appropriate for you to make modifications to a system-wide policy file for this tutorial test. We suggest that you just read the following to see how it is done or that you install your own private version of the JDK to use for the tutorial lessons.
To modify the security properties file, open it in an editor suitable for editing an ASCII text file. Then add the following line after the line containing policy.url.2: If you're on a Windows system, add
policy.url.3=file:/C:/Test/examplepolicy
If you're on a UNIX system, add
policy.url.3=file:${user.home}/test/examplepolicy
On a UNIX system you can alternatively explicitly specify your home directory, as in
policy.url.3=file:/home/jones/test/examplepolicy
Run the Application
Now you should be able to successfully run the following.
java -Djava.security.manager GetProps
As with approach 1, if you still get a security exception, something is wrong in the policy file. Use the Policy Tool to check the policy entry you just created in the Set up the Policy File to Grant the Required Permissions step. Then fix any typos or other errors.
Important: You do not need to include the
examplepolicy file unless you are running this Tutorial lesson. To exclude this file, open the security properties file and delete the line you just added.Before continuing, you may want to delete the line you just added in the security properties file (or comment it out), since you probably do not want the
examplepolicy file included when you are not running the tutorial lessons.