Re: jdk1.2beta3/4 changes in codeBase interpretation for permissions

Jan Luehe (luehe@laguna.eng.sun.com)
Tue, 11 Aug 1998 10:14:40 -0700 (PDT)

Date: Tue, 11 Aug 1998 10:14:40 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: jdk1.2beta3/4 changes in codeBase interpretation for permissions
To: java-security@java.Sun.COM, rwatson@tis.com

Robert:

> This email is with regards to a change moving from jdk1.2beta3 to jdk1.2beta4.
> Under 1.2beta3, we were able to specify permissions to apply to locally loaded
> code by using the "file:/" codebase in the Java policy file. Under
> jdk1.2beta4, however, this no longer appears to work. Here is some source
> code and some sample policy files:

The feature you are requesting is still provided, but you need to
specify it in a different way.

We felt that

grant codeBase "http://java.sun.com/classes/" {
...
};

should not match

http://java.sun.com/classes/foobar/anonymous.jar".

and therefore, we changed the "imply" rules for codebases
as follows:

1. A code base with or without a trailing "/" in the policy file
matches all (class) files in that directory.

2. A code base with a trailing "/*" in the policy file matches
the directory and all (jar or class) files in that directory.

3. A code base with a trailing "/-" in the policy file matches
the directory and (recursively) all (jar or class) files
and subdirectories in that directory.

So in order for your example to continue to work with
beta4, you need to specify test-policy-3 as follows:

grant codeBase "file:/-" {
permission java.security.AllPermission;
};

Jan