Implementing a security manager is a key step in defining a security policy for your own Java applications; the examples presented in this chapter should help you do that effectively. In Java 1.2, you can specify much of the security policy via an external policy file, although there are still instances where you need to write your own security manager in order to achieve specific (but common) policies. In Java 1.1 and previous releases, you need to write your own security manager that implements the security policy you feel is appropriate. Otherwise, your Java application will have no security policy at all.
If you don’t feel comfortable running a third-party Java
application without a security manager in place, the examples
we’ve provided in this chapter are also key—they provide
the cornerstone of the security features that are built into the
On the other hand, if you have a secured network and want to expand
the parameters of the Java sandbox without resorting to the use and
configuration of signed classes (the topic we’ll explore for
most of the rest of this book), writing your own security manager is
also the way to go. For browsers that support it, you can then
substitute the new security manager into them, or you can again use
JavaRunner program or Java’s
Launcher to run the program.
No matter what path you take, the security manager is the most important aspect of the Java sandbox. The methods of the security manager should help you be able ...