Java Dynamic Management Kit 3.2 Programming Guide
[ Previous ][ Fast Back ]Chapter 13. Class and Library Loading Service[ Fast Forward ][ Next ]

Code Signing

The RMI class and library loading service supports code signing. On the class server side, this involves:

On the agent side, class signing involves the following:

Example

Example 13-10 shows the policy file entry for classes coming from an RMI class server with codebase rmi://myHost:1099/NetClassServer and signed by tester. This entry grants two permissions, the first one grants read access to all files in the directory /tmp and the second one grants access to the objects registered in the framework.

Example 13-10. Example Policy File Entry
grant signedBy "tester" {
   permission java.io.FilePermission "/tmp/*", "read";
   permission com.sun.jaw.reference.agent.cmf.FrameworkPermission "accessObjects";
};


Note - The codebase of the RMI class server cannot be used to identify the source of the code in the grant clause of the policy file. This is because the RMI protocol is not supported by the java.net.URL class. Only the signer can be used to identify the classes coming from an RMI class server.



[ Previous ][ Home ][ Next ]
Security Manager[ Up ]M-Let, Bootstrap and Launcher Services