Previous | Next | Trail Map | Security in JDK 1.2  | Quick Tour of Controlling Applets

Grant the Required Permission

To grant the WriteFile applet permission to create and write to the writetest file, you must create a policy entry granting this permission.

Select the Add Policy Entry button in the main "Policy Tool" window. This brings up the "Policy Entry" dialog box:

A policy entry specifies one or more permissions for code from a particular code source - either code from a particular location (URL), or code signed by a particular entity, or both.

The CodeBase and SignedBy text boxes are used to specify which code you want to grant the permission(s) you will be adding.

If you have both a CodeBase and a SignedBy entry, the permission(s) will be granted only to code that is both from the specified location and signed by the named alias.

To grant WriteFile the permission it needs, you can grant the permission to all code from the location (URL) where WriteFile.class is stored.

Type the following URL into the CodeBase text box of the "Policy Entry" dialog box:

    http://java.sun.com/docs/writing/tutorial/src/security1.2/tour1/example-1dot2/
(Note, this is a URL and thus must always have slashes, not backslashes.)

Leave the SignedBy text box blank, since you aren't requiring the code to be signed.


Note: If you wanted to grant the permission to any code (.class file) from the
    http://java.sun.com/docs/writing/tutorial/src/security1.2
directory and its subdirectories rather than just to code from the directory specified above, you would type the following into the CodeBase box:
    http://java.sun.com/docs/writing/tutorial/src/security1.2/-

Now that you've specified where the code comes from (the CodeBase), and that the code does not have to be signed (since there's no SignedBy value), you are ready to grant permissions to that code.

Select the Add Permission button. This brings up the "Permissions" dialog box:

Do the following to grant code from the specified CodeBase permission to write (and thus also create) the file named writetest:
  1. Select File Permission from the "Permission:" drop-down list. The complete permission type name (java.io.FilePermission) now appears in the text box to the right of the drop-down list.

  2. Type the following in the text box to the right of the list labeled "Target Name:" to specify the file named writetest:
        writetest
    
  3. Specify write access by selecting write from the "Actions:" drop-down list.
Now the "Permissions" dialog box looks like the following:

Select the OK button. The new permission appears in a line in the "Policy Entry" dialog. So now the policy entry window looks like this:


Note: Each backslash in the file path you typed has been replaced with two backslashes, as described in Note Regarding File Specifications.


You are now done specifying this policy entry, so select the Done button in the "Policy Entry" dialog. The "Policy Tool" window now contains a line representing the policy entry, showing the CodeBase value:


Note Regarding File Specifications

On Windows systems, when you type a file name and path into a Policy Tool dialog box (e.g., as a FilePermission target name), you can use any of the following as the directory separator:

Single backslashes are the "normal" Windows directory separators, and slashes are also accepted.

However, policy files themselves cannot contain single backslashes. When a policy file is read, the strings are processed by a tokenizer, which allows "\" to be used as an escape string (e.g., "\n" to indicate a new line) and which thus requires two backslashes to indicate a single backslash.

If you use single backslashes as your separators, Policy Tool automatically converts them to double backslashes (e.g., after you select OK in the Permissions dialog box), for your convenience.


Previous | Next | Trail Map | Security in JDK 1.2  | Quick Tour of Controlling Applets