First of all, identify the permissions needed by your component.
There are a couple of possible approaches to determining the security
permissions that your component will need: source code analysis
and trial-and-error. In reality, you'll probably end up doing
a little bit of both, and it's usually an iterative process.
To perform source code analysis, you'll need to search your code
for method calls that require security permissions. (This
table contains a list of all the Java 2 SDK methods that require
permissions, and which permissions are checked for). Then create
a security policy for your component that contains all the permissions
you identified in your source code analysis.
The trial-and-error approach is to run your application and see
what breaks. Start with an empty security policy and install and
run your component. As failures occur, you should see error messages
in your program output. Of course, if your program "swallows"
exceptions, this makes things a little more difficult to debug.
(Don't worry, there is a way to find the problems, see the debugging
section below). As you discover failures, continue adding permissions
to your component's security policy until everything works.
To create the security policy file, you can edit by hand, or
use a tool such as sun's policytool, which comes with the JDK.
See
Sun's guide to creating policies.
Openwings uses the standard Java policy file syntax, and the
Installer variable notation is additionally supported. This notation
is useful in identifying grant clauses and file permissions, since
these actual locations are not known until runtime. For example,
here is the security policy for the Image_im demo component:
grant codebase "${Image_im.property.net.openwings.install.libDir}/*"
// signedBy...
{
// get read permission for local files
permission java.io.FilePermission "${Image_im.property.net.openwings.install.local}/",
"read";
permission java.io.FilePermission "${Image_im.property.net.openwings.install.local}/-",
"read";
};
This grants all files in the lib directory of the Image_im component
read access to the entire contents of the Image_im directory,
including subdirectories. Note that components may only reference
their own properties in their security policies. For example:
Image_im may reference ${Image_im.property…}, but
not ${openwings.property…}.
When your component is installed, the security policy gets resolved
in the same way your ICD is resolved. For example, the policy
above resolves to the following if Openwings was installed on
a Windows system at C:\openwings:
grant codeBase "file:/C:/openwings/Image_im/lib/*"
{
permission java.io.FilePermission "C:\\openwings\\Image_im\\",
"read";
permission java.io.FilePermission "C:\\openwings\\Image_im\\-",
"read";
};
(The double backslashes are an artifact of how policy files are
read in on Windows systems. The Openwings installer handles this
automatically.)
The best way to familiarize yourself with how security policies
work in Openwings is to install the Openwings demo components.
Examine the unresolved policies under the component policy directories,
then look at the resulting resolved security policies under $OW_HOME/openwings-${VERSION}/data.
There are also several components built into the Openwings core
that are interesting to investigate, such as the Installer, LogAccess,
etc.
Next: Rebuild
and reinstall your component
