Hi All,

I have wrote a java program, that displays all the drives available in the system. I used File.listRoots()

However, this method doesn't perform any security operations(such as read and write access) and displays all the drives in the system.

I want the program to display the only drives to which that particular user has access. For eg, if, among C,D,E,F , if user has access to D and F drives, I want to display only those drives.

I have written the following code, but every drive is throwing the securityException.

SecurityManager sm = new SecurityManager();
    FilePermission fp;
    //Object sc= getSecurityContext();
    for(int i = 0; i < roots.length && sm!= null; i++) {
  	  try
	  {
  		//sm.checkRead(roots[i].toString());
  		fp = new FilePermission(roots[i].toString(),"write");
  		sm.checkPermission(fp);
  		roots1[i] = new FileSystemRoot(roots[i]);
		  
	  }
	  catch(SecurityException se)
	  {
		  
	  }
	  catch(Exception e)
	  {
		  
	  }

Am I Missing any thing here? Any suggestions are appreciated.

Cheers,
Vikram

So loop through the list and perform a file.canRead() on it before displaying it.

> Am I Missing any thing here? Any suggestions are appreciated.

The fix suggested by Masijade should work out for you; but just for the record, the way you are using SecurityManager in your code doesn't seem to be right.

The security manager needs to be aware of the environment / context to which it needs to apply security checks. By calling the SecurityManager constructor, you just create a new SecurityManager instance, not a security manager which is context aware. Use the System.getSecurityManager() to grab an instance of environment aware SecurityManager.

// unstested
import java.io.File;

public class SecurityTest {

  public static void main(final String args[]) {
    doSecurityTest();
  }

  private static void doSecurityTest() {
    SecurityManager sm = System.getSecurityManager();
    File roots[] = File.listRoots();
    for(int i = roots.length - 1; i >= 0; --i) {
      String root = roots[i].toString();
      try {
        sm.checkRead(root);
        System.out.println("I have read access to " + root);
      } catch(SecurityException se) {
        System.out.println("I don't have read access to " + root);
      }      
    }
  }

}

Thanks a lot for your replies.

I have tried out the suggestions. However, every

sm.checkRead(root);

is throwing Exception (not SecurityException). Hence, something is going wrong with the code.

Here is my code

package personal.vikram;

import java.io.File;
public class FileTesting {

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		// TODO Auto-generated method stub
		
		doSecurityTest();

	}
	
	public static void doSecurityTest()
	{
		SecurityManager sm = System.getSecurityManager();
		File roots[] = File.listRoots();
		
		for(int i=0;i<roots.length;i++)
		{
			String fl = roots[i].toString();
			try
			{
				sm.checkRead(fl);	
			}
			catch(SecurityException se)
			{
				System.out.print("User doesnot have access to "+fl);
			}
			catch(Exception e)
			{
				System.out.print("\n Exception on reading :" + fl);
			}
			
			
		}
		
	}

}

Please note: Documentation of JDK says that,

SecurityManager.checkRead(FilePath);

But I am trying to check access to root drives. Is it ok to use this method for my purpose?

Thanks

> is throwing Exception (not SecurityException). Hence, something is going wrong with the
> code.

Then you need to let us know which exception is that along with the *complete* stack trace as it is since it is kind of difficult to reproduce the exact environment/settings you have at your place.

System.getSecurityManager();

is returning null, Hence the exception in null pointer exception!

I am not sure, why the method is returning null! Any idea?

Cheers,
Vikram

> I am not sure, why the method is returning null! Any idea?

Strange. AFAIK, System.getSecurityManager returns null when there is no SecurityManager for that given application i.e. no security context exists.

BTW, which version of Java are you using? Which OS? Does it have multiple user accounts? When booting up your OS are you asked to authenticate yourself?

Hi All,

I am writing a java application which displays all the drives to which the user has access to. For eg, If there are four drives in a system, say,

C,D,E,F and user has access to C,D but not E,F (i.e if user clicks on either E or F, it displays an error window, "E:\ is not accessible, Access Denied")

Here is my program :

package personal.vikram;

import java.io.*;
import java.security.*;

public class File1 {

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		// TODO Auto-generated method stub
		
		AccessableDrives();
	}
	
	public static void AccessableDrives()
	{
		File[] roots = File.listRoots();
		FilePermission fp = null;
		SecurityManager sm = null;
		
		
		if(System.getSecurityManager() == null)
		{
			System.setSecurityManager(new SecurityManager());
			sm = System.getSecurityManager();
		}
		
		for(int i=0;i<roots.length;i++)
		{
			String fl = new String(roots[i].toString());
			//fl = fl+"\\";					//this line is not making any difference (when removed comment line)
			fp = new FilePermission(fl,"read");
			try
			{
				sm.checkPermission(fp);   // either this line or the next line will be commented at once.
				sm.checkRead(fl);
				System.out.println("User has access to root : "+roots[i].toString());
			}
			catch(SecurityException se)
			{
				System.out.println("User has no access to drive "+roots[i].toString()+" " + se.toString());
			}
			
			catch(Exception e)
			{
				System.out.println("Exception Thrown : " + e.toString());
			}
			
		}

	}
}

Here is how the program execution goes on

-> every time, System.getSecurityManager() returns null and control enters the if block.

->when control executes the line "System.setSecurityManager(new SecurityManager());" , the value of roots variable is changing to
"Detail formatter error:
An exception occurred: java.security.AccessControlException"

This is observed when I executed the program in debug mode of eclipse.

->either of the line sm.checkPermission(fp); or sm.checkRead(fl); is throwing the following exception(as per my code), even though user has access to C:\
User has no access to drive C:\ java.security.AccessControlException: Access denied (java.io.FilePermission C:\ read)

------_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&_&------

I have changed the policy file, which is in the path, <java.home>\lib\security\java.policy. I have added the following lines in grant { };

permission java.io.FilePermission "C:\\", "read";
permission java.io.FilePermission "D:\\", "read";

I am not sure, whether this change is in effect.


My questions are:

1) why System.getSecurityManager() is returning null by default? Even if it does so, is it a right way to assing a new SecurityManager object and proceed further?

2)Why all the drives are throwing securityException, eventhough, user has access to it?

3)My main concern is, when control executes, System.setSecurityManager(new SecurityManager()); , why the value of roots variable is shown as Detail formatter error?
why is this strange behaviour?

4) Are Changes done to java.policy valid? how to make sure that the changes done are in affect?

Am very much new to Security Concepts in java. Please help!

Thank you very much,

Vikram


OS: Windows 2003 Server
JDK : 1.5
I have to give uid and pwd to logon to system

You should have posted the entire scenario in the first post instead of posting in parts. You must have messed up with the java.policy because of which you are getting a null SecurityManager from the System. Either restore the file from a backup or re-install the JDK to fix this problem.

If you want to create your own security policy, either override the SecurityManager class to roll in your own implementation or create your own customized java.policy file for your application. Google for these topics and look at the FAQ topic at the top of this forum.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.