Summary (Java Security)

6.5. Summary

Implementing a security manager is a key step in defining a security policy for your own Java applications; the examples presented in this chapter should help you do that effectively. In Java 1.2, you can specify much of the security policy via an external policy file, although there are still instances where you need to write your own security manager in order to achieve specific (but common) policies. In Java 1.1 and previous releases, you need to write your own security manager that implements the security policy you feel is appropriate. Otherwise, your Java application will have no security policy at all.

If you don't feel comfortable running a third-party Java application without a security manager in place, the examples we've provided in this chapter are also key--they provide the cornerstone of the security features that are built into the JavaRunner program.

On the other hand, if you have a secured network and want to expand the parameters of the Java sandbox without resorting to the use and configuration of signed classes (the topic we'll explore for most of the rest of this book), writing your own security manager is also the way to go. For browsers that support it, you can then substitute the new security manager into them, or you can again use the JavaRunner program or Java's Launcher to run the program.

No matter what path you take, the security manager is the most important aspect of the Java sandbox. The methods of the security manager should help you be able to make the appropriate decisions when you implement your own security policies.