On 06/21/2017 10:34 PM, Seán Coffey wrote:
you're mostly likely aware of this debug option but the
java.security.debug option allows 'access' which should give you alot
more information about each permission check that's been made. Maybe
it's a case of scanning the output for permissions not checked and
seeing if they're really necessary in your policy file.
This is useful, but I still don't know what code source the permission
is granted to.
For example, suppose I have 2 codebases all granting the same
permission. By reading the -Djava.security.debug=access output I cannot
find out if one is actually not needed.
Daniel suggests I can write my own Policy implementation.
https://docs.oracle.com/javase/8/docs/technotes/guides/security/troubleshooting-security.html
Regards,
Sean.
On 21/06/17 12:53, Sean Mullan wrote:
On 6/21/17 3:05 AM, Weijun Wang wrote:
Suppose I have a Java program running with a security manager and a
policy file. There are quite a lot of permissions granted in the
policy file but maybe not all of them are necessary.
Is there a way I can find out which one is not needed?
I don't know of any easy way to do that, other than code inspection
and writing tests that exercise different code paths.
I didn't meant to achieve that goal. I only want to know what granted
permissions are not checked in one execution.
Thanks
Max
--Sean
I tried to write my own security manager to remember all permission
objects checked and then compare it with the policy file, but if the
policy file has permissions granted to different codebases, I cannot
tell which one is for which.
Thanks
Max
