Further Java Practical Class
Table of Contents
In order to gain a star in the mark sheet you must complete this exercise. Completing the exercise does not gain you any credit in the examination. In this exercise you will implement a custom security manager for a new chat client called SafeChatClient
. Your new version of the chat client should allow only the following network and file system actions for any code your program downloads:
Connect to www.cam.ac.uk
on port 80 (i.e. web traffic).
Read (but not modify) the home directory of the user running the chat client.
Start the exercise on Chime here https://www.cl.cam.ac.uk/teaching/current/FJava/ticklet2star then clone the ticklet2star repository to your local machine. Then copy your implementation of ChatClient
from Ticklet 2 into the class called SafeChatClient
inside the package uk.ac.cam.your-crsid.fjava.tick2star
. Take a copy of the source code for uk.ac.cam.cl.fjava.messages.DynamicObjectInputStream
and use it as a starting point for SafeObjectInputStream
in your Ticklet 2* package. Your task for this Ticklet is to modify the code for SafeChatClient
and SafeObjectInputStream
so that any code downloaded and invoked by the client can only perform the file system and network actions as described as above.
Replace the use of DynamicObjectInputStream
with SafeObjectInputStream
inside SafeChatClient
and check your code works in an identical way to ChatClient
by connecting to java-1b.cl.cam.ac.uk
on port 15004. The class which is downloaded from the server will print DONE
if it has worked successfully.
By default, the JVM runs without an instance of the SecurityManager
object. You'll need one in order to be able to define security policies for the class loader. Therefore your first task is to create an instance of SecurityManager
and add it to the virtual machine (hint: try System.setSecurityManager
). Your chat client should not work with the default SecurityManager
, since the default policy does not permit class loaders.
You should use the following String
, representing a URL, as the source of the security policy: "http://www.cl.cam.ac.uk/teaching/current/FJava/all.policy"
(hint: try System.setProperty("java.security.policy", ...)
). Your implementation of SafeChatClient
should now run as before (i.e. with the security flaws). Why?
Rewrite the addClass
method in SafeObjectInputStream
to use java.security.SecureClassLoader
instead of java.lang.ClassLoader
. The class SecureClassLoader
provides a definition of the method defineClass
which takes a fifth argument of type java.security.ProtectionDomain
. (You will need to create an instance of ProtectionDomain
which supports only the permissions the downloaded class should be given. Apple users may find that additional permissions are needed and should investigate the need for read and write permissions within apple.*
as well as java.version
)
The home directory of the current user can be found using the following expression System.getProperty("user.home")
.
Test your implementation of SafeChatClient
by connecting to java-1b.cl.cam.ac.uk
on port 15004. The new class file should load and execute and the "wholesome content" should download, but the "dubious content" should fail to download. Similarly, any modifications to the filesystem should fail.
When you are satisfied you have completed everything, you should commit all outstanding changes and push these to the Chime server. On the Chime server, check that the latest version of your files are in the repository, and once you are happy schedule your code for testing. You can resubmit as many times as you like and there is no penalty for re-submission. If, after waiting one hour, you have not received a final response you should notify ticks1b-admin@cl.cam.ac.uk
of the problem. You should submit a version of your code which successfully passes the automated checks by the deadline, so don't leave it to the last minute!