The Default Security Manager

By default, no security manager is installed when you launch a Java application locally. You can turn on security using an option of the java interpreter to install a default security manager. The default security policy enforces many of the same rules as for applets. To see how this works, let’s write a little program that does something questionable: it makes a network connection to some computer on the Internet. (We cover the specifics of network programming later on.)

 import java.net.*;  
 public class EvilEmpire {  
 public static void main(String[] args) throws Exception{  
 try {  
 Socket s = new Socket("207.46.131.13", 80);  
 System.out.println("Connected!");  
 }  
 catch (SecurityException e) {  
 System.out.println("SecurityException: could not connect.");  
 }  
 }  
 }  

If you run this program with the Java interpreter, it makes the network connection:

 C:\> java EvilEmpire  
 Connected!  

But because this program is “evil,” let’s install the default security manager, like this:

 C:\> java -Djava.security.manager EvilEmpire  
 SecurityException: could not connect.  

That’s better, but suppose that the application actually has a legitimate reason to make its network connection. We’d like to leave the default security manager in place, just to be safe, but we’d like to grant this application permission to make a network connection.