An HTTP Server that uses Access Control
A Simple Network Application in Java |
Prof. David Bernstein |
Computer Science Department |
bernstdh@jmu.edu |
..
)SecurityManager
/** * The entry point of the application * * @param args The command line arguments */ public static void main(String[] args) { BufferedReader in; HttpServer server; Handler logHandler; // Set the additional security policy to use // // Alternatively, the policy can be set at runtime using: // // java -Djava.security.manager // -Djava.security.policy=http.policy HttpServer // // (I think == will override the default policies rather // than add to them) System.setProperty("java.security.policy", "http.policy"); // Construct a SecurityManager and instruct Java to use it // (which will cause the policy file to be read) System.setSecurityManager(new SecurityManager()); // Setup the logging system logger = Logger.getLogger("edu.jmu.cs"); try { logHandler = new FileHandler("log.txt"); logHandler.setFormatter(new SimpleFormatter()); logger.addHandler(logHandler); logger.setLevel(Level.parse(args[0])); logger.setUseParentHandlers(false); } catch (Exception e) { // The FileHandler couldn't be constructed or the Level was bad // so use the default ConsoleHandler (at the default Level.INFO) logger.setUseParentHandlers(true); } server = null; try { in = new BufferedReader(new InputStreamReader(System.in)); // Construct and start the server server = new HttpServer(); server.start(); System.out.println("Press [Enter] to stop the server..."); // Block until the user presses [Enter] in.readLine(); } catch (IOException ioe) { System.out.println(" Stopping because of an IOException"); } // Stop the server if (server != null) server.stop(); }
SecurityManager
/** * Handle the GET request * * @param request Contents of the request * @param response Used to generate the response */ private void doGet(HttpRequest request, HttpResponse response) { byte[] content; FileInputStream fis; int length; SecurityManager security; String uri; uri = "../public_html"+request.getRequestURI(); // Get the SecurityManager security = System.getSecurityManager(); try { // Check for read permission before doing anything if (security != null) security.checkRead(uri); // Create a stream for the file // and determine its length fis = new FileInputStream(uri); length = fis.available(); response.setStatus(HttpResponse.SC_OK); // Set the content type response.setContentType(mimeTyper.getContentTypeFor(uri)); // Read the file content = new byte[length]; fis.read(content); // Set the payload response.setContent(content); //Write the response response.write(out); // Close the file fis.close(); } catch (SecurityException se) { response.sendError(HttpResponse.SC_FORBIDDEN, out); } catch (IOException ioe) { response.sendError(HttpResponse.SC_NOT_FOUND, out); } }