How do I know which granted permission is not needed?
Seán Coffey
sean.coffey at oracle.com
Wed Jun 21 14:34:45 UTC 2017
you're mostly likely aware of this debug option but the
java.security.debug option allows 'access' which should give you alot
more information about each permission check that's been made. Maybe
it's a case of scanning the output for permissions not checked and
seeing if they're really necessary in your policy file.
https://docs.oracle.com/javase/8/docs/technotes/guides/security/troubleshooting-security.html
Regards,
Sean.
On 21/06/17 12:53, Sean Mullan wrote:
> On 6/21/17 3:05 AM, Weijun Wang wrote:
>> Suppose I have a Java program running with a security manager and a
>> policy file. There are quite a lot of permissions granted in the
>> policy file but maybe not all of them are necessary.
>>
>> Is there a way I can find out which one is not needed?
>
> I don't know of any easy way to do that, other than code inspection
> and writing tests that exercise different code paths.
>
> --Sean
>
>>
>> I tried to write my own security manager to remember all permission
>> objects checked and then compare it with the policy file, but if the
>> policy file has permissions granted to different codebases, I cannot
>> tell which one is for which.
>>
>> Thanks
>> Max
More information about the security-dev
mailing list