import java.lang.*; import java.net.*; import java.io.*; /** Class java.lang.SecurityManager The SecurityManager class contains many methods with names that begin with the word check. These methods are called by various methods in the Java libraries before those methods perform certain potentially sensitive operations. The invocation of such a check method typically looks like this: SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkXXX(argument, . . . ); } The security manager is thereby given an opportunity to prevent completion of the operation by throwing an exception. A security manager routine simply returns if the operation is permitted, but throws a SecurityException if the operation is not permitted. The only exception to this convention is checkTopLevelWindow, which returns a boolean value. The current security manager is set by the setSecurityManager method in class System. The current security manager is obtained by the getSecurityManager method. The default implementation of each of the checkXXX methods is to assume that the caller does not have permission to perform the requested operation. */ public class SurfSecurity extends SecurityManager { String BaseDir; // The host name of the first applet executed public SurfSecurity(String SecurityDir) { super(); BaseDir = SecurityDir; System.out.println("SecurityManager created for " + BaseDir); } public void checkAccept(String s, int i) {} public void checkAccess(Thread t) {} public void checkAccess(ThreadGroup t) {} public void checkAwtEventQueueAccess() {} public void checkConnect(String s, int i) {} public void checkConnect(String s, int i, Object o) {} public void checkCreateClassLoader() {} public void checkDelete(String s) { System.out.println("Security Violation - Applet tried to delete a file"); throw new SecurityException(); } public void checkExec(String s) { System.out.println("Security Violation - Applet tried to execute native code"); throw new SecurityException(); } public void checkExit(int i) {} public void checkLink(String s) {} public void checkListen(int i) {} public void checkMemberAccess(Class c, int i) {} public void checkMulticast(InetAddress i) {} public void checkMulticast(InetAddress i, byte b) {} public void checkPackageAccess(String s) {} public void checkPackageDefinition(String s) {} public void checkPrintJobAccess() {} public void checkPropertiesAccess() {} public void checkPropertyAccess(String s) {} public void checkRead(FileDescriptor f) {} public void checkRead(String s) { if ( (s.indexOf(":/SurfSnatcher/" + BaseDir + "/") >= 0 ) | (s.indexOf(":\\SurfSnatcher\\" + BaseDir + "\\") >= 0) | (s.indexOf(":/SurfSnatcher/lib/") >= 0) // for JRE users | (s.indexOf(":\\SurfSnatcher\\lib\\") >= 0) // for JRE users | ( (s.indexOf(":/SurfSnatcher/") >= 0) & (s.endsWith(".ss")) ) | ( (s.indexOf(":\\SurfSnatcher\\") >= 0) & (s.endsWith(".ss")) ) | (s.endsWith("/lib/content-types.properties")) | (s.endsWith("\\lib\\content-types.properties")) ) { // these are all OK, anything else is in violation } else { System.out.println("Security Violation - Applet tried to read a file"); throw new SecurityException(); } } public void checkRead(String s, Object o) {} public void checkSecurityAccess(String s) {} public void checkSetFactory() {} public void checkSystemClipboardAccess() { System.out.println("Security Violation - Applet tried to access Clipboard"); throw new SecurityException(); } public boolean checkTopLevelWindow(Object o) { return true; } public void checkWrite(FileDescriptor f) {} public void checkWrite(String s) { if ( (s.indexOf(":/SurfSnatcher/" + BaseDir + "/") >= 0 ) | (s.indexOf(":\\SurfSnatcher\\" + BaseDir + "\\") >= 0) | ( (s.indexOf(":/SurfSnatcher/") >= 0) & (s.endsWith(".ss")) ) | ( (s.indexOf(":\\SurfSnatcher\\") >= 0) & (s.endsWith(".ss")) ) ) { // these are all OK, anything else is in violation } else { System.out.println("Security Violation - Applet tried to write a file"); throw new SecurityException(); } } }