The sample JAAS program (pasted below) failed with:

Exception in thread "main" java.security.AccessControlException: access denied ("java.io.FilePermission" "/Users/dev/Depot/ctrip/offline/jaas/jaas_sample/app_root/data" "read")

And the code is:


public class Main {
public static void main(String[] argv) {
// Build the sample subject
Subject subject = new Subject();
UserPrincipal principal = new UserPrincipal("everyone");
subject.getPrincipals().add(principal);

File folder = new File("/Users/dev/Depot/ctrip/offline/jaas/jaas_sample/app_root/data");
Subject.doAs(subject,
(java.security.PrivilegedAction<Void>) () -> {
// access the security sensitive resource
if (folder.isDirectory()) {
}
return null;
});
}
}
The authorization policy file looks like:

grant Principal com.sun.security.auth.UserPrincipal "everyone"
{
permission java.io.FilePermission "/Users/dev/Depot/ctrip/offline/jaas/jaas_sample/app_root/data", "read, write";
permission java.io.FilePermission "/Users/dev/Depot/ctrip/offline/jaas/jaas_sample/app_root/data/log.txt", "write";
permission java.io.FilePermission "/Users/dev/Depot/ctrip/offline/jaas/jaas_sample/app_root/data/sample_material.txt", "read";
};

grant
{
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "createClassLoader";

permission java.util.PropertyPermission "java.security.auth.login.config", "write";

permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.AuthPermission "getPolicy";
};

```
Question: what is the correct way to grant the "file read" permission to the principal?