- 浏览: 96545 次
- 性别:
- 来自: 上海
文章分类
- 全部博客 (61)
- Hibernate (5)
- WebService (6)
- Python (13)
- ExtJs (0)
- Java (20)
- SMB (1)
- Game (1)
- Java Advanced Image (1)
- CMD (4)
- Oracle (2)
- Windows (2)
- Linux (1)
- Forums (1)
- Struts (2)
- Internationalization (1)
- NTLM (1)
- HttpClient (1)
- Http (1)
- Form (1)
- Tomcat (2)
- Log4j (1)
- Eclipse (1)
- ant (1)
- soap (0)
- SSL (2)
- security (2)
- permission (1)
- 面试 (0)
- authentication (1)
- Spring (0)
- ioc (0)
- javascript (1)
- license (0)
- web (0)
- Maven (0)
- website (0)
- tool (0)
- git (1)
- Thread (2)
- 软件工程 (0)
- mongodb (1)
最新评论
-
howgoo:
OpenSystemArchitect 中文乱码。
免费的数据库建模工具 -
tojaoomy:
如果需要输出时不换行,在最后加上逗号即可。比如print 'H ...
Python静态属性,静态方法 -
tojaoomy:
http://www.oracle.com/technetwo ...
丢失更新 -
tojaoomy:
teasp 写道tojaoomy 写道teasp 写道toja ...
synchronized (this) 柳暗花明又一村 -
teasp:
tojaoomy 写道teasp 写道tojaoomy 写道t ...
synchronized (this) 柳暗花明又一村
Once a class has been loaded into the virtual machine and checked by the verifier, the second security mechanism of the Java platform springs into action: the security manager. The security manager is a class that controls whether a specific operation is permitted. Operations checked by the security manager include the following:
-
Creating a new class loader
-
Exiting the virtual machine
-
Accessing a file
-
Opening a socket connection
-
Starting a print job
-
Accessing the system clipboard
-
Bringing up a top-level window
There are many other checks such as these throughout the Java library.
The default behavior when running Java applications is that no security manager is installed, so all these operations are permitted. The applet viewer, on the other hand, enforces a security policy that is quite restrictive.
For example, applets are not allowed to exit the virtual machine. If they try calling the exit method, then a security exception is thrown. Here is what happens in detail. The exit method of the Runtime class calls the checkExit method of the security manager. Here is the entire code of the exit method:
public void exit(int status) { SecurityManager security = System.getSecurityManager(); if (security != null) security.checkExit(status); exitInternal(status); }
The security manager now checks if the exit request came from the browser or an individual applet. If the security manager agrees with the exit request, then the checkExit method simply returns and normal processing continues. However, if the security manager doesn't want to grant the request, the checkExit method throws a SecurityException.
The exit method continues only if no exception occurred. It then calls the private native exitInternal method that actually terminates the virtual machine. There is no other way of terminating the virtual machine, and because the exitInternal method is private, it cannot be called from any other class. Thus, any code that attempts to exit the virtual machine must go through the exit method and thus through the checkExit security check without triggering a security exception.
Clearly, the integrity of the security policy depends on careful coding. The providers of system services in the standard library must always consult the security manager before attempting any sensitive operation.
The security manager of the Java platform allows both programmers and system administrators fine-grained control over individual security permissions. We describe these features in the following section. First, we summarize the Java 2 platform security model. We then show how you can control permissions with policy files. Finally, we explain how you can define your own permission types.
JDK 1.0 had a very simple security model: Local classes had full permissions, and remote classes were confined to the sandbox. Just like a child that can only play in a sandbox, remote code was only allowed to paint on the screen and interact with the user. The applet security manager denied all access to local resources. JDK 1.1 implemented a slight modification: Remote code that was signed by a trusted entity was granted the same permissions as local classes. However, both versions of the JDK provided an all-or-nothing approach. Programs either had full access or they had to play in the sandbox.
A code source is specified by a code base and a set of certificates. The code base specifies the origin of the code. For example, the code base of remote applet code is the HTTP URL from which the applet is loaded. The code base of code in a JAR file is a file URL. A certificate, if present, is an assurance by some party that the code has not been tampered with. We cover certificates later in this chapter.
A permission is any property that is checked by a security manager. The Java platform supports a number of permission classes, each of which encapsulates the details of a particular permission. For example, the following instance of the FilePermission class states that it is okay to read and write any file in the /tmp directory.
FilePermission p = new FilePermission("/tmp/*", "read,write");
More important, the default implementation of the Policy class reads permissions from a permission file. Inside a permission file, the same read permission is expressed as
permission java.io.FilePermission "/tmp/*", "read,write";
In the preceding section, you saw that the SecurityManager class has security check methods such as checkExit. These methods exist only for the convenience of the programmer and for backward compatibility. They all map into standard permission checks. For example, here is the source code for the checkExit method:
public void checkExit() { checkPermission(new RuntimePermission("exitVM")); }
====================================================================
The policy manager reads policy files that contain instructions for mapping code sources to permissions. Here is a typical policy file:
grant codeBase "http://www.horstmann.com/classes" { permission java.io.FilePermission "/tmp/*", "read,write"; };
This file grants permission to read and write files in the /tmp directory to all code that was downloaded from http://www.horstmann.com/classes.
You can install policy files in standard locations. By default, there are two locations:
-
The file java.policy in the Java platform home directory
-
The file .java.policy (notice the period at the beginning of the file name) in the user home directory
During testing, we don't like to constantly modify the standard policy files. Therefore, we prefer to explicitly name the policy file that is required for each application. Place the permissions into a separate file, say, MyApp.policy. To apply the policy, you have two choices. You can set a system property inside your applications' main method:
System.setProperty("java.security.policy", "MyApp.policy");
Alternatively, you can start the virtual machine as
java -Djava.security.policy=MyApp.policy MyApp
For applets, you instead use
appletviewer -J-Djava.security.policy=MyApplet.policy MyApplet.html
(You can use the -J option of the appletviewer to pass any command-line argument to the virtual machine.)
In these examples, the MyApp.policy file is added to the other policies in effect. If you add a second equal sign, such as
java -Djava.security.policy==MyApp.policy MyApp
then your application uses only the specified policy file, and the standard policy files are ignored.
As you saw previously, Java applications by default do not install a security manager. Therefore, you won't see the effect of policy files until you install one. You can, of course, add a line
System.setSecurityManager(new SecurityManager());
into your main method. Or you can add the command-line option -Djava.security.manager when starting the virtual machine.
java -Djava.security.manager -Djava.security.policy=MyApp.policy MyApp
In the remainder of this section, we show you in detail how to describe permissions in the policy file. We describe the entire policy file format, except for code certificates, which we cover later in this chapter.
A policy file contains a sequence of grant entries. Each entry has the following form:
grant codesource { permission1; permission2; . . . };
The code source contains a code base (which can be omitted if the entry applies to code from all sources) and the names of trusted principals and certificate signers (which can be omitted if signatures are not required for this entry).
The code base is specified as
codeBase "url"
If the URL ends in a /, then it refers to a directory. Otherwise, it is taken to be the name of a JAR file. For example,
grant codeBase "www.horstmann.com/classes/" { . . . }; grant codeBase "www.horstmann.com/classes/MyApp.jar" { . . . };
The code base is a URL and should always contain forward slashes as file separators, even for file URLs in Windows. For example,
grant codeBase "file:C:/myapps/classes/" { . . . };
================================================================
Here is a sample on it:
policy.policy reside in the "user.dir" directory under src like this :
grant { permission java.io.FilePermission "${user.dir}${/}-", "read,delete,execute"; };
SecurityTest.java
package com.tojaoomy.security; import java.io.File; public class SecurityTest { /** * @param args */ public static void main(String[] args) { // TODO Auto-generated method stub //before the securityManger is enabled,this call is possible System.out.println(System.getProperty("user.dir")); System.setProperty("java.security.policy", "src/policy.policy"); System.setSecurityManager(new SecurityManager()); // SecurityManager manager = System.getSecurityManager(); File file = new File("test.test"); // file.delete(); //this call is no more possible ;an AccessControlException is throw //by default,securityManager can't not inspect the java.util.PropertyPermission // so you must customize the policy files System.out.println(System.getProperty("user.dir"));
As mention previously, you should add the contents like this :
permission java.util.PropertyPermission "user.dir", "read";
Then policy.policy complete contents are :
grant { permission java.io.FilePermission "${user.dir}${/}-", "read,delete,execute"; permission java.util.PropertyPermission "user.dir", "read"; };
Obviously,alternative,customize the permissions.
- javaalmanac.rar (627.6 KB)
- 下载次数: 11
发表评论
-
Filter,Servlet,Conponent如何获取ApplicationContext
2014-08-04 18:35 1245Filter 获取Context 在init()方法获取S ... -
synchronized (this) 柳暗花明又一村
2013-05-17 16:23 1548今天写一个测试类,主要是测试wait(long timeo ... -
同一个线程synchronized方法调用synchronized方法
2013-02-21 16:28 973一个线程里面有两个synchronized方法a(),b( ... -
Java开源工具:网站开发工具清单
2012-07-23 14:07 0【IT168 技术】美国程序员Jon Sco ... -
Maven construct Maven Project
2012-07-17 17:36 0<project xmlns="http ... -
开源中最好的Web开发的资源
2012-06-20 09:52 0文章来源:Best “must know” open sour ... -
SimulateSpringIOC
2012-05-20 15:05 0Code View: package jp.co.ri ... -
User Authentication
2012-05-18 14:35 1780The Java Authentication and Aut ... -
Java SSL
2012-05-14 16:40 1124一直调查SSL的问题,毫无进展,头疼,先把手头搞定的资料整理 ... -
[转]Web Services Over SSL - HOW TO
2012-05-07 15:31 927一篇好文章,原文地址:http://www.pankaj- ... -
Java Use the keyword goto
2012-05-07 14:53 0Today,I am unconsciously found ... -
HttpClient Access to HTML Form
2012-03-19 17:27 977Sample Html Form Code: <s:f ... -
Top 10 Java Developer Forums
2012-03-08 15:46 1127Developers get into tricky situ ... -
发几个收藏的Java游戏
2012-02-29 13:47 643JavaMine.jar 扫雷 jdiamonds. ... -
How Java access to shared folder
2012-02-27 20:23 1123import java.io.IOException; im ... -
Axis2 integrate with tomcat occur "unsupport" error
2012-02-27 14:42 1872Creating a Dynamic web project ... -
PD(PowerDesigner) 导出的sql中去掉双引号
2012-02-20 23:21 0http://user.qzone.qq.com/714719 ... -
JAEE5.0工程JSTL不能正常使用解决办法
2012-02-21 18:21 930在Tomcat的安装路径下:apache-tomcat-7.0 ... -
通过六个题目彻底掌握String笔试面试题
2012-02-21 18:22 7371 public static void main( ... -
PowerDesigner(15.1.0.2805)反向工程错误解决汇总
2012-02-20 23:14 1324错误一:Non SQL Error : Could not ...
相关推荐
Security Managers and Permissions 771 User Authentication 790 Digital Signatures 805 Code Signing 822 Encryption 828 Chapter 10: Distributed Objects 841 The Roles of Client and Server 842 ...
•Enforce security via class loaders, bytecode verification, security managers, permissions, user authentication, digital signatures, code signing, and encryption •Master advanced Swing components ...
Security and Permissions Customization Imports Analytics Searches, Reports, and the Dashboard Workflows Integration New Releases Troubleshooting Tips An Ongoing Maintenance Checklist
The system is designed to collect and combine surveillance images from various locations within a community, providing a comprehensive view for property managers and security staff. This not only ...
7. **Security and Access Control**: User roles and permissions are defined, ensuring data security and limiting access to sensitive information. 8. **Integration with Point-of-Sale (POS)**: Seamless ...
Chapter 24 Creating Custom Managers and Querysets Chapter 25 Handling Behavior with Signals Chapter 26 Optimizing Our Site for Speed Chapter 27 Building Custom Template Tags Chapter 28 Adding RSS and ...
It adopts ASP.NET technology, Client/Server (C/S) architecture, and SQL database for development, ensuring the security and stability of data to realize basic operations such as adding, deleting, ...
Model managers and custom SQL 243 Generic views 244 Contributed sub-frameworks 245 Flatpages 245 Sites 246 Markup filters 246 Humanize 247 Sitemaps 247 Cross-Site Request Forgery protection ...
- **Permissions and Ownership**: Detailed explanation of file permissions and ownership, including how to change them using commands like `chmod` and `chown`. #### Part V - Applications **Chapter 13...