Java Tutorial/Security/Permission

Материал из Java эксперт
Перейти к: навигация, поиск

boolean Permission.implies(Permission permission)

   <source lang="java">

import java.io.Serializable; import java.security.BasicPermission; import java.security.Permission; class IDPermission extends BasicPermission implements Serializable {

 String id = null;
 public IDPermission(String id) {
   super(id);
   this.id = id;
 }
 public boolean implies(Permission permission) {
   IDPermission bp = (IDPermission) permission;
   return id.equals(bp.id); 
 }
 public String getActions() {
   return "";
 }
 public int hashCode() {
   return id.hashCode();
 }
 public boolean equals(Object obj) {
   if (!(obj instanceof IDPermission)) {
     return false;
   }
   IDPermission bp = (IDPermission) obj;
   return id.equals(bp.id);
 }

} public class Main {

 public static void main(String[] argv) throws Exception {
   Permission p1 = new IDPermission("1");
   Permission p2 = new IDPermission("2");
   boolean b = p1.implies(p2); 
   p2 = new IDPermission("3");
   b = p1.implies(p2); 
   p2 = new IDPermission("4");
   b = p1.implies(p2); 
   p2 = new IDPermission("5");
   b = p1.implies(p2);
   p2 = new IDPermission("6");
   b = p1.implies(p2); 
 }

}</source>





Checking Read/Write Permission for a Directory

   <source lang="java">

import java.io.FilePermission; import java.security.AccessController; public class Main {

 public static void main(String[] argv) throws Exception {
   AccessController.checkPermission(new FilePermission("/tmp/*", "read,write"));
 }

}</source>





Controlling Access to an Object using a permission

   <source lang="java">

import java.security.AccessControlException; import java.security.Guard; import java.security.GuardedObject; import java.util.PropertyPermission; public class Main {

 public static void main(String[] argv) throws Exception {
   String secretObj = "secret";
   Guard guard = new PropertyPermission("java.home", "read");
   GuardedObject gobj = new GuardedObject(secretObj, guard);
   try {
     Object o = gobj.getObject();
   } catch (AccessControlException e) {
     e.printStackTrace();
   }
 }

}</source>





Creating Your Own Permissions

   <source lang="java">

import java.security.BasicPermission; class SecretWordPermission extends BasicPermission {

 public SecretWordPermission(String name) {
   super(name);
 }
 public SecretWordPermission(String name, String action) {
   super(name);
 }

} class SecretWord {

 public SecretWord() {
   super();
 }
 public String getWord() {
   SecurityManager security = System.getSecurityManager();
   if (security != null) {
     security.checkPermission(new SecretWordPermission("AccessPermission"));
   }
   return "Secret";
 }

} public class MainClass {

 public static void main(String[] args) {
   SecretWord secret = new SecretWord();
   String theSecretWord = secret.getWord();
   System.out.println("The secret word is: " + theSecretWord);
 }

}</source>





Determining If One Permission Implies Another

   <source lang="java">

import java.io.FilePermission; import java.security.Permission; public class Main {

 public static void main(String[] argv) throws Exception {
   Permission perm1 = new FilePermission("/tmp/*", "read,write");
   Permission perm2 = new FilePermission("/tmp/abc", "read");
   if (perm1.implies(perm2)) {
     System.out.println("perm1 implies perm2"); 
   }
 }

}</source>





extends BasicPermission

   <source lang="java">

import java.io.Serializable; import java.security.BasicPermission; import java.security.Permission; class IDPermission extends BasicPermission implements Serializable {

 String id = null;
 public IDPermission(String id) {
   super(id);
   this.id = id;
 }
 public boolean implies(Permission permission) {
   IDPermission bp = (IDPermission) permission;
   return id.equals(bp.id); 
 }
 public String getActions() {
   return "";
 }
 public int hashCode() {
   return id.hashCode();
 }
 public boolean equals(Object obj) {
   if (!(obj instanceof IDPermission)) {
     return false;
   }
   IDPermission bp = (IDPermission) obj;
   return id.equals(bp.id);
 }

} public class Main {

 public static void main(String[] argv) throws Exception {
   Permission p1 = new IDPermission("1");
   Permission p2 = new IDPermission("2");
   boolean b = p1.implies(p2); 
   p2 = new IDPermission("3");
   b = p1.implies(p2); 
   p2 = new IDPermission("4");
   b = p1.implies(p2); 
   p2 = new IDPermission("5");
   b = p1.implies(p2);
   p2 = new IDPermission("6");
   b = p1.implies(p2); 
 }

}</source>





grant ability to create and write c:\temp\myfile

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.io.FilePermission "c:\\temp\\myfile", "write";
   };</source>
   
  
 
  



grant ability to delete any file or directory in c:\temp\mydir

   <source lang="java">

grant codeBase "http://127.0.0.1/*" {

       permission java.io.FilePermission "c:\\temp\\mydir\*", "delete";
   };</source>
   
  
 
  



grant ability to execute (see Runtime.exec()) the file c:\java.exe

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.io.FilePermission "c:\\java.exe", "execute";
   };</source>
   
  
 
  



grant ability to list files in the user"s home directory

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.io.FilePermission "${user.home}", "read";
   };</source>
   
  
 
  



grant ability to read all properties that start with "myprops."

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.util.PropertyPermission "myprops.*", "read";
   };</source>
   
  
 
  



grant ability to read all system properties

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.util.PropertyPermission "*", "read";
   };</source>
   
  
 
  



grant ability to read and write all system properties

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.util.PropertyPermission "*", "read,write";
   };</source>
   
  
 
  



grant ability to read and write any file in current directory

   <source lang="java">

// Note: this is equivalent to ${user.dir}/*

   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "*", "read,write";
   };</source>
   
  
 
  



grant ability to read and write the "myprop" system properties

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.util.PropertyPermission "myprop", "read,write";
   };</source>
   
  
 
  



grant ability to read any file

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.io.FilePermission "<<ALL FILES>>", "read";
   };</source>
   
  
 
  



grant ability to read any file or directory under c:\temp

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.io.FilePermission "c:\\temp\\-", "read";
   };</source>
   
  
 
  



grant ability to read any file under current directory

   <source lang="java">

// Note: this is equivalent to ${user.dir}/-

   grant codeBase "http://127.0.0.1/-" {
       permission java.io.FilePermission "-", "read";
   };</source>
   
  
 
  



grant ability to write all system properties

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.util.PropertyPermission "*", "write";
   };</source>
   
  
 
  



grant ability to write the "myprop" system properties

   <source lang="java">

grant codeBase "http://127.0.0.1/-" {

       permission java.util.PropertyPermission "myprop", "write";
   };</source>
   
  
 
  



Listing All Permissions Granted to a Loaded Class

   <source lang="java">

import java.security.Permission; import java.security.PermissionCollection; import java.security.Policy; import java.security.ProtectionDomain; import java.util.Enumeration; public class Main {

 public static void main(String[] argv) throws Exception {
   ProtectionDomain domain = String.class.getProtectionDomain();
   PermissionCollection pcoll = Policy.getPolicy().getPermissions(domain);
   Enumeration e = pcoll.elements();
   for (; e.hasMoreElements();) {
     Permission p = (Permission) e.nextElement();
   }
 }

}</source>