Java Tutorial/Security/Permission File
Содержание
- 1 allows anyone to listen on un-privileged ports
- 2 Configurable Access Control
- 3 Grant entry example
- 4 Grant runtime permission stop thread
- 5 jdk policy file entries
- 6 "standard" properies that can be read by anyone
- 7 Use grant command to set read permission
- 8 Use grant to set file permission
- 9 Use grant to set file permission based on user.home and file.separator
- 10 Use grant to set Property permission
- 11 Use grant to set Socket permission
- 12 Use grant to set the Runtime permission
allows anyone to listen on un-privileged ports
grant{
permission java.net.SocketPermission "localhost:1024-", "listen";
};
Configurable Access Control
import java.io.FileInputStream;
public class MainClass {
public static void main(String[] args) throws Exception {
String operatingSystem = (String) System.getProperty("os.name");
String javaVersion = (String) System.getProperty("java.version");
String javaDirectory = (String) System.getProperty("java.home");
String userHomeDir = (String) System.getProperty("user.home");
String myFile = (String) System.getProperty("myFile");
FileInputStream fin = new FileInputStream(myFile);
}
}
Grant entry example
grant{ permission java.io.FilePermission "
D:\\jdk1.4\\jre\\lib\\security\\java.policy" "read";
}
Grant runtime permission stop thread
grant {
permission java.lang.RuntimePermission "stopThread";
};
jdk policy file entries
// Standard extensions get all permissions by default
grant codeBase "file:${java.home}/lib/ext/*" {
permission java.security.AllPermission;
};
"standard" properies that can be read by anyone
grant{
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};
Use grant command to set read permission
grant{
permission java.util.PropertyPermission "java.home" , "read";
permission java.util.PropertyPermission "user.home" , "read";
permission java.util.PropertyPermission "myFile", "read";
permission java.io.FilePermission "${myFile}", "read";
};
Use grant to set file permission
grant
{
permission java.io.FilePermission "C:\\temp\\sampleFile.txt", "read";
permission java.io.FilePermission "C:\\temp", "read";
permission java.io.FilePermission "C:\\temp\\*", "read";
permission java.io.FilePermission "<<ALL_FILES>>", "read";
permission java.io.FilePermission "C:\\temp\\test.exe ",
"read, write, delete, execute";
};
Use grant to set file permission based on user.home and file.separator
grant
{
permission java.io.FilePermission "${user.home}${file.separator}* ",
"read";
}
Use grant to set Property permission
grant CodeBase http://www.y.ru/-"
{
permission java.util.PropertyPermission "java.*", "read, write";
};
Use grant to set Socket permission
grant CodeBase http://www.y.ru/-"
{
permission java.net.SocketPermission "www.y.ru", "accept";
};
Use grant to set the Runtime permission
grant CodeBase http://www.y.ru/-"
{
permission java.lang.RuntimePermission "setSecurityManager";
};
