http://jexp.ru/index.php?action=history&feed=atom&title=Java%2FSecurity%2FSecurityManager
Java/Security/SecurityManager - История изменений
2026-04-10T12:46:16Z
История изменений этой страницы в вики
MediaWiki 1.30.0
http://jexp.ru/index.php?title=Java/Security/SecurityManager&diff=7611&oldid=prev
Admin: 1 версия
2010-06-01T06:48:43Z
<p>1 версия</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<tr style="vertical-align: top;" lang="ru">
<td colspan="1" style="background-color: white; color:black; text-align: center;">← Предыдущая</td>
<td colspan="1" style="background-color: white; color:black; text-align: center;">Версия 06:48, 1 июня 2010</td>
</tr><tr><td colspan="2" style="text-align: center;" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>
Admin
http://jexp.ru/index.php?title=Java/Security/SecurityManager&diff=7610&oldid=prev
в 18:01, 31 мая 2010
2010-05-31T18:01:45Z
<p></p>
<p><b>Новая страница</b></p><div>== Enabling the Security Manager ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
<br />
public class Main {<br />
public static void main(String[] argv) throws Exception {<br />
System.setProperty("java.version", "data");<br />
try {<br />
SecurityManager sm = new SecurityManager();<br />
System.setSecurityManager(sm);<br />
} catch (SecurityException se) {<br />
se.printStackTrace();<br />
}<br />
// no longer possible; an AccessControlException is thrown<br />
System.setProperty("java.version", "malicious data");<br />
}<br />
}<br />
/*Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.version write)<br />
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)<br />
at java.security.AccessController.checkPermission(AccessController.java:546)<br />
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)<br />
at java.lang.System.setProperty(System.java:727)<br />
at Main.main(Main.java:13)<br />
*/<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== extends SecurityManager ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
import java.io.IOException;<br />
public class MainClass {<br />
public static void main(String args[]) throws IOException {<br />
System.setSecurityManager(new MySecurityManager());<br />
}<br />
}<br />
class MySecurityManager extends SecurityManager {<br />
public void checkRead(String file) {<br />
if (!(file.endsWith(".txt")) && !(file.endsWith(".java")) && !(file.endsWith(".class"))<br />
&& !(file.startsWith("C:\\"))) {<br />
throw new SecurityException("No Read Permission for : " + file);<br />
}<br />
}<br />
}<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Listing All Permissions Granted to Classes Loaded from a URL or Directory ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
import java.io.File;<br />
import java.net.URL;<br />
import java.security.CodeSource;<br />
import java.security.Permission;<br />
import java.security.PermissionCollection;<br />
import java.security.Policy;<br />
import java.security.cert.Certificate;<br />
import java.util.Enumeration;<br />
public class Main {<br />
public static void main(String[] argv) throws Exception {<br />
SecurityManager sm = new SecurityManager();<br />
System.setSecurityManager(sm);<br />
URL codebase = new URL("http://java.sun.ru/");<br />
codebase = new File("c:\\java\\").toURI().toURL();<br />
codebase = new File(System.getProperty("user.home")).toURI().toURL();<br />
CodeSource cs = new CodeSource(codebase, (Certificate[])null);<br />
PermissionCollection pcoll = Policy.getPolicy().getPermissions(cs);<br />
Enumeration e = pcoll.elements();<br />
for (; e.hasMoreElements();) {<br />
Permission p = (Permission) e.nextElement();<br />
}<br />
}<br />
}<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Security Support ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
/*<br />
* Licensed to the Apache Software Foundation (ASF) under one<br />
* or more contributor license agreements. See the NOTICE file<br />
* distributed with this work for additional information<br />
* regarding copyright ownership. The ASF licenses this file<br />
* to you under the Apache License, Version 2.0 (the "License");<br />
* you may not use this file except in compliance with the License.<br />
* You may obtain a copy of the License at<br />
*<br />
* http://www.apache.org/licenses/LICENSE-2.0<br />
*<br />
* Unless required by applicable law or agreed to in writing, software<br />
* distributed under the License is distributed on an "AS IS" BASIS,<br />
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.<br />
* See the License for the specific language governing permissions and<br />
* limitations under the License.<br />
*/<br />
/*<br />
* $Id$<br />
*/<br />
<br />
import java.io.File;<br />
import java.io.FileInputStream;<br />
import java.io.FileNotFoundException;<br />
import java.io.InputStream;<br />
import java.security.AccessController;<br />
import java.security.PrivilegedAction;<br />
import java.security.PrivilegedActionException;<br />
import java.security.PrivilegedExceptionAction;<br />
/**<br />
* This class is duplicated for each Xalan-Java subpackage so keep it in sync.<br />
* It is package private and therefore is not exposed as part of the Xalan-Java<br />
* API.<br />
*<br />
* Base class with security related methods that work on JDK 1.1.<br />
*/<br />
class SecuritySupport {<br />
/*<br />
* Make this of type Object so that the verifier won"t try to<br />
* prove its type, thus possibly trying to load the SecuritySupport12<br />
* class.<br />
*/<br />
private static final Object securitySupport;<br />
static {<br />
SecuritySupport ss = null;<br />
try {<br />
Class c = Class.forName("java.security.AccessController");<br />
// if that worked, we"re on 1.2.<br />
/*<br />
// don"t reference the class explicitly so it doesn"t<br />
// get dragged in accidentally.<br />
c = Class.forName("javax.mail.SecuritySupport12");<br />
Constructor cons = c.getConstructor(new Class[] { });<br />
ss = (SecuritySupport)cons.newInstance(new Object[] { });<br />
*/<br />
/*<br />
* Unfortunately, we can"t load the class using reflection<br />
* because the class is package private. And the class has<br />
* to be package private so the APIs aren"t exposed to other<br />
* code that could use them to circumvent security. Thus,<br />
* we accept the risk that the direct reference might fail<br />
* on some JDK 1.1 JVMs, even though we would never execute<br />
* this code in such a case. Sigh...<br />
*/<br />
ss = new SecuritySupport12();<br />
} catch (Exception ex) {<br />
// ignore it<br />
} finally {<br />
if (ss == null)<br />
ss = new SecuritySupport();<br />
securitySupport = ss;<br />
}<br />
}<br />
/**<br />
* Return an appropriate instance of this class, depending on whether<br />
* we"re on a JDK 1.1 or J2SE 1.2 (or later) system.<br />
*/<br />
static SecuritySupport getInstance() {<br />
return (SecuritySupport)securitySupport;<br />
}<br />
ClassLoader getContextClassLoader() {<br />
return null;<br />
}<br />
ClassLoader getSystemClassLoader() {<br />
return null;<br />
}<br />
ClassLoader getParentClassLoader(ClassLoader cl) {<br />
return null;<br />
}<br />
String getSystemProperty(String propName) {<br />
return System.getProperty(propName);<br />
}<br />
FileInputStream getFileInputStream(File file)<br />
throws FileNotFoundException<br />
{<br />
return new FileInputStream(file);<br />
}<br />
InputStream getResourceAsStream(ClassLoader cl, String name) {<br />
InputStream ris;<br />
if (cl == null) {<br />
ris = ClassLoader.getSystemResourceAsStream(name);<br />
} else {<br />
ris = cl.getResourceAsStream(name);<br />
}<br />
return ris;<br />
}<br />
<br />
boolean getFileExists(File f) {<br />
return f.exists();<br />
}<br />
<br />
long getLastModified(File f) {<br />
return f.lastModified();<br />
} <br />
}<br />
/*<br />
* Licensed to the Apache Software Foundation (ASF) under one<br />
* or more contributor license agreements. See the NOTICE file<br />
* distributed with this work for additional information<br />
* regarding copyright ownership. The ASF licenses this file<br />
* to you under the Apache License, Version 2.0 (the "License");<br />
* you may not use this file except in compliance with the License.<br />
* You may obtain a copy of the License at<br />
*<br />
* http://www.apache.org/licenses/LICENSE-2.0<br />
*<br />
* Unless required by applicable law or agreed to in writing, software<br />
* distributed under the License is distributed on an "AS IS" BASIS,<br />
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.<br />
* See the License for the specific language governing permissions and<br />
* limitations under the License.<br />
*/<br />
/*<br />
* $Id$<br />
*/<br />
<br />
/**<br />
* This class is duplicated for each Xalan-Java subpackage so keep it in sync.<br />
* It is package private and therefore is not exposed as part of the Xalan-Java<br />
* API.<br />
*<br />
* Security related methods that only work on J2SE 1.2 and newer.<br />
*/<br />
class SecuritySupport12 extends SecuritySupport {<br />
ClassLoader getContextClassLoader() {<br />
return (ClassLoader)<br />
AccessController.doPrivileged(new PrivilegedAction() {<br />
public Object run() {<br />
ClassLoader cl = null;<br />
try {<br />
cl = Thread.currentThread().getContextClassLoader();<br />
} catch (SecurityException ex) { }<br />
return cl;<br />
}<br />
});<br />
}<br />
ClassLoader getSystemClassLoader() {<br />
return (ClassLoader)<br />
AccessController.doPrivileged(new PrivilegedAction() {<br />
public Object run() {<br />
ClassLoader cl = null;<br />
try {<br />
cl = ClassLoader.getSystemClassLoader();<br />
} catch (SecurityException ex) {}<br />
return cl;<br />
}<br />
});<br />
}<br />
ClassLoader getParentClassLoader(final ClassLoader cl) {<br />
return (ClassLoader)<br />
AccessController.doPrivileged(new PrivilegedAction() {<br />
public Object run() {<br />
ClassLoader parent = null;<br />
try {<br />
parent = cl.getParent();<br />
} catch (SecurityException ex) {}<br />
// eliminate loops in case of the boot<br />
// ClassLoader returning itself as a parent<br />
return (parent == cl) ? null : parent;<br />
}<br />
});<br />
}<br />
String getSystemProperty(final String propName) {<br />
return (String)<br />
AccessController.doPrivileged(new PrivilegedAction() {<br />
public Object run() {<br />
return System.getProperty(propName);<br />
}<br />
});<br />
}<br />
FileInputStream getFileInputStream(final File file)<br />
throws FileNotFoundException<br />
{<br />
try {<br />
return (FileInputStream)<br />
AccessController.doPrivileged(new PrivilegedExceptionAction() {<br />
public Object run() throws FileNotFoundException {<br />
return new FileInputStream(file);<br />
}<br />
});<br />
} catch (PrivilegedActionException e) {<br />
throw (FileNotFoundException)e.getException();<br />
}<br />
}<br />
InputStream getResourceAsStream(final ClassLoader cl,<br />
final String name)<br />
{<br />
return (InputStream)<br />
AccessController.doPrivileged(new PrivilegedAction() {<br />
public Object run() {<br />
InputStream ris;<br />
if (cl == null) {<br />
ris = ClassLoader.getSystemResourceAsStream(name);<br />
} else {<br />
ris = cl.getResourceAsStream(name);<br />
}<br />
return ris;<br />
}<br />
});<br />
}<br />
<br />
boolean getFileExists(final File f) {<br />
return ((Boolean)<br />
AccessController.doPrivileged(new PrivilegedAction() {<br />
public Object run() {<br />
return new Boolean(f.exists());<br />
}<br />
})).booleanValue();<br />
}<br />
<br />
long getLastModified(final File f) {<br />
return ((Long)<br />
AccessController.doPrivileged(new PrivilegedAction() {<br />
public Object run() {<br />
return new Long(f.lastModified());<br />
}<br />
})).longValue();<br />
}<br />
<br />
}<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== The security manager can be installed from the command line: ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
java -Djava.security.manager MyApp<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --><br />
<br />
<br />
<br />
<br />
<br />
== Use SecurityManager to check AWT permission and file permission ==<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="java"><br />
<br />
import java.awt.AWTPermission;<br />
import java.io.FilePermission;<br />
public class MainClass {<br />
public static void main(String args[]) throws Exception {<br />
SecurityManager sm = System.getSecurityManager();<br />
if (sm != null) {<br />
FilePermission fp = new FilePermission("c:\\autoexec.bat", "read");<br />
sm.checkPermission(fp);<br />
}<br />
if (sm != null) {<br />
AWTPermission ap = new AWTPermission("accessClipboard");<br />
sm.checkPermission(ap);<br />
}<br />
System.out.println("Has AWTPermission to access AWT Clipboard");<br />
}<br />
}<br />
<br />
<br />
<br />
</source><br />
<br />
<br />
<!-- end source code --></div>