Java Tutorial/Security/Permission File — различия между версиями

Материал из Java эксперт
Перейти к: навигация, поиск
 
м (1 версия)
 
(нет различий)

Текущая версия на 05:01, 1 июня 2010

allows anyone to listen on un-privileged ports

grant{
    permission java.net.SocketPermission "localhost:1024-", "listen";
};





Configurable Access Control

import java.io.FileInputStream;
public class MainClass {
  public static void main(String[] args) throws Exception {
    String operatingSystem = (String) System.getProperty("os.name");
    String javaVersion = (String) System.getProperty("java.version");
    String javaDirectory = (String) System.getProperty("java.home");
    String userHomeDir = (String) System.getProperty("user.home");
    String myFile = (String) System.getProperty("myFile");
    FileInputStream fin = new FileInputStream(myFile);
  }
}





Grant entry example

grant{  permission java.io.FilePermission " 
D:\\jdk1.4\\jre\\lib\\security\\java.policy" "read";
}





Grant runtime permission stop thread

grant { 
    permission java.lang.RuntimePermission "stopThread";
   
   
};





jdk policy file entries

// Standard extensions get all permissions by default
   
grant codeBase "file:${java.home}/lib/ext/*" {
    permission java.security.AllPermission;
};





"standard" properies that can be read by anyone

grant{
    permission java.util.PropertyPermission "java.version", "read";
    permission java.util.PropertyPermission "java.vendor", "read";
    permission java.util.PropertyPermission "java.vendor.url", "read";
    permission java.util.PropertyPermission "java.class.version", "read";
    permission java.util.PropertyPermission "os.name", "read";
    permission java.util.PropertyPermission "os.version", "read";
    permission java.util.PropertyPermission "os.arch", "read";
    permission java.util.PropertyPermission "file.separator", "read";
    permission java.util.PropertyPermission "path.separator", "read";
    permission java.util.PropertyPermission "line.separator", "read";
   
    permission java.util.PropertyPermission "java.specification.version", "read";
    permission java.util.PropertyPermission "java.specification.vendor", "read";
    permission java.util.PropertyPermission "java.specification.name", "read";
   
    permission java.util.PropertyPermission "java.vm.specification.version", "read";
    permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
    permission java.util.PropertyPermission "java.vm.specification.name", "read";
    permission java.util.PropertyPermission "java.vm.version", "read";
    permission java.util.PropertyPermission "java.vm.vendor", "read";
    permission java.util.PropertyPermission "java.vm.name", "read";
};





Use grant command to set read permission

grant{
 permission java.util.PropertyPermission "java.home" , "read";
 permission java.util.PropertyPermission "user.home" , "read";
 permission java.util.PropertyPermission "myFile", "read";
 permission java.io.FilePermission "${myFile}", "read";
};





Use grant to set file permission

grant
{
 permission java.io.FilePermission "C:\\temp\\sampleFile.txt", "read";
 permission java.io.FilePermission "C:\\temp", "read";
 permission java.io.FilePermission "C:\\temp\\*", "read";
 permission java.io.FilePermission "<<ALL_FILES>>", "read";
 permission java.io.FilePermission "C:\\temp\\test.exe ",
                                 "read, write, delete, execute";
};





Use grant to set file permission based on user.home and file.separator

grant
{
 permission java.io.FilePermission "${user.home}${file.separator}* ",
                                              "read";
}





Use grant to set Property permission

grant CodeBase http://www.y.ru/-"
{
 permission java.util.PropertyPermission "java.*", "read, write";
};





Use grant to set Socket permission

grant CodeBase http://www.y.ru/-"
{
 permission java.net.SocketPermission "www.y.ru", "accept";
};





Use grant to set the Runtime permission

grant CodeBase http://www.y.ru/-"
{
 permission java.lang.RuntimePermission "setSecurityManager";
};