Java Tutorial/Security/SecurityManager — различия между версиями
Admin (обсуждение | вклад) м (1 версия) |
|
(нет различий)
|
Текущая версия на 05:01, 1 июня 2010
Содержание
- 1 Define your own security manager
- 2 Enabling the Security Manager
- 3 extends SecurityManager
- 4 Listing All Permissions Granted to Classes Loaded from a URL or Directory
- 5 To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
- 6 To specify an additional policy file, set the java.security.policy system property at the command line:
- 7 Use SecurityManager to check AWT permission and file permission
Define your own security manager
class CustomSecurityManager extends SecurityManager {
public CustomSecurityManager() {
super();
}
public void checkRead(String fileName) {
if (fileName != null && fileName.endsWith(".java")) {
throw new SecurityException(" You are not allowed to read " + " file names ending with .java");
}
super.checkRead(fileName);
}
public void checkWrite(String fileName) {
if (fileName != null && fileName.endsWith(".java")) {
throw new SecurityException(" You are not allowed to write "
+ " file names ending with .java");
}
super.checkWrite(fileName);
}
public void checkDelete(String fileName) {
if (fileName != null && fileName.endsWith(".java")) {
throw new SecurityException(" You are not allowed to delete "
+ " file names ending with .java");
}
super.checkDelete(fileName);
}
}
public class MainClass {
public static void main() {
System.setSecurityManager(new CustomSecurityManager());
SecurityManager secMgr = System.getSecurityManager();
if (secMgr != null) {
secMgr.checkRead("fileName");
}
}
}
Enabling the Security Manager
public class Main {
public static void main(String[] argv) throws Exception {
System.setProperty("java.version", "data");
try {
SecurityManager sm = new SecurityManager();
System.setSecurityManager(sm);
} catch (SecurityException se) {
se.printStackTrace();
}
// no longer possible; an AccessControlException is thrown
System.setProperty("java.version", "malicious data");
}
}
/*Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.version write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.System.setProperty(System.java:727)
at Main.main(Main.java:13)
*/
extends SecurityManager
import java.io.IOException;
public class MainClass {
public static void main(String args[]) throws IOException {
System.setSecurityManager(new MySecurityManager());
}
}
class MySecurityManager extends SecurityManager {
public void checkRead(String file) {
if (!(file.endsWith(".txt")) && !(file.endsWith(".java")) && !(file.endsWith(".class"))
&& !(file.startsWith("C:\\"))) {
throw new SecurityException("No Read Permission for : " + file);
}
}
}
Listing All Permissions Granted to Classes Loaded from a URL or Directory
import java.io.File;
import java.net.URL;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class Main {
public static void main(String[] argv) throws Exception {
SecurityManager sm = new SecurityManager();
System.setSecurityManager(sm);
URL codebase = new URL("http://java.sun.ru/");
//codebase = new File("c:\\java\\").toURI().toURL();
//codebase = new File(System.getProperty("user.home")).toURI().toURL();
CodeSource cs = new CodeSource(codebase, (Certificate[])null);
PermissionCollection pcoll = Policy.getPolicy().getPermissions(cs);
Enumeration e = pcoll.elements();
for (; e.hasMoreElements();) {
Permission p = (Permission) e.nextElement();
}
}
}
To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
java -Djava.security.manager -Djava.security.policy==someURL MyApp
To specify an additional policy file, set the java.security.policy system property at the command line:
c:\java -Djava.security.manager -Djava.security.policy=someURL MyApp
c:\appletviewer -J-Djava.security.policy=someURL HTMLfile
Use SecurityManager to check AWT permission and file permission
import java.awt.AWTPermission;
import java.io.FilePermission;
public class MainClass {
public static void main(String args[]) throws Exception {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission fp = new FilePermission("c:\\autoexec.bat", "read");
sm.checkPermission(fp);
}
if (sm != null) {
AWTPermission ap = new AWTPermission("accessClipboard");
sm.checkPermission(ap);
}
System.out.println("Has AWTPermission to access AWT Clipboard");
}
}