Java Tutorial/Security/SecurityManager — различия между версиями

Материал из Java эксперт
Перейти к: навигация, поиск
 
м (1 версия)
 
(нет различий)

Текущая версия на 05:01, 1 июня 2010

Define your own security manager

class CustomSecurityManager extends SecurityManager {
  public CustomSecurityManager() {
    super();
  }
  public void checkRead(String fileName) {
    if (fileName != null && fileName.endsWith(".java")) {
      throw new SecurityException(" You are not allowed to read " + " file names ending with .java");
    }
    super.checkRead(fileName);
  }
  public void checkWrite(String fileName) {
    if (fileName != null && fileName.endsWith(".java")) {
      throw new SecurityException(" You are not allowed to write "
          + " file names ending with .java");
    }
    super.checkWrite(fileName);
  }
  public void checkDelete(String fileName) {
    if (fileName != null && fileName.endsWith(".java")) {
      throw new SecurityException(" You are not allowed to delete "
          + " file names ending with .java");
    }
    super.checkDelete(fileName);
  }
}
public class MainClass {
  public static void main() {
    System.setSecurityManager(new CustomSecurityManager());
    SecurityManager secMgr = System.getSecurityManager();
    if (secMgr != null) {
      secMgr.checkRead("fileName");
    }
  }
}





Enabling the Security Manager

public class Main {
  public static void main(String[] argv) throws Exception {
    System.setProperty("java.version", "data");
    try {
      SecurityManager sm = new SecurityManager();
      System.setSecurityManager(sm);
    } catch (SecurityException se) {
      se.printStackTrace();
    }
    // no longer possible; an AccessControlException is thrown
    System.setProperty("java.version", "malicious data");
  }
}
/*Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.version write)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
  at java.security.AccessController.checkPermission(AccessController.java:546)
  at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
  at java.lang.System.setProperty(System.java:727)
  at Main.main(Main.java:13)
*/





extends SecurityManager

import java.io.IOException;
public class MainClass {
  public static void main(String args[]) throws IOException {
    System.setSecurityManager(new MySecurityManager());
  }
}
class MySecurityManager extends SecurityManager {
  public void checkRead(String file) {
    if (!(file.endsWith(".txt")) && !(file.endsWith(".java")) && !(file.endsWith(".class"))
        && !(file.startsWith("C:\\"))) {
      throw new SecurityException("No Read Permission for : " + file);
    }
  }
}





Listing All Permissions Granted to Classes Loaded from a URL or Directory

import java.io.File;
import java.net.URL;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class Main {
  public static void main(String[] argv) throws Exception {
    SecurityManager sm = new SecurityManager();
    System.setSecurityManager(sm);
    URL codebase = new URL("http://java.sun.ru/");
    //codebase = new File("c:\\java\\").toURI().toURL();
    //codebase = new File(System.getProperty("user.home")).toURI().toURL();
    CodeSource cs = new CodeSource(codebase, (Certificate[])null);
    PermissionCollection pcoll = Policy.getPolicy().getPermissions(cs);
    Enumeration e = pcoll.elements();
    for (; e.hasMoreElements();) {
      Permission p = (Permission) e.nextElement();
    }
  }
}





To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="

java -Djava.security.manager -Djava.security.policy==someURL MyApp





To specify an additional policy file, set the java.security.policy system property at the command line:

c:\java -Djava.security.manager -Djava.security.policy=someURL MyApp
c:\appletviewer -J-Djava.security.policy=someURL HTMLfile





Use SecurityManager to check AWT permission and file permission

import java.awt.AWTPermission;
import java.io.FilePermission;
public class MainClass {
  public static void main(String args[]) throws Exception {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
      FilePermission fp = new FilePermission("c:\\autoexec.bat", "read");
      sm.checkPermission(fp);
    }
    if (sm != null) {
      AWTPermission ap = new AWTPermission("accessClipboard");
      sm.checkPermission(ap);
    }
    System.out.println("Has AWTPermission to access AWT Clipboard");
  }
}