Java/Security/Policy

Материал из Java эксперт
Версия от 18:01, 31 мая 2010; (обсуждение)
(разн.) ← Предыдущая | Текущая версия (разн.) | Следующая → (разн.)
Перейти к: навигация, поиск

Authorized File Writer

 
import java.io.FileWriter;
import java.io.IOException;
public class AuthorizedFileWriter {
  public static void main(String[] args) {
    System.setSecurityManager(new SecurityManager());
    String file = "authorized.txt";
    String fileBody = "test";
    try {
      FileWriter fileWriter = new FileWriter(file);
      fileWriter.write(fileBody);
      fileWriter.close();
      System.exit(0);
    } catch (IOException ioException) {
      ioException.printStackTrace();
      System.exit(1);
    }
  }
}
/*
// authorized.policy
// Policy file that grants file write permission 
// only to file "authorized.txt"
grant {
   permission java.io.FilePermission
     "authorized.txt", "write";
};
*/
/*
// codebase_authorized.policy
// Policy file that grants write permission to 
// file "codebase_authorized.txt" for codebase "C:/myclasses"
grant codebase "file:/C:/myclasses" {
   permission java.io.FilePermission
     "codebase_authorized.txt", "write";
};
*/





Managing Policy Files: By default, the JDK uses the policy files located in

 
    file:${java.home}/lib/security/java.policy
    file:${user.home}/.java.policy
These policy files are specified in the default security file:
    ${java.home}/lib/security/java.security





Policy Demo

 
/* From http://java.sun.ru/docs/books/tutorial/index.html */
/*
 * Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * -Redistribution of source code must retain the above copyright notice, this
 *  list of conditions and the following disclaimer.
 *
 * -Redistribution in binary form must reproduce the above copyright notice,
 *  this list of conditions and the following disclaimer in the documentation
 *  and/or other materials provided with the distribution.
 *
 * Neither the name of Sun Microsystems, Inc. or the names of contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 *
 * This software is provided "AS IS," without a warranty of any kind. ALL
 * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
 * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
 * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN")
 * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
 * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
 * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
 * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
 * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
 * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
 * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
 *
 * You acknowledge that this software is not designed, licensed or intended
 * for use in the design, construction, operation or maintenance of any
 * nuclear facility.
 */





System properties and security policy

 
/* From http://java.sun.ru/docs/books/tutorial/index.html */
/*
 * Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * -Redistribution of source code must retain the above copyright notice, this
 *  list of conditions and the following disclaimer.
 *
 * -Redistribution in binary form must reproduce the above copyright notice,
 *  this list of conditions and the following disclaimer in the documentation
 *  and/or other materials provided with the distribution.
 *
 * Neither the name of Sun Microsystems, Inc. or the names of contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 *
 * This software is provided "AS IS," without a warranty of any kind. ALL
 * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
 * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
 * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN")
 * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
 * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
 * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
 * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
 * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
 * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
 * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
 *
 * You acknowledge that this software is not designed, licensed or intended
 * for use in the design, construction, operation or maintenance of any
 * nuclear facility.
 */
public class GetProps {
  public static void main(String[] args) {
    /* Test reading properties w & w/out security manager */
    String s;
    try {
      System.out.println("About to get os.name property value");
      s = System.getProperty("os.name", "not specified");
      System.out.println("  The name of your operating system is: " + s);
      System.out.println("About to get java.version property value");
      s = System.getProperty("java.version", "not specified");
      System.out.println("  The version of the JVM you are running is: "
          + s);
      System.out.println("About to get user.home property value");
      s = System.getProperty("user.home", "not specified");
      System.out.println("  Your user home directory is: " + s);
      System.out.println("About to get java.home property value");
      s = System.getProperty("java.home", "not specified");
      System.out.println("  Your JRE installation directory is: " + s);
    } catch (Exception e) {
      System.err.println("Caught exception " + e.toString());
    }
  }
}
//File: java.policy
/*

// Standard extensions get all permissions by default
grant codeBase "file:${java.home}/lib/ext/" {
  permission java.security.AllPermission;
};
// default permissions granted to all domains
grant { 
  // allows anyone to listen on un-privileged ports
  permission java.net.SocketPermission "localhost:1024-", "listen";
  // "standard" properies that can be read by anyone
  permission java.util.PropertyPermission "java.version", "read";
  permission java.util.PropertyPermission "java.vendor", "read";
  permission java.util.PropertyPermission "java.vendor.url", "read";
  permission java.util.PropertyPermission "java.class.version", "read";
  permission java.util.PropertyPermission "os.name", "read";
  permission java.util.PropertyPermission "os.version", "read";
  permission java.util.PropertyPermission "os.arch", "read";
  permission java.util.PropertyPermission "file.separator", "read";
  permission java.util.PropertyPermission "path.separator", "read";
  permission java.util.PropertyPermission "line.separator", "read";
  permission java.util.PropertyPermission "java.specification.version", "read";
  permission java.util.PropertyPermission "java.specification.vendor", "read";
  permission java.util.PropertyPermission "java.specification.name", "read";
  permission java.util.PropertyPermission "java.vm.specification.version", "read";
  permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
  permission java.util.PropertyPermission "java.vm.specification.name", "read";
  permission java.util.PropertyPermission "java.vm.version", "read";
  permission java.util.PropertyPermission "java.vm.vendor", "read";
  permission java.util.PropertyPermission "java.vm.name", "read";
};

*/





To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="

 
java -Djava.security.manager -Djava.security.policy==someURL MyApp





To specify an additional policy file, set the java.security.policy system property at the command line:

 
c:\java -Djava.security.manager -Djava.security.policy=someURL MyApp
c:\appletviewer -J-Djava.security.policy=someURL HTMLfile