Java/Security/Policy
Версия от 18:01, 31 мая 2010; (обсуждение)
Содержание
- 1 Authorized File Writer
- 2 Managing Policy Files: By default, the JDK uses the policy files located in
- 3 Policy Demo
- 4 System properties and security policy
- 5 To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
- 6 To specify an additional policy file, set the java.security.policy system property at the command line:
Authorized File Writer
import java.io.FileWriter;
import java.io.IOException;
public class AuthorizedFileWriter {
public static void main(String[] args) {
System.setSecurityManager(new SecurityManager());
String file = "authorized.txt";
String fileBody = "test";
try {
FileWriter fileWriter = new FileWriter(file);
fileWriter.write(fileBody);
fileWriter.close();
System.exit(0);
} catch (IOException ioException) {
ioException.printStackTrace();
System.exit(1);
}
}
}
/*
// authorized.policy
// Policy file that grants file write permission
// only to file "authorized.txt"
grant {
permission java.io.FilePermission
"authorized.txt", "write";
};
*/
/*
// codebase_authorized.policy
// Policy file that grants write permission to
// file "codebase_authorized.txt" for codebase "C:/myclasses"
grant codebase "file:/C:/myclasses" {
permission java.io.FilePermission
"codebase_authorized.txt", "write";
};
*/
Managing Policy Files: By default, the JDK uses the policy files located in
file:${java.home}/lib/security/java.policy
file:${user.home}/.java.policy
These policy files are specified in the default security file:
${java.home}/lib/security/java.security
Policy Demo
/* From http://java.sun.ru/docs/books/tutorial/index.html */
/*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* -Redistribution of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* -Redistribution in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any kind. ALL
* EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
* ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
* OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN")
* AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
* AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
* DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
* REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
* INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
* OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that this software is not designed, licensed or intended
* for use in the design, construction, operation or maintenance of any
* nuclear facility.
*/
System properties and security policy
/* From http://java.sun.ru/docs/books/tutorial/index.html */
/*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* -Redistribution of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* -Redistribution in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any kind. ALL
* EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
* ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
* OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN")
* AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
* AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
* DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
* REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
* INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
* OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that this software is not designed, licensed or intended
* for use in the design, construction, operation or maintenance of any
* nuclear facility.
*/
public class GetProps {
public static void main(String[] args) {
/* Test reading properties w & w/out security manager */
String s;
try {
System.out.println("About to get os.name property value");
s = System.getProperty("os.name", "not specified");
System.out.println(" The name of your operating system is: " + s);
System.out.println("About to get java.version property value");
s = System.getProperty("java.version", "not specified");
System.out.println(" The version of the JVM you are running is: "
+ s);
System.out.println("About to get user.home property value");
s = System.getProperty("user.home", "not specified");
System.out.println(" Your user home directory is: " + s);
System.out.println("About to get java.home property value");
s = System.getProperty("java.home", "not specified");
System.out.println(" Your JRE installation directory is: " + s);
} catch (Exception e) {
System.err.println("Caught exception " + e.toString());
}
}
}
//File: java.policy
/*
// Standard extensions get all permissions by default
grant codeBase "file:${java.home}/lib/ext/" {
permission java.security.AllPermission;
};
// default permissions granted to all domains
grant {
// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};
*/
To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
java -Djava.security.manager -Djava.security.policy==someURL MyApp
To specify an additional policy file, set the java.security.policy system property at the command line:
c:\java -Djava.security.manager -Djava.security.policy=someURL MyApp
c:\appletviewer -J-Djava.security.policy=someURL HTMLfile