Java Tutorial/Security/Permission

Материал из Java эксперт
Версия от 17:44, 31 мая 2010; (обсуждение)
(разн.) ← Предыдущая | Текущая версия (разн.) | Следующая → (разн.)
Перейти к: навигация, поиск

boolean Permission.implies(Permission permission)

import java.io.Serializable;
import java.security.BasicPermission;
import java.security.Permission;
class IDPermission extends BasicPermission implements Serializable {
  String id = null;
  public IDPermission(String id) {
    super(id);
    this.id = id;
  }
  public boolean implies(Permission permission) {
    IDPermission bp = (IDPermission) permission;
    return id.equals(bp.id); 
  }
  public String getActions() {
    return "";
  }
  public int hashCode() {
    return id.hashCode();
  }
  public boolean equals(Object obj) {
    if (!(obj instanceof IDPermission)) {
      return false;
    }
    IDPermission bp = (IDPermission) obj;
    return id.equals(bp.id);
  }
}
public class Main {
  public static void main(String[] argv) throws Exception {
    Permission p1 = new IDPermission("1");
    Permission p2 = new IDPermission("2");
    boolean b = p1.implies(p2); 
    p2 = new IDPermission("3");
    b = p1.implies(p2); 
    p2 = new IDPermission("4");
    b = p1.implies(p2); 
    p2 = new IDPermission("5");
    b = p1.implies(p2);
    p2 = new IDPermission("6");
    b = p1.implies(p2); 
  }
}





Checking Read/Write Permission for a Directory

import java.io.FilePermission;
import java.security.AccessController;
public class Main {
  public static void main(String[] argv) throws Exception {
    AccessController.checkPermission(new FilePermission("/tmp/*", "read,write"));
  }
}





Controlling Access to an Object using a permission

import java.security.AccessControlException;
import java.security.Guard;
import java.security.GuardedObject;
import java.util.PropertyPermission;
public class Main {
  public static void main(String[] argv) throws Exception {
    String secretObj = "secret";
    Guard guard = new PropertyPermission("java.home", "read");
    GuardedObject gobj = new GuardedObject(secretObj, guard);
    try {
      Object o = gobj.getObject();
    } catch (AccessControlException e) {
      e.printStackTrace();
    }
  }
}





Creating Your Own Permissions

import java.security.BasicPermission;
class SecretWordPermission extends BasicPermission {
  public SecretWordPermission(String name) {
    super(name);
  }
  public SecretWordPermission(String name, String action) {
    super(name);
  }
}
class SecretWord {
  public SecretWord() {
    super();
  }
  public String getWord() {
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
      security.checkPermission(new SecretWordPermission("AccessPermission"));
    }
    return "Secret";
  }
}
public class MainClass {
  public static void main(String[] args) {
    SecretWord secret = new SecretWord();
    String theSecretWord = secret.getWord();
    System.out.println("The secret word is: " + theSecretWord);
  }
}





Determining If One Permission Implies Another

import java.io.FilePermission;
import java.security.Permission;
public class Main {
  public static void main(String[] argv) throws Exception {
    Permission perm1 = new FilePermission("/tmp/*", "read,write");
    Permission perm2 = new FilePermission("/tmp/abc", "read");
    if (perm1.implies(perm2)) {
      System.out.println("perm1 implies perm2"); 
    }
  }
}





extends BasicPermission

import java.io.Serializable;
import java.security.BasicPermission;
import java.security.Permission;
class IDPermission extends BasicPermission implements Serializable {
  String id = null;
  public IDPermission(String id) {
    super(id);
    this.id = id;
  }
  public boolean implies(Permission permission) {
    IDPermission bp = (IDPermission) permission;
    return id.equals(bp.id); 
  }
  public String getActions() {
    return "";
  }
  public int hashCode() {
    return id.hashCode();
  }
  public boolean equals(Object obj) {
    if (!(obj instanceof IDPermission)) {
      return false;
    }
    IDPermission bp = (IDPermission) obj;
    return id.equals(bp.id);
  }
}
public class Main {
  public static void main(String[] argv) throws Exception {
    Permission p1 = new IDPermission("1");
    Permission p2 = new IDPermission("2");
    boolean b = p1.implies(p2); 
    p2 = new IDPermission("3");
    b = p1.implies(p2); 
    p2 = new IDPermission("4");
    b = p1.implies(p2); 
    p2 = new IDPermission("5");
    b = p1.implies(p2);
    p2 = new IDPermission("6");
    b = p1.implies(p2); 
  }
}





grant ability to create and write c:\temp\myfile

grant codeBase "http://127.0.0.1/-" {
        permission java.io.FilePermission "c:\\temp\\myfile", "write";
    };





grant ability to delete any file or directory in c:\temp\mydir

grant codeBase "http://127.0.0.1/*" {
        permission java.io.FilePermission "c:\\temp\\mydir\*", "delete";
    };





grant ability to execute (see Runtime.exec()) the file c:\java.exe

grant codeBase "http://127.0.0.1/-" {
        permission java.io.FilePermission "c:\\java.exe", "execute";
    };





grant ability to list files in the user"s home directory

grant codeBase "http://127.0.0.1/-" {
        permission java.io.FilePermission "${user.home}", "read";
    };





grant ability to read all properties that start with "myprops."

grant codeBase "http://127.0.0.1/-" {
        permission java.util.PropertyPermission "myprops.*", "read";
    };





grant ability to read all system properties

grant codeBase "http://127.0.0.1/-" {
        permission java.util.PropertyPermission "*", "read";
    };





grant ability to read and write all system properties

grant codeBase "http://127.0.0.1/-" {
        permission java.util.PropertyPermission "*", "read,write";
    };





grant ability to read and write any file in current directory

// Note: this is equivalent to ${user.dir}/*
    grant codeBase "http://127.0.0.1/-" {
        permission java.io.FilePermission "*", "read,write";
    };





grant ability to read and write the "myprop" system properties

grant codeBase "http://127.0.0.1/-" {
        permission java.util.PropertyPermission "myprop", "read,write";
    };





grant ability to read any file

grant codeBase "http://127.0.0.1/-" {
        permission java.io.FilePermission "<<ALL FILES>>", "read";
    };





grant ability to read any file or directory under c:\temp

grant codeBase "http://127.0.0.1/-" {
        permission java.io.FilePermission "c:\\temp\\-", "read";
    };





grant ability to read any file under current directory

// Note: this is equivalent to ${user.dir}/-
    grant codeBase "http://127.0.0.1/-" {
        permission java.io.FilePermission "-", "read";
    };





grant ability to write all system properties

grant codeBase "http://127.0.0.1/-" {
        permission java.util.PropertyPermission "*", "write";
    };





grant ability to write the "myprop" system properties

grant codeBase "http://127.0.0.1/-" {
        permission java.util.PropertyPermission "myprop", "write";
    };





Listing All Permissions Granted to a Loaded Class

import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.Enumeration;
public class Main {
  public static void main(String[] argv) throws Exception {
    ProtectionDomain domain = String.class.getProtectionDomain();
    PermissionCollection pcoll = Policy.getPolicy().getPermissions(domain);
    Enumeration e = pcoll.elements();
    for (; e.hasMoreElements();) {
      Permission p = (Permission) e.nextElement();
    }
  }
}