Java Tutorial/Security/Permission
Содержание
- 1 boolean Permission.implies(Permission permission)
- 2 Checking Read/Write Permission for a Directory
- 3 Controlling Access to an Object using a permission
- 4 Creating Your Own Permissions
- 5 Determining If One Permission Implies Another
- 6 extends BasicPermission
- 7 grant ability to create and write c:\temp\myfile
- 8 grant ability to delete any file or directory in c:\temp\mydir
- 9 grant ability to execute (see Runtime.exec()) the file c:\java.exe
- 10 grant ability to list files in the user"s home directory
- 11 grant ability to read all properties that start with "myprops."
- 12 grant ability to read all system properties
- 13 grant ability to read and write all system properties
- 14 grant ability to read and write any file in current directory
- 15 grant ability to read and write the "myprop" system properties
- 16 grant ability to read any file
- 17 grant ability to read any file or directory under c:\temp
- 18 grant ability to read any file under current directory
- 19 grant ability to write all system properties
- 20 grant ability to write the "myprop" system properties
- 21 Listing All Permissions Granted to a Loaded Class
boolean Permission.implies(Permission permission)
import java.io.Serializable;
import java.security.BasicPermission;
import java.security.Permission;
class IDPermission extends BasicPermission implements Serializable {
String id = null;
public IDPermission(String id) {
super(id);
this.id = id;
}
public boolean implies(Permission permission) {
IDPermission bp = (IDPermission) permission;
return id.equals(bp.id);
}
public String getActions() {
return "";
}
public int hashCode() {
return id.hashCode();
}
public boolean equals(Object obj) {
if (!(obj instanceof IDPermission)) {
return false;
}
IDPermission bp = (IDPermission) obj;
return id.equals(bp.id);
}
}
public class Main {
public static void main(String[] argv) throws Exception {
Permission p1 = new IDPermission("1");
Permission p2 = new IDPermission("2");
boolean b = p1.implies(p2);
p2 = new IDPermission("3");
b = p1.implies(p2);
p2 = new IDPermission("4");
b = p1.implies(p2);
p2 = new IDPermission("5");
b = p1.implies(p2);
p2 = new IDPermission("6");
b = p1.implies(p2);
}
}
Checking Read/Write Permission for a Directory
import java.io.FilePermission;
import java.security.AccessController;
public class Main {
public static void main(String[] argv) throws Exception {
AccessController.checkPermission(new FilePermission("/tmp/*", "read,write"));
}
}
Controlling Access to an Object using a permission
import java.security.AccessControlException;
import java.security.Guard;
import java.security.GuardedObject;
import java.util.PropertyPermission;
public class Main {
public static void main(String[] argv) throws Exception {
String secretObj = "secret";
Guard guard = new PropertyPermission("java.home", "read");
GuardedObject gobj = new GuardedObject(secretObj, guard);
try {
Object o = gobj.getObject();
} catch (AccessControlException e) {
e.printStackTrace();
}
}
}
Creating Your Own Permissions
import java.security.BasicPermission;
class SecretWordPermission extends BasicPermission {
public SecretWordPermission(String name) {
super(name);
}
public SecretWordPermission(String name, String action) {
super(name);
}
}
class SecretWord {
public SecretWord() {
super();
}
public String getWord() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkPermission(new SecretWordPermission("AccessPermission"));
}
return "Secret";
}
}
public class MainClass {
public static void main(String[] args) {
SecretWord secret = new SecretWord();
String theSecretWord = secret.getWord();
System.out.println("The secret word is: " + theSecretWord);
}
}
Determining If One Permission Implies Another
import java.io.FilePermission;
import java.security.Permission;
public class Main {
public static void main(String[] argv) throws Exception {
Permission perm1 = new FilePermission("/tmp/*", "read,write");
Permission perm2 = new FilePermission("/tmp/abc", "read");
if (perm1.implies(perm2)) {
System.out.println("perm1 implies perm2");
}
}
}
extends BasicPermission
import java.io.Serializable;
import java.security.BasicPermission;
import java.security.Permission;
class IDPermission extends BasicPermission implements Serializable {
String id = null;
public IDPermission(String id) {
super(id);
this.id = id;
}
public boolean implies(Permission permission) {
IDPermission bp = (IDPermission) permission;
return id.equals(bp.id);
}
public String getActions() {
return "";
}
public int hashCode() {
return id.hashCode();
}
public boolean equals(Object obj) {
if (!(obj instanceof IDPermission)) {
return false;
}
IDPermission bp = (IDPermission) obj;
return id.equals(bp.id);
}
}
public class Main {
public static void main(String[] argv) throws Exception {
Permission p1 = new IDPermission("1");
Permission p2 = new IDPermission("2");
boolean b = p1.implies(p2);
p2 = new IDPermission("3");
b = p1.implies(p2);
p2 = new IDPermission("4");
b = p1.implies(p2);
p2 = new IDPermission("5");
b = p1.implies(p2);
p2 = new IDPermission("6");
b = p1.implies(p2);
}
}
grant ability to create and write c:\temp\myfile
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "c:\\temp\\myfile", "write";
};
grant ability to delete any file or directory in c:\temp\mydir
grant codeBase "http://127.0.0.1/*" {
permission java.io.FilePermission "c:\\temp\\mydir\*", "delete";
};
grant ability to execute (see Runtime.exec()) the file c:\java.exe
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "c:\\java.exe", "execute";
};
grant ability to list files in the user"s home directory
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "${user.home}", "read";
};
grant ability to read all properties that start with "myprops."
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "myprops.*", "read";
};
grant ability to read all system properties
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "*", "read";
};
grant ability to read and write all system properties
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "*", "read,write";
};
grant ability to read and write any file in current directory
// Note: this is equivalent to ${user.dir}/*
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "*", "read,write";
};
grant ability to read and write the "myprop" system properties
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "myprop", "read,write";
};
grant ability to read any file
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "<<ALL FILES>>", "read";
};
grant ability to read any file or directory under c:\temp
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "c:\\temp\\-", "read";
};
grant ability to read any file under current directory
// Note: this is equivalent to ${user.dir}/-
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "-", "read";
};
grant ability to write all system properties
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "*", "write";
};
grant ability to write the "myprop" system properties
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "myprop", "write";
};
Listing All Permissions Granted to a Loaded Class
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.Enumeration;
public class Main {
public static void main(String[] argv) throws Exception {
ProtectionDomain domain = String.class.getProtectionDomain();
PermissionCollection pcoll = Policy.getPolicy().getPermissions(domain);
Enumeration e = pcoll.elements();
for (; e.hasMoreElements();) {
Permission p = (Permission) e.nextElement();
}
}
}
