Java/Security/Policy
Содержание
- 1 Authorized File Writer
- 2 Managing Policy Files: By default, the JDK uses the policy files located in
- 3 Policy Demo
- 4 System properties and security policy
- 5 To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
- 6 To specify an additional policy file, set the java.security.policy system property at the command line:
Authorized File Writer
<source lang="java">
import java.io.FileWriter; import java.io.IOException; public class AuthorizedFileWriter {
public static void main(String[] args) { System.setSecurityManager(new SecurityManager()); String file = "authorized.txt"; String fileBody = "test"; try { FileWriter fileWriter = new FileWriter(file); fileWriter.write(fileBody); fileWriter.close(); System.exit(0); } catch (IOException ioException) { ioException.printStackTrace(); System.exit(1); } }
} /* // authorized.policy // Policy file that grants file write permission // only to file "authorized.txt" grant {
permission java.io.FilePermission "authorized.txt", "write";
};
- /
/* // codebase_authorized.policy // Policy file that grants write permission to // file "codebase_authorized.txt" for codebase "C:/myclasses" grant codebase "file:/C:/myclasses" {
permission java.io.FilePermission "codebase_authorized.txt", "write";
};
- /
</source>
Managing Policy Files: By default, the JDK uses the policy files located in
<source lang="java"> file:${java.home}/lib/security/java.policy file:${user.home}/.java.policy
These policy files are specified in the default security file:
${java.home}/lib/security/java.security </source>
Policy Demo
<source lang="java">
/* From http://java.sun.ru/docs/books/tutorial/index.html */ /*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * -Redistribution of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * -Redistribution in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed, licensed or intended * for use in the design, construction, operation or maintenance of any * nuclear facility. */ </source>
System properties and security policy
<source lang="java">
/* From http://java.sun.ru/docs/books/tutorial/index.html */ /*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * -Redistribution of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * -Redistribution in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed, licensed or intended * for use in the design, construction, operation or maintenance of any * nuclear facility. */
public class GetProps {
public static void main(String[] args) { /* Test reading properties w & w/out security manager */ String s; try { System.out.println("About to get os.name property value"); s = System.getProperty("os.name", "not specified"); System.out.println(" The name of your operating system is: " + s); System.out.println("About to get java.version property value"); s = System.getProperty("java.version", "not specified"); System.out.println(" The version of the JVM you are running is: " + s); System.out.println("About to get user.home property value"); s = System.getProperty("user.home", "not specified"); System.out.println(" Your user home directory is: " + s); System.out.println("About to get java.home property value"); s = System.getProperty("java.home", "not specified"); System.out.println(" Your JRE installation directory is: " + s); } catch (Exception e) { System.err.println("Caught exception " + e.toString()); } }
} //File: java.policy /*
// Standard extensions get all permissions by default grant codeBase "file:${java.home}/lib/ext/" {
permission java.security.AllPermission;
}; // default permissions granted to all domains grant {
// allows anyone to listen on un-privileged ports permission java.net.SocketPermission "localhost:1024-", "listen"; // "standard" properies that can be read by anyone permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; permission java.util.PropertyPermission "java.vendor.url", "read"; permission java.util.PropertyPermission "java.class.version", "read"; permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.version", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "file.separator", "read"; permission java.util.PropertyPermission "path.separator", "read"; permission java.util.PropertyPermission "line.separator", "read"; permission java.util.PropertyPermission "java.specification.version", "read"; permission java.util.PropertyPermission "java.specification.vendor", "read"; permission java.util.PropertyPermission "java.specification.name", "read"; permission java.util.PropertyPermission "java.vm.specification.version", "read"; permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; permission java.util.PropertyPermission "java.vm.specification.name", "read"; permission java.util.PropertyPermission "java.vm.version", "read"; permission java.util.PropertyPermission "java.vm.vendor", "read"; permission java.util.PropertyPermission "java.vm.name", "read";
};
- /
</source>
To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
<source lang="java">
java -Djava.security.manager -Djava.security.policy==someURL MyApp
</source>
To specify an additional policy file, set the java.security.policy system property at the command line:
<source lang="java">
c:\java -Djava.security.manager -Djava.security.policy=someURL MyApp c:\appletviewer -J-Djava.security.policy=someURL HTMLfile
</source>