Java Tutorial/Security/Permission
Содержание
- 1 boolean Permission.implies(Permission permission)
- 2 Checking Read/Write Permission for a Directory
- 3 Controlling Access to an Object using a permission
- 4 Creating Your Own Permissions
- 5 Determining If One Permission Implies Another
- 6 extends BasicPermission
- 7 grant ability to create and write c:\temp\myfile
- 8 grant ability to delete any file or directory in c:\temp\mydir
- 9 grant ability to execute (see Runtime.exec()) the file c:\java.exe
- 10 grant ability to list files in the user"s home directory
- 11 grant ability to read all properties that start with "myprops."
- 12 grant ability to read all system properties
- 13 grant ability to read and write all system properties
- 14 grant ability to read and write any file in current directory
- 15 grant ability to read and write the "myprop" system properties
- 16 grant ability to read any file
- 17 grant ability to read any file or directory under c:\temp
- 18 grant ability to read any file under current directory
- 19 grant ability to write all system properties
- 20 grant ability to write the "myprop" system properties
- 21 Listing All Permissions Granted to a Loaded Class
boolean Permission.implies(Permission permission)
<source lang="java">
import java.io.Serializable; import java.security.BasicPermission; import java.security.Permission; class IDPermission extends BasicPermission implements Serializable {
String id = null; public IDPermission(String id) { super(id); this.id = id; } public boolean implies(Permission permission) { IDPermission bp = (IDPermission) permission; return id.equals(bp.id); } public String getActions() { return ""; } public int hashCode() { return id.hashCode(); } public boolean equals(Object obj) { if (!(obj instanceof IDPermission)) { return false; } IDPermission bp = (IDPermission) obj; return id.equals(bp.id); }
} public class Main {
public static void main(String[] argv) throws Exception { Permission p1 = new IDPermission("1"); Permission p2 = new IDPermission("2"); boolean b = p1.implies(p2); p2 = new IDPermission("3"); b = p1.implies(p2); p2 = new IDPermission("4"); b = p1.implies(p2); p2 = new IDPermission("5"); b = p1.implies(p2); p2 = new IDPermission("6"); b = p1.implies(p2); }
}</source>
Checking Read/Write Permission for a Directory
<source lang="java">
import java.io.FilePermission; import java.security.AccessController; public class Main {
public static void main(String[] argv) throws Exception { AccessController.checkPermission(new FilePermission("/tmp/*", "read,write")); }
}</source>
Controlling Access to an Object using a permission
<source lang="java">
import java.security.AccessControlException; import java.security.Guard; import java.security.GuardedObject; import java.util.PropertyPermission; public class Main {
public static void main(String[] argv) throws Exception { String secretObj = "secret"; Guard guard = new PropertyPermission("java.home", "read"); GuardedObject gobj = new GuardedObject(secretObj, guard); try { Object o = gobj.getObject(); } catch (AccessControlException e) { e.printStackTrace(); } }
}</source>
Creating Your Own Permissions
<source lang="java">
import java.security.BasicPermission; class SecretWordPermission extends BasicPermission {
public SecretWordPermission(String name) { super(name); } public SecretWordPermission(String name, String action) { super(name); }
} class SecretWord {
public SecretWord() { super(); } public String getWord() { SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkPermission(new SecretWordPermission("AccessPermission")); } return "Secret"; }
} public class MainClass {
public static void main(String[] args) { SecretWord secret = new SecretWord(); String theSecretWord = secret.getWord(); System.out.println("The secret word is: " + theSecretWord); }
}</source>
Determining If One Permission Implies Another
<source lang="java">
import java.io.FilePermission; import java.security.Permission; public class Main {
public static void main(String[] argv) throws Exception { Permission perm1 = new FilePermission("/tmp/*", "read,write"); Permission perm2 = new FilePermission("/tmp/abc", "read"); if (perm1.implies(perm2)) { System.out.println("perm1 implies perm2"); } }
}</source>
extends BasicPermission
<source lang="java">
import java.io.Serializable; import java.security.BasicPermission; import java.security.Permission; class IDPermission extends BasicPermission implements Serializable {
String id = null; public IDPermission(String id) { super(id); this.id = id; } public boolean implies(Permission permission) { IDPermission bp = (IDPermission) permission; return id.equals(bp.id); } public String getActions() { return ""; } public int hashCode() { return id.hashCode(); } public boolean equals(Object obj) { if (!(obj instanceof IDPermission)) { return false; } IDPermission bp = (IDPermission) obj; return id.equals(bp.id); }
} public class Main {
public static void main(String[] argv) throws Exception { Permission p1 = new IDPermission("1"); Permission p2 = new IDPermission("2"); boolean b = p1.implies(p2); p2 = new IDPermission("3"); b = p1.implies(p2); p2 = new IDPermission("4"); b = p1.implies(p2); p2 = new IDPermission("5"); b = p1.implies(p2); p2 = new IDPermission("6"); b = p1.implies(p2); }
}</source>
grant ability to create and write c:\temp\myfile
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "c:\\temp\\myfile", "write"; };</source>
grant ability to delete any file or directory in c:\temp\mydir
<source lang="java">
grant codeBase "http://127.0.0.1/*" {
permission java.io.FilePermission "c:\\temp\\mydir\*", "delete"; };</source>
grant ability to execute (see Runtime.exec()) the file c:\java.exe
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "c:\\java.exe", "execute"; };</source>
grant ability to list files in the user"s home directory
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "${user.home}", "read"; };</source>
grant ability to read all properties that start with "myprops."
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "myprops.*", "read"; };</source>
grant ability to read all system properties
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "*", "read"; };</source>
grant ability to read and write all system properties
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "*", "read,write"; };</source>
grant ability to read and write any file in current directory
<source lang="java">
// Note: this is equivalent to ${user.dir}/*
grant codeBase "http://127.0.0.1/-" { permission java.io.FilePermission "*", "read,write"; };</source>
grant ability to read and write the "myprop" system properties
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "myprop", "read,write"; };</source>
grant ability to read any file
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "<<ALL FILES>>", "read"; };</source>
grant ability to read any file or directory under c:\temp
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.io.FilePermission "c:\\temp\\-", "read"; };</source>
grant ability to read any file under current directory
<source lang="java">
// Note: this is equivalent to ${user.dir}/-
grant codeBase "http://127.0.0.1/-" { permission java.io.FilePermission "-", "read"; };</source>
grant ability to write all system properties
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "*", "write"; };</source>
grant ability to write the "myprop" system properties
<source lang="java">
grant codeBase "http://127.0.0.1/-" {
permission java.util.PropertyPermission "myprop", "write"; };</source>
Listing All Permissions Granted to a Loaded Class
<source lang="java">
import java.security.Permission; import java.security.PermissionCollection; import java.security.Policy; import java.security.ProtectionDomain; import java.util.Enumeration; public class Main {
public static void main(String[] argv) throws Exception { ProtectionDomain domain = String.class.getProtectionDomain(); PermissionCollection pcoll = Policy.getPolicy().getPermissions(domain); Enumeration e = pcoll.elements(); for (; e.hasMoreElements();) { Permission p = (Permission) e.nextElement(); } }
}</source>