Java Tutorial/Security/Permission File
Содержание
- 1 allows anyone to listen on un-privileged ports
- 2 Configurable Access Control
- 3 Grant entry example
- 4 Grant runtime permission stop thread
- 5 jdk policy file entries
- 6 "standard" properies that can be read by anyone
- 7 Use grant command to set read permission
- 8 Use grant to set file permission
- 9 Use grant to set file permission based on user.home and file.separator
- 10 Use grant to set Property permission
- 11 Use grant to set Socket permission
- 12 Use grant to set the Runtime permission
allows anyone to listen on un-privileged ports
<source lang="java">
grant{
permission java.net.SocketPermission "localhost:1024-", "listen";
};</source>
Configurable Access Control
<source lang="java">
import java.io.FileInputStream; public class MainClass {
public static void main(String[] args) throws Exception {
String operatingSystem = (String) System.getProperty("os.name");
String javaVersion = (String) System.getProperty("java.version");
String javaDirectory = (String) System.getProperty("java.home");
String userHomeDir = (String) System.getProperty("user.home");
String myFile = (String) System.getProperty("myFile");
FileInputStream fin = new FileInputStream(myFile);
}
}</source>
Grant entry example
<source lang="java">
grant{ permission java.io.FilePermission " D:\\jdk1.4\\jre\\lib\\security\\java.policy" "read"; }</source>
Grant runtime permission stop thread
<source lang="java">
grant {
permission java.lang.RuntimePermission "stopThread";
};</source>
jdk policy file entries
<source lang="java">
// Standard extensions get all permissions by default
grant codeBase "file:${java.home}/lib/ext/*" {
permission java.security.AllPermission;
};</source>
"standard" properies that can be read by anyone
<source lang="java">
grant{
permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; permission java.util.PropertyPermission "java.vendor.url", "read"; permission java.util.PropertyPermission "java.class.version", "read"; permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.version", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "file.separator", "read"; permission java.util.PropertyPermission "path.separator", "read"; permission java.util.PropertyPermission "line.separator", "read"; permission java.util.PropertyPermission "java.specification.version", "read"; permission java.util.PropertyPermission "java.specification.vendor", "read"; permission java.util.PropertyPermission "java.specification.name", "read"; permission java.util.PropertyPermission "java.vm.specification.version", "read"; permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; permission java.util.PropertyPermission "java.vm.specification.name", "read"; permission java.util.PropertyPermission "java.vm.version", "read"; permission java.util.PropertyPermission "java.vm.vendor", "read"; permission java.util.PropertyPermission "java.vm.name", "read";
};</source>
Use grant command to set read permission
<source lang="java">
grant{
permission java.util.PropertyPermission "java.home" , "read";
permission java.util.PropertyPermission "user.home" , "read";
permission java.util.PropertyPermission "myFile", "read";
permission java.io.FilePermission "${myFile}", "read";
};</source>
Use grant to set file permission
<source lang="java">
grant {
permission java.io.FilePermission "C:\\temp\\sampleFile.txt", "read";
permission java.io.FilePermission "C:\\temp", "read";
permission java.io.FilePermission "C:\\temp\\*", "read";
permission java.io.FilePermission "<<ALL_FILES>>", "read";
permission java.io.FilePermission "C:\\temp\\test.exe ",
"read, write, delete, execute";
};</source>
Use grant to set file permission based on user.home and file.separator
<source lang="java">
grant {
permission java.io.FilePermission "${user.home}${file.separator}* ",
"read";
}</source>
Use grant to set Property permission
<source lang="java">
grant CodeBase http://www.y.ru/-" {
permission java.util.PropertyPermission "java.*", "read, write";
};</source>
Use grant to set Socket permission
<source lang="java">
grant CodeBase http://www.y.ru/-" {
permission java.net.SocketPermission "www.y.ru", "accept";
};</source>
Use grant to set the Runtime permission
<source lang="java">
grant CodeBase http://www.y.ru/-" {
permission java.lang.RuntimePermission "setSecurityManager";
};</source>
