Java Tutorial/Security/SecurityManager
Содержание
- 1 Define your own security manager
- 2 Enabling the Security Manager
- 3 extends SecurityManager
- 4 Listing All Permissions Granted to Classes Loaded from a URL or Directory
- 5 To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
- 6 To specify an additional policy file, set the java.security.policy system property at the command line:
- 7 Use SecurityManager to check AWT permission and file permission
Define your own security manager
<source lang="java">
class CustomSecurityManager extends SecurityManager {
public CustomSecurityManager() {
super();
}
public void checkRead(String fileName) {
if (fileName != null && fileName.endsWith(".java")) {
throw new SecurityException(" You are not allowed to read " + " file names ending with .java");
}
super.checkRead(fileName);
}
public void checkWrite(String fileName) {
if (fileName != null && fileName.endsWith(".java")) {
throw new SecurityException(" You are not allowed to write "
+ " file names ending with .java");
}
super.checkWrite(fileName);
}
public void checkDelete(String fileName) {
if (fileName != null && fileName.endsWith(".java")) {
throw new SecurityException(" You are not allowed to delete "
+ " file names ending with .java");
}
super.checkDelete(fileName);
}
} public class MainClass {
public static void main() {
System.setSecurityManager(new CustomSecurityManager());
SecurityManager secMgr = System.getSecurityManager();
if (secMgr != null) {
secMgr.checkRead("fileName");
}
}
}</source>
Enabling the Security Manager
<source lang="java">
public class Main {
public static void main(String[] argv) throws Exception {
System.setProperty("java.version", "data");
try {
SecurityManager sm = new SecurityManager();
System.setSecurityManager(sm);
} catch (SecurityException se) {
se.printStackTrace();
}
// no longer possible; an AccessControlException is thrown
System.setProperty("java.version", "malicious data");
}
} /*Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.version write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.System.setProperty(System.java:727) at Main.main(Main.java:13)
- /</source>
extends SecurityManager
<source lang="java">
import java.io.IOException; public class MainClass {
public static void main(String args[]) throws IOException {
System.setSecurityManager(new MySecurityManager());
}
} class MySecurityManager extends SecurityManager {
public void checkRead(String file) {
if (!(file.endsWith(".txt")) && !(file.endsWith(".java")) && !(file.endsWith(".class"))
&& !(file.startsWith("C:\\"))) {
throw new SecurityException("No Read Permission for : " + file);
}
}
}</source>
Listing All Permissions Granted to Classes Loaded from a URL or Directory
<source lang="java">
import java.io.File; import java.net.URL; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; import java.security.Policy; import java.security.cert.Certificate; import java.util.Enumeration; public class Main {
public static void main(String[] argv) throws Exception {
SecurityManager sm = new SecurityManager();
System.setSecurityManager(sm);
URL codebase = new URL("http://java.sun.ru/");
//codebase = new File("c:\\java\\").toURI().toURL();
//codebase = new File(System.getProperty("user.home")).toURI().toURL();
CodeSource cs = new CodeSource(codebase, (Certificate[])null);
PermissionCollection pcoll = Policy.getPolicy().getPermissions(cs);
Enumeration e = pcoll.elements();
for (; e.hasMoreElements();) {
Permission p = (Permission) e.nextElement();
}
}
}</source>
To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
<source lang="java">
java -Djava.security.manager -Djava.security.policy==someURL MyApp</source>
To specify an additional policy file, set the java.security.policy system property at the command line:
<source lang="java">
c:\java -Djava.security.manager -Djava.security.policy=someURL MyApp c:\appletviewer -J-Djava.security.policy=someURL HTMLfile</source>
Use SecurityManager to check AWT permission and file permission
<source lang="java">
import java.awt.AWTPermission; import java.io.FilePermission; public class MainClass {
public static void main(String args[]) throws Exception {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission fp = new FilePermission("c:\\autoexec.bat", "read");
sm.checkPermission(fp);
}
if (sm != null) {
AWTPermission ap = new AWTPermission("accessClipboard");
sm.checkPermission(ap);
}
System.out.println("Has AWTPermission to access AWT Clipboard");
}
}</source>
