Java Tutorial/Security/SecurityManager
Содержание
- 1 Define your own security manager
- 2 Enabling the Security Manager
- 3 extends SecurityManager
- 4 Listing All Permissions Granted to Classes Loaded from a URL or Directory
- 5 To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
- 6 To specify an additional policy file, set the java.security.policy system property at the command line:
- 7 Use SecurityManager to check AWT permission and file permission
Define your own security manager
<source lang="java">
class CustomSecurityManager extends SecurityManager {
public CustomSecurityManager() { super(); } public void checkRead(String fileName) { if (fileName != null && fileName.endsWith(".java")) { throw new SecurityException(" You are not allowed to read " + " file names ending with .java"); } super.checkRead(fileName); } public void checkWrite(String fileName) { if (fileName != null && fileName.endsWith(".java")) { throw new SecurityException(" You are not allowed to write " + " file names ending with .java"); } super.checkWrite(fileName); } public void checkDelete(String fileName) { if (fileName != null && fileName.endsWith(".java")) { throw new SecurityException(" You are not allowed to delete " + " file names ending with .java"); } super.checkDelete(fileName); }
} public class MainClass {
public static void main() { System.setSecurityManager(new CustomSecurityManager()); SecurityManager secMgr = System.getSecurityManager(); if (secMgr != null) { secMgr.checkRead("fileName"); } }
}</source>
Enabling the Security Manager
<source lang="java">
public class Main {
public static void main(String[] argv) throws Exception { System.setProperty("java.version", "data"); try { SecurityManager sm = new SecurityManager(); System.setSecurityManager(sm); } catch (SecurityException se) { se.printStackTrace(); } // no longer possible; an AccessControlException is thrown System.setProperty("java.version", "malicious data"); }
} /*Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.version write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.System.setProperty(System.java:727) at Main.main(Main.java:13)
- /</source>
extends SecurityManager
<source lang="java">
import java.io.IOException; public class MainClass {
public static void main(String args[]) throws IOException { System.setSecurityManager(new MySecurityManager()); }
} class MySecurityManager extends SecurityManager {
public void checkRead(String file) { if (!(file.endsWith(".txt")) && !(file.endsWith(".java")) && !(file.endsWith(".class")) && !(file.startsWith("C:\\"))) { throw new SecurityException("No Read Permission for : " + file); } }
}</source>
Listing All Permissions Granted to Classes Loaded from a URL or Directory
<source lang="java">
import java.io.File; import java.net.URL; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; import java.security.Policy; import java.security.cert.Certificate; import java.util.Enumeration; public class Main {
public static void main(String[] argv) throws Exception { SecurityManager sm = new SecurityManager(); System.setSecurityManager(sm); URL codebase = new URL("http://java.sun.ru/"); //codebase = new File("c:\\java\\").toURI().toURL(); //codebase = new File(System.getProperty("user.home")).toURI().toURL(); CodeSource cs = new CodeSource(codebase, (Certificate[])null); PermissionCollection pcoll = Policy.getPolicy().getPermissions(cs); Enumeration e = pcoll.elements(); for (; e.hasMoreElements();) { Permission p = (Permission) e.nextElement(); } }
}</source>
To ignore the policies in the java.security file, and use the specified policy, use "==" instead of "="
<source lang="java">
java -Djava.security.manager -Djava.security.policy==someURL MyApp</source>
To specify an additional policy file, set the java.security.policy system property at the command line:
<source lang="java">
c:\java -Djava.security.manager -Djava.security.policy=someURL MyApp c:\appletviewer -J-Djava.security.policy=someURL HTMLfile</source>
Use SecurityManager to check AWT permission and file permission
<source lang="java">
import java.awt.AWTPermission; import java.io.FilePermission; public class MainClass {
public static void main(String args[]) throws Exception { SecurityManager sm = System.getSecurityManager(); if (sm != null) { FilePermission fp = new FilePermission("c:\\autoexec.bat", "read"); sm.checkPermission(fp); } if (sm != null) { AWTPermission ap = new AWTPermission("accessClipboard"); sm.checkPermission(ap); } System.out.println("Has AWTPermission to access AWT Clipboard"); }
}</source>