1

我有一个 RMI 应用程序,我正在尝试正确获取策略文件。当我将权限设置为:

grant codeBase "file:MyJar.jar" {
    permission java.security.AllPermission;
};

但这对于生产环境来说太自由了。当我更改为:

grant codeBase "file:MyJar.jar" {
    permission java.security.SocketPermission "*:1024-", "accept, resolve";
};

我得到如下的 AccessControlException。我以为我涵盖了所需的许可?

Exception in thread "RMI TCP Connection(idle)" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:63014 accept,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkAccept(SecurityManager.java:1157)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.checkAcceptPermission(TCPTransport.java:636)
at sun.rmi.transport.tcp.TCPTransport.checkAcceptPermission(TCPTransport.java:275)
at sun.rmi.transport.Transport$1.run(Transport.java:158)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)

编辑: 运行-Djava.security.debug=access,failure并更改为"*:1024""localhost:1024"

access: domain that failed ProtectionDomain  (file:MyJar.jar <no signer certificates>)
 sun.misc.Launcher$AppClassLoader@6bbc4459
 <no principals>
 java.security.Permissions@281acd47 (
 (unresolved java.security.SocketPermission localhost:1024- accept, resolve)
 (java.io.FilePermission MyJar.jar read)
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission apple.laf.* read,write)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission com.apple.macos.useScreenMenuBar read,write)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission com.apple.hwaccel read,write)
 (java.util.PropertyPermission mrj.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission apple.awt.* read,write)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.lang.RuntimePermission stopThread) 
 (java.lang.RuntimePermission exitVM)
 (java.net.SocketPermission localhost:1024- listen,resolve)
)
4

2 回答 2

3

使用 -Djava.security.debug=access,failure 运行它以查看到底发生了什么。我不相信 * 本身就是 SocketPermission 中的有效主机规范。我也不清楚您为什么要使用 SecurityManager 在本地主机内进行通信。

于 2012-09-04T23:27:19.033 回答
1

好的,所以我SocketPermission在策略文件中输入错误。它应该java.net.SocketPermission代替java.security.SocketPermission. 这就是为什么它说它没有解决。

于 2012-09-06T15:55:00.340 回答