我正在基于许可模型在 Web 应用程序中加入限制规则。我想在运行时使用许可证文件中的信息更新 java 安全策略。这可以是访问打包在 war 文件中的某些 jar 或限制对 java 包的访问。
如何在应用程序中动态限制对 jar 或包的访问?策略文件可以有相对路径或包路径吗?
我正在查看以下示例代码:
/**
* policy
* grant {
* permission java.util.PropertyPermission "my.user.pwd", "read";
* permission java.lang.RuntimePermission "setSecurityManager";
* permission java.lang.RuntimePermission "createSecurityManager";
* permission java.lang.RuntimePermission "usePolicy";
* };
*
*/
class PasswordSecurityManager extends SecurityManager {
public static void main(String[] args) {
try {
System.setProperty("my.user.pwd", "mysecret");
// set the policy file as the system security policy
System.setProperty("java.security.policy", "file:/C:/temp/policy/java-2.policy");
System.setSecurityManager(new PasswordSecurityManager("mysecret"));
} catch (SecurityException se) {
System.out.println("SecurityManager already set!");
}
try {
System.setProperty("my.user.pwd", "mysecret");
DataInputStream fis = new DataInputStream(new FileInputStream("C:\\TEMP\\policy\\test.txt"));
DataOutputStream fos = new DataOutputStream(new FileOutputStream("C:\\TEMP\\policy\\outputtext.txt"));
String inputString;
while ((inputString = fis.readLine()) != null) {
fos.writeBytes(inputString);
fos.writeByte('\n');
}
fis.close();
fos.close();
} catch (IOException ioe) {
System.err.println("I/O failed for SecurityManagerTest.");
}
}
String password;
PasswordSecurityManager(String password) {
super();
this.password = password;
}
private boolean accessOK() {
System.out.println("Reading from System... the secret password?");
String response = System.getProperty("my.user.pwd");
if (response.equals(password))
return true;
else
return false;
}
@Override
public void checkRead(FileDescriptor filedescriptor) {
if (!accessOK())
throw new SecurityException("Not a Chance!");
}
@Override
public void checkRead(String filename) {
if (!accessOK())
throw new SecurityException("No Way!");
}
@Override
public void checkRead(String filename, Object executionContext) {
if (!accessOK())
throw new SecurityException("Forget It!");
}
@Override
public void checkWrite(FileDescriptor filedescriptor) {
if (!accessOK())
throw new SecurityException("Not!");
}
@Override
public void checkWrite(String filename) {
if (!accessOK())
throw new SecurityException("Not Even!");
}
}