0

我正在基于许可模型在 Web 应用程序中加入限制规则。我想在运行时使用许可证文件中的信息更新 java 安全策略。这可以是访问打包在 war 文件中的某些 jar 或限制对 java 包的访问。

如何在应用程序中动态限制对 jar 或包的访问?策略文件可以有相对路径或包路径吗?

我正在查看以下示例代码:

/**
 *  policy
 * grant {
 *    permission java.util.PropertyPermission "my.user.pwd", "read";
 *    permission java.lang.RuntimePermission "setSecurityManager";
 *    permission java.lang.RuntimePermission "createSecurityManager";
 *    permission java.lang.RuntimePermission "usePolicy";
 *  };
 * 
 */

class PasswordSecurityManager extends SecurityManager {
    public static void main(String[] args) {
        try {
            System.setProperty("my.user.pwd", "mysecret");
            // set the policy file as the system security policy
            System.setProperty("java.security.policy", "file:/C:/temp/policy/java-2.policy");
            System.setSecurityManager(new PasswordSecurityManager("mysecret"));

        } catch (SecurityException se) {
            System.out.println("SecurityManager already set!");
        }
        try {
            System.setProperty("my.user.pwd", "mysecret");
            DataInputStream fis = new DataInputStream(new FileInputStream("C:\\TEMP\\policy\\test.txt"));
            DataOutputStream fos = new DataOutputStream(new FileOutputStream("C:\\TEMP\\policy\\outputtext.txt"));
            String inputString;
            while ((inputString = fis.readLine()) != null) {
                fos.writeBytes(inputString);
                fos.writeByte('\n');
            }
            fis.close();
            fos.close();
        } catch (IOException ioe) {
            System.err.println("I/O failed for SecurityManagerTest.");
        }
    }

    String password;

    PasswordSecurityManager(String password) {
        super();
        this.password = password;
    }

    private boolean accessOK() {
        System.out.println("Reading from System... the secret password?");
        String response = System.getProperty("my.user.pwd");
        if (response.equals(password))
            return true;
        else
            return false;
    }

    @Override
    public void checkRead(FileDescriptor filedescriptor) {
        if (!accessOK())
            throw new SecurityException("Not a Chance!");
    }

    @Override
    public void checkRead(String filename) {
        if (!accessOK())
            throw new SecurityException("No Way!");
    }

    @Override
    public void checkRead(String filename, Object executionContext) {
        if (!accessOK())
            throw new SecurityException("Forget It!");
    }

    @Override
    public void checkWrite(FileDescriptor filedescriptor) {
        if (!accessOK())
            throw new SecurityException("Not!");
    }

    @Override
    public void checkWrite(String filename) {
        if (!accessOK())
            throw new SecurityException("Not Even!");
    }
}
4

1 回答 1

0

上面代码的以下方法解决了我的问题....

    @Override
public void checkPackageAccess(String pkg) {
    super.checkPackageAccess(pkg);
    System.out.println("checkPackageAccess.." + pkg);
    if (!accessOK()) {
        if (pkg.startsWith("my.specialpackage.path")) {
            throw new SecurityException("No access to " + pkg);
        }
    }
}
于 2013-08-15T05:18:09.907 回答