我想允许沙箱中的脚本访问系统属性,但我得到了AccessControlException
s. 这是代码:
import static org.junit.Assert.*;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.PropertyPermission;
import org.junit.Test;
public class AccessControlTest {
@Test
public void testAccessControl() throws Exception {
PrivilegedAction<String> action = new PrivilegedAction<String>() {
@Override
public String run() {
System.getProperty( "java.version" ); // doesn't work
return System.getProperty( "foo" ); // doesn't work
}
};
SecurityManager sm = new SecurityManager() {
@Override
public void checkPermission( Permission perm ) {
if( "setSecurityManager".equals( perm.getName() ) ) {
return;
}
System.out.println( perm );
super.checkPermission( perm );
}
};
Permissions perms = new Permissions();
perms.add( new PropertyPermission( "foo", "read" ) );
// perms.add( new PropertyPermission( "java.version", "read" ) );
ProtectionDomain domain = new ProtectionDomain( new CodeSource( null, (Certificate[]) null ), perms );
AccessControlContext context = new AccessControlContext( new ProtectionDomain[] { domain } );
try {
System.setSecurityManager( sm );
Object result = AccessController.doPrivileged( action, context );
assertEquals( Boolean.TRUE, result );
} finally {
System.setSecurityManager( null );
System.out.println( "setSecurityManager( null )" );
}
}
}
调试时,我看到了这个输出:
...
policy: granting (java.lang.RuntimePermission stopThread)
policy: granting (java.net.SocketPermission localhost:1024- listen,resolve)
policy: granting (java.util.PropertyPermission java.version read)
...
(java.util.PropertyPermission java.version read)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1249)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:549)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.avanon.script.AccessControlTest$2.checkPermission(AccessControlTest.java:39)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
...
access: domain 0 ProtectionDomain (null <no signer certificates>)
null
<no principals>
java.security.Permissions@78ce5b1c (
(java.util.PropertyPermission foo read)
)
access: domain 1 ProtectionDomain (file:/.../project/target-eclipse/test-classes/ <no signer certificates>)
sun.misc.Launcher$AppClassLoader@5d0385c1
<no principals>
java.security.Permissions@6ddf073d (
(java.io.FilePermission /.../project/target-eclipse/test-classes/- read)
(java.lang.RuntimePermission exitVM)
)
access: access denied (java.util.PropertyPermission java.version read)
(调用代码-Djava.security.debug=all
以获得相同的输出)
第一个块来自java.policy
JRE 附带的全局文件。
下一个块是代码尝试检查对java.version
.
最后一个块表明这失败了。
这让我感到惊讶,因为在策略文件中允许访问该属性。
PropertyPermission
为了提供帮助,我启用了添加for的注释行java.version
。现在第一次System.getProperty( "java.version" )
通过。
但第二个仍然失败:
access: domain that failed ProtectionDomain (file:/.../project/target-eclipse/test-classes/ <no signer certificates>)
sun.misc.Launcher$AppClassLoader@5d0385c1
<no principals>
java.security.Permissions@6ddf073d (
(java.io.FilePermission /.../project/target-eclipse/test-classes/- read)
(java.lang.RuntimePermission exitVM)
)
我真的被这件事难住了。从代码来看,Java似乎总是ProtectionDomain
按顺序检查所有的s(我有四个)。如果他们中的任何一个不喜欢您的访问,它将被拒绝。
但是我看不到第二个域如何允许访问任何属性,所以我期望要么都失败,要么都成功。
我错过了什么?