我正在Java Security Manager
一个简单的 java 应用程序中进行测试。
我写属性"user.home"
, "user.info"
。
我读了属性"user.home"
,"user.info"
。
"user.home"
我设置了一个允许在,上读/写的策略文件"user.info"
。
我开始一个Security Manager
我应该仍然能够 read/write "user.home"
,"user.info"
因为策略文件提供了权限。
但我得到一个安全例外。
怎么了?
我的Java代码是:
import java.security.AccessControlException;
public class TestSecurityManager {
final static String securityPolicyFile = "properties_permissions.policy";
public static void main(String[] args) {
System.setProperty("user.info", "123456");
System.out.println("user.info is : " + System.getProperty("user.info"));
// Enable the security manager
try {
System.out.println("***");
System.out.println("Setting policy file");
System.out.println("***");
System.setProperty(securityPolicyFile, securityPolicyFile);
System.out.println("***");
System.out
.println("Security manager is STILL disabled, "
+ "read/write access to \"user.info\" system property "
+ "is allowed"
);
System.out.println("***");
System.setProperty("user.info", "123456");
System.out.println("user.info is : " + System.getProperty("user.info"));
//
System.out.println("***");
System.out.println("Setting Security manager");
System.out.println("***");
SecurityManager securityManager = new SecurityManager();
System.setSecurityManager(securityManager);
} catch (SecurityException se) {
try {
System.setProperty("user.info", "123456");
} catch (AccessControlException acew) {
System.out.println("!!!Write access to the user.info system property is not allowed!");
}
try {
System.out.println("user.info is : " + System.getProperty("user.info"));
} catch (AccessControlException acer) {
System.out.println("Read access to the user.info system property is not allowed!");
}
}
}
我的政策文件:
grant {
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "user.info", "write";
};
xxx