我们在 Java 中启用了 Java 安全性的应用程序。我们需要从 AIP 云中获取标签。我们可以使用 msal4j java 库获取访问令牌。MS 没有为 MIP 提供 java 库,因此我们实现了本机 dll 来获取 AIP 标签。此 dll 与我们的 Web 应用程序集成。应用程序对本机库进行 JNI 调用以获取标签。
我认为 MIP SDK 创建 sqlite 数据库来缓存标签。所以它会在内部在本地磁盘上创建 sqlite 文件。但是由于启用了安全性,我收到 MIP dll 的访问被拒绝错误。
“无法打开数据库,检查文件夹权限:mip_data\mip\mip.policies.sqlite3”
我尝试在 manager.policy 中授予以下权限但不工作
grant codeBase "../Protect/lib/native/*" {
permission java.io.FilePermission "../Protect/bin/mip_data/mip/mip.policies.sqlite3", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data/mip", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data", "read,write,delete";
permission java.io.FilePermission "../Protect/bin", "read,write,delete";
};
grant codeBase "../Protect/lib/native/-" {
permission java.io.FilePermission "../Protect/bin/mip_data/mip/mip.policies.sqlite3", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data/mip", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data", "read,write,delete";
permission java.io.FilePermission "../Protect/bin", "read,write,delete";
};
grant codeBase "../Protect/lib/native/-" {
permission java.io.FilePermission "../Protect/bin/mip_data/mip/mip.policies.sqlite3", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data/mip", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data", "read,write,delete";
permission java.io.FilePermission "../Protect/bin", "read,write,delete";
};
grant codeBase "file:${catalina.home}/webapps/ProtectManager/WEB-INF/lib/*"
{
permission java.io.FilePermission "../Protect/bin/mip_data/mip/mip.policies.sqlite3", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data/mip", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data", "read,write,delete";
permission java.io.FilePermission "../Protect/bin", "read,write,delete";
}
在 JNI 的情况下,Java 安全性如何工作?它是否继承了本机调用的所有权限?