我正在基于许可模型在web应用程序中引入限制规则。我想在运行时使用许可证文件中的信息更新java安全策略。这可以访问war文件中打包的某些jar,也可以限制对java包的访问。
如何在应用程序中动态限制对jar或包的访问?策略文件可以具有相对路径或包路径吗?
我正在查看以下示例代码:
/**
* policy
* grant {
* permission java.util.PropertyPermission "my.user.pwd", "read";
* permission java.lang.RuntimePermission "setSecurityManager";
* permission java.lang.RuntimePermission "createSecurityManager";
* permission java.lang.RuntimePermission "usePolicy";
* };
*
*/
class PasswordSecurityManager extends SecurityManager {
public static void main(String[] args) {
try {
System.setProperty("my.user.pwd", "mysecret");
// set the policy file as the system security policy
System.setProperty("java.security.policy", "file:/C:/temp/policy/java-2.policy");
System.setSecurityManager(new PasswordSecurityManager("mysecret"));
} catch (SecurityException se) {
System.out.println("SecurityManager already set!");
}
try {
System.setProperty("my.user.pwd", "mysecret");
DataInputStream fis = new DataInputStream(new FileInputStream("C:\TEMP\policy\test.txt"));
DataOutputStream fos = new DataOutputStream(new FileOutputStream("C:\TEMP\policy\outputtext.txt"));
String inputString;
while ((inputString = fis.readLine()) != null) {
fos.writeBytes(inputString);
fos.writeByte('n');
}
fis.close();
fos.close();
} catch (IOException ioe) {
System.err.println("I/O failed for SecurityManagerTest.");
}
}
String password;
PasswordSecurityManager(String password) {
super();
this.password = password;
}
private boolean accessOK() {
System.out.println("Reading from System... the secret password?");
String response = System.getProperty("my.user.pwd");
if (response.equals(password))
return true;
else
return false;
}
@Override
public void checkRead(FileDescriptor filedescriptor) {
if (!accessOK())
throw new SecurityException("Not a Chance!");
}
@Override
public void checkRead(String filename) {
if (!accessOK())
throw new SecurityException("No Way!");
}
@Override
public void checkRead(String filename, Object executionContext) {
if (!accessOK())
throw new SecurityException("Forget It!");
}
@Override
public void checkWrite(FileDescriptor filedescriptor) {
if (!accessOK())
throw new SecurityException("Not!");
}
@Override
public void checkWrite(String filename) {
if (!accessOK())
throw new SecurityException("Not Even!");
}
}
上面代码中的以下方法解决了我的问题。。。。
@Override
public void checkPackageAccess(String pkg) {
super.checkPackageAccess(pkg);
System.out.println("checkPackageAccess.." + pkg);
if (!accessOK()) {
if (pkg.startsWith("my.specialpackage.path")) {
throw new SecurityException("No access to " + pkg);
}
}
}