【发布时间】:2019-04-01 19:07:37
【问题描述】:
我正在一个简单的 java 应用程序中测试Java Security Manager。
我写属性"user.home","user.info"。
我阅读了"user.home"、"user.info"的属性。
我设置了一个允许在"user.home"、"user.info" 上读/写的策略文件。
我开始Security Manager
我应该仍然能够读/写"user.home"、"user.info",因为策略文件提供了权限。
但我遇到了安全异常。
怎么了?
我的 Java 代码是:
import java.security.AccessControlException;
public class TestSecurityManager {
final static String securityPolicyFile = "properties_permissions.policy";
public static void main(String[] args) {
System.setProperty("user.info", "123456");
System.out.println("user.info is : " + System.getProperty("user.info"));
// Enable the security manager
try {
System.out.println("***");
System.out.println("Setting policy file");
System.out.println("***");
System.setProperty(securityPolicyFile, securityPolicyFile);
System.out.println("***");
System.out
.println("Security manager is STILL disabled, "
+ "read/write access to \"user.info\" system property "
+ "is allowed"
);
System.out.println("***");
System.setProperty("user.info", "123456");
System.out.println("user.info is : " + System.getProperty("user.info"));
//
System.out.println("***");
System.out.println("Setting Security manager");
System.out.println("***");
SecurityManager securityManager = new SecurityManager();
System.setSecurityManager(securityManager);
} catch (SecurityException se) {
try {
System.setProperty("user.info", "123456");
} catch (AccessControlException acew) {
System.out.println("!!!Write access to the user.info system property is not allowed!");
}
try {
System.out.println("user.info is : " + System.getProperty("user.info"));
} catch (AccessControlException acer) {
System.out.println("Read access to the user.info system property is not allowed!");
}
}
}
我的政策文件:
grant {
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "user.info", "write";
};
xxx
【问题讨论】:
标签: java security properties file-permissions java-security-manager