文档章节

Java Security Manager

Oscarfff
 Oscarfff
发布于 2016/02/20 21:57
字数 521
阅读 56
收藏 2

Introducing the Security Manager

Each Java application can have its own security manager object that acts as a full-time security guard. The SecurityManager class in the java.lang package is an abstract class that provides the programming interface and partial implementation for all Java security managers.

By default an application does not have a security manager. That is, the Java runtime system does not automatically create a security manager for every Java application. So by default an application allows all operations that are subject to security restrictions.

To change this default lenient behavior, an application must create and install its own security manager. You will learn how to create a security manager in Writing a Security Manager, and how to install it in Installing Your Security Manager.


Note: The existing browsers and applet viewers  do create their own security manager when starting up. Thus an applet is subject to whatever access restrictions are imposed on it by the security manager for the particular application in which the applet is running.

You can get the current security manager for an application using the System class's getSecurityManager() method:

SecurityManager appsm = System.getSecurityManager();
Note that  getSecurityManager() returns null if there is no current security manager for the application so you should check to make sure that you have a valid object before calling any of its methods.

Once you have the security manager, you can request permission to allow or disallow certain operations. Indeed many of the classes in the Java packages do just this. For example, theSystem.exit() method, which terminates the Java interpreter, uses the security manager's checkExit() method to approve the exit operation:

SecurityManager security = System.getSecurityManager();
if (security != null) {
    security.checkExit(status);
}
. . .
// code continues here if checkedExit() returns
If the security manager approves the exit operation, the  checkExit() returns normally. If the security manager disallows the operation, the  checkExit() method throws a SecurityException. In this manner, the security manager is allows or disallows a potentially threatening operation before it can be completed.

The SecurityManager class defines many other methods used to verify other kinds of operations. For example, SecurityManager's checkAccess() method verifies thread accesses, andcheckPropertyAccess() verifies access to the specified property. Each operation or group of operations has its own checkXXX() method.

In addition, the set of checkXXX() methods represent the set of operations in the Java package classes and the Java runtime that are already subject to the protection of the security manager. So, typically, your code will not have to invoke any of SecurityManager's checkXXX() methods--the Java package classes and the Java runtime already do this for you at a low enough level that any operation represented by a checkXXX() method is already protected. However, when writing your own security manager, you may have to override SecurityManager'scheckXXX() methods to tighten or modify the security policy for specific operations, or you may have to add a few of your own to put other kinds of operations under the scrutiny of the security manager. Deciding What SecurityManager Methods to Override explains which operation or group of operations each checkXXX() method in the SecurityManager class is designed to protect.


本文转载自:http://journals.ecs.soton.ac.uk/java/tutorial/networking/security/intro.html

共有 人打赏支持
Oscarfff
粉丝 73
博文 815
码字总数 96913
作品 0
崇明
后端工程师
私信 提问
加载中

评论(2)

Oscarfff
Oscarfff
后面有原文地址。
wkgcass
wkgcass
请问原文链接是什么呢?我好像刚好能用到。。谢谢啦!
BUG_美国土安全部建议暂停使用 JAVA

详情见:http://www.kb.cert.org/vuls/id/625617 Overview Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to exe......

storylai
2013/01/12
80
0
Tomcat tomcat-users.xml configuration example

This article describes the configuration of the tomcat-users.xml file forApache Tomcat 7 web server. tomcat-users.xml is the default user database for container-managed authenti......

五大三粗
2015/11/16
0
0
禁止JVM执行外部命令Runtime.exec -- 由Apache Commons Collections漏洞引发的思考

update: 2015-11-16 新版apache commons collections 3.2.2修复漏洞 新版本的apache commons collections默认禁止了不安全的一些转换类。可以通过升级来修复漏洞。参考release说明:https:/...

横云断岭
2015/11/13
0
0
Netweaver和CloudFoundry是如何运行Web应用的?

Netweaver 在Jerry的微信公众号文章SAP Fiori应用的三种部署方式里提到SAP Fiori应用以BSP应用的方式部署在ABAP Front-End Server上。那么这些BSP应用在运行时为什么能够接受和发送HTTP请求呢...

JerryWang_SAP
06/16
0
0
[北京大连上海深圳杭州武汉重庆苏州广州]某五百强企业急聘JAVA SA和IT project manager

[北京大连上海深圳杭州武汉重庆苏州广州]急聘JAVA SA和IT project manager: JAVA SA(base地:北京大连上海深圳杭州武汉重庆苏州广州)待遇在20k-25k,具体看人选情况。 要求:8年以上JAVA经...

mengmeng1984
2011/08/04
558
3

没有更多内容

加载失败,请刷新页面

加载更多

Spring Cloud Feign 异常处理

问题 最近在项目开发中,使用 Feign 调用服务,当触发熔断机制时,遇到了以下问题: 异常信息形如:TestService#addRecord(ParamVO) failed and no fallback available.; 获取不到服务提供方...

xiaomin0322
21分钟前
2
0
解决OSX使用oh-my-zsh后.bash_profile自定义失效

场景描述 为了使OSX自带的终端在使用上更加顺手,便安装了oh-my-zsh插件, 但发现之前在.bash_profile自定义的一些内容都失效了。 问题分析 oh-my-zsh有自己的配置文件,覆盖了.bash_profile...

SuShine
24分钟前
1
0
java中线程读取配置文件properties

配置文件在很多方面可以用到,比如数据库连接,数据库工厂方法的调用,只要在配置文件中修改即可,不用修改程序,使用起来还是很方便的。 现在演示一下通过线程读取配置文件进行反射的一种方...

寒风中的独狼
26分钟前
3
0
面向接口编程详解-Java篇

  相信看到这篇文字的人已经不需要了解什么是接口了,我就不再过多的做介绍了,直接步入正题,接口测试如何编写。那么在这一篇里,我们用一个例子,让各位对这个重要的编程思想有个直观的印...

浮躁的码农
27分钟前
3
0
NPM install -save 和 -save-dev 傻傻分不清

本文原文地址:https://www.limitcode.com/detail/59a15b1a69e95702e0780249.html 回顾 npm install 命令 最近在写Node程序的时候,突然对 npm install 的-save和-save-dev 这两个参数的使用...

翔飘飘
28分钟前
2
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部