SecurityManager
来源:互联网 发布:哪里购买淘宝店铺 编辑:程序博客网 时间:2024/05/16 12:31
the build-in security includes: safely type cast,structual memomry access,gc,bound check of array, null reference check.
the first three part can achieve a propose that ensure tha integrity of the running program and jvm instance. however, SecurityManager attempt to protect the outer resource from attacking by milicious code.
when a program start, it will point to a java.lang.SecurityManager or pass his subtype's instance to setSecurityManager(), to install the SecurityManager. is not so, the Java API can do anything without any restrict.before the version 1.2, java.lang.SecurityManager was a abstract class and now it is a concret class which supply the default implement.
SecurityManager permits user to define policy without code, via a file called policy file(ASIIC file). The permission is defined as a class extending from java.security.Permission, such as java.io.FilePermission to grant reading, writing, and excuting permission. when a SecurityManager is created, it will parse the policy file to generate the CodeSource and Permission Object, which are encapsuled in a single Policy Object, which represents a runtime policy. Anytime there will be only one Policy Object to be installed.
when the check method of a SecurityManager is called, many of them will pass the requestion to a AccessControl Class. there are 28 different check method in the old version and there are two another added into after version 1.2, which are ckeckPermission(Permission) and checkPermission(Permission,Object).
there are a example of one policy file called policy.txt
keystore "ijvmkeys";
grant signedBy "friend" {
permission java.io.FilePermission "question.txt", "read";
permission java.io.FilePermission "answer.txt", "read";
};
grant signedBy "stranger" {
permission java.io.FilePermission "question.txt", "read";
};
grant codeBase "file :${com.artima.ijvm.cdrom.home}/security/ex2/*" {
permission java.io.FilePermission "question.txt", "read";
permission java.io.FilePermission "answer.txt", "read";
};
it points out that if you use a jar package which was signatured by friend you can red the two files question.txt and answer.txt, otherwise if you are a stranger you can only read the question.txt.
the third paragraph means the policy file grant a read permission to the class file which location is in the ${com.artima.ijvm.cdrom.home}/security/ex2/
- SecurityManager
- SecurityManager
- securityManager
- SecurityManager
- 关于SecurityManager
- Java SecurityManager
- SecurityManager详解
- SecurityManager浅试
- 关于Java SecurityManager
- Java SecurityManager说明
- Java 安全管理器--SecurityManager
- shiro securityManager结构
- Shiro源码之SecurityManager
- Java 安全管理器--SecurityManager
- Java安全管理器SecurityManager
- 打开Java中的SecurityManager
- Shiro详解之SecurityManager
- Java安全管理器SecurityManager
- ISerializable
- Lecture Notes on Static Analysis
- String
- The structure of a class file
- what is a synthetic field and method
- SecurityManager
- the class inspection in JVM
- Java Inner Class
- How to build a independent java program
- Selenium Command
- Serialization: Understand
- Keil uVision2学习笔记1
- 程序員的七種武器
- 静态XTREE的使用