如何解决java.security.AccessControlException [英] How to solve java.security.AccessControlException

问题描述

我需要有关java.security.AccessControlException的建议，我在执行以下代码时会得到建议. (我在这里曾咨询过类似的问题，但未能成功解决该问题)

I need suggestions concerning the java.security.AccessControlException, I get when executing the following code. (I have consulted similar questions here but didn't success to make it work)

这是我的服务器代码:

 public class GetPageInfos extends UnicastRemoteObject  implements RemoteGetInfo{

    private static final String url="http://www.lemonde.fr/";
public class GetPageInfos extends UnicastRemoteObject  implements RemoteGetInfo{
    private static final String url="http://www.lemonde.fr/";

    public GetPageInfos() throws RemoteException{           
    }

    public String getSiteInfos() throws RemoteException {
         Document doc;
            try {                   
                 doc = Jsoup.connect(url).get();
                 String title = doc.title();  
                 return "title is "+title;                                       
            } catch (IOException e) {
                System.out.println("Faild! "+e.getMessage());
                return "not found";
            }  

    }

    public static void main(String[] args){
         try {

            GetPageInfos infos= new GetPageInfos();
            //System.setProperty("java.rmi.server.hostname","5lq04x1.gemalto.com");
            Naming.rebind("RemoteGetInfo", infos);
             /*GetPageInfos obj=new GetPageInfos(); 
             RemoteGetInfo stub = (RemoteGetInfo) UnicastRemoteObject.exportObject(obj, 0);
             Registry registry = LocateRegistry.getRegistry();
             registry.bind("RemoteGetInfo", stub);
             */
             System.out.println("server ready");

        } catch (RemoteException e) {
              System.out.println("GetPageInfos "+e.getMessage());
        }
        catch (MalformedURLException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }   
    }
}

这是我的客户代码:

//RMI Client
public class PrintSiteInfos {

    public static void main(String arg[]) 
    { 

        System.setSecurityManager(new RMISecurityManager());

             try 
                { 

                   /*String host=null;
                   Registry registry = LocateRegistry.getRegistry(host);
                   RemoteGetInfo stub = (RemoteGetInfo) registry.lookup("RemoteGetInfo");
                   String response = stub.getSiteInfos();
                   System.out.println(response); */
                 RemoteGetInfo obj = (RemoteGetInfo) Naming.lookup( "RemoteGetInfo");        
                 System.out.println(obj.getSiteInfos()); 
                } 
                catch (Exception e) 
                { 
                   System.out.println("PrintSiteInfos exception: " + e.getMessage()); 
                   e.printStackTrace(); 
                }  
    }   
}

我知道了

exception: access denied ("java.net.SocketPermission" "127.0.0.1:1099" "connect,resolve")

我发现我必须传递一个我喜欢的策略文件:

I found that I have to pass a policy file which I have like:

grant { 
  permission java.security.AllPermission;}; 

但是如何?还有其他建议吗?

But how? Anyother suggestions?

推荐答案

您只能授予套接字权限，而不是授予所有权限(这可能会带来安全风险).这样的东西:

You may grant only the socket permission not all permissions (which might be a security risk). Thus something like:

grant {
    permission java.net.SocketPermission "127.0.0.1:1099", "connect, resolve";
};

两种方法:

1)作为命令行的参数

1) As an argument at the command line

java -Djava.security.policy=mypolicyfile PrintSiteInfo

2)在JRE环境中:

2) within the JRE environment:

在JRE_HOME/lib/security/java.policy文件中添加权限

Add the permission in the JRE_HOME/lib/security/java.policy file

这篇关于如何解决java.security.AccessControlException的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！