什么时候应该使用AccessController.doPrivileged()? [英] When should AccessController.doPrivileged() be used?
问题描述
如果我理解正确 AccessController.doPrivileged ,它是说,不信任的代码应该能够调用需要的方法权限(例如 System.getProperty())通过 具有权限的中间方法。
If I understand AccessController.doPrivileged correctly, it is saying that untrusted code should be able to invoke methods requiring permissions (such as System.getProperty()) through an intermediate method that does have permissions.
这提出了一个问题:什么时候应该使用 AccessController.doPrivileged()?什么时候不允许不受信任的代码通过中间方法调用特权代码?什么时候失败?
That brings up the question: when should AccessController.doPrivileged() be used? When should untrusted code be allowed to invoke privileged code through intermediate methods? When should it fail?
根据你的推理,请解释为什么总是允许创建ClassLoader: http://findbugs.sourceforge.net/bugDescriptions.html#DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED
Following your reasoning, please explain why ClassLoader creation should always be allowed: http://findbugs.sourceforge.net/bugDescriptions.html#DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED
推荐答案
使用苏拉杰的回答同意,但以为我会添加一个特定的例子,我需要使用特权块。
Agree with Suraj's answer, but thought I'd add a specific example where I've required the use of a privileged block.
想象一下,你已经构建了一个应用程序,它为可插拔的服务提供了许多服务。模块。因此,您的应用及其服务是值得信赖的代码。但是,可插拔模块不一定是可信任的,并且加载在它们自己的类加载器中(并且有自己的保护域)。
Imagine you've built an application that provides a number of services to pluggable modules. So your app and its services are trusted code. The pluggable modules, however, are not necessarily trusted and are loaded in their own class loaders (and have their own protection domains).
当可插拔模块调用服务时,您正在实施自定义安全检查(可插拔模块X是否有权使用此服务)。但是服务本身可能需要一些核心Java权限(读取系统属性,写入文件等)。需要这些权限的代码包含在 doPrivileged()中,以便有效忽略来自不受信任的可插入模块的权限不足 - 仅应用受信任服务模块的权限。
When a pluggable module invokes a service, you are implementing custom security checks ("does pluggable module X have permission to use this service"). But the service itself might require some core Java permission (read a system property, write to a file, etc). The code that requires these permissions is wrapped in a doPrivileged() so that the insufficient permissions from the untrusted pluggable modules are effectively ignored - only the privileges of your trusted services module apply.
这篇关于什么时候应该使用AccessController.doPrivileged()?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
