以编程方式授予权限,而不使用策略文件 [英] Programmatically grant Permissions without using policy file
问题描述
如何在不使用策略文件的情况下以编程方式将 AllPermissions
授予 RMI 应用程序?
How to programmatically grant AllPermissions
to an RMI application without using policy file?
更新:
经过一番研究,我编写了这个自定义策略类并通过 Policy.setPolicy安装它(new MyPolicy())
。
After some researching, I have written this custom Policy Class and installed it via Policy.setPolicy(new MyPolicy())
.
现在我收到以下错误:
无效权限:(java.io.FilePermission
\ C:\ eclipse \plugins\org.eclipse.osgi_3.7.0.v20110613.jar read
invalid permission: (java.io.FilePermission \C:\eclipse\plugins\org.eclipse.osgi_3.7.0.v20110613.jar read
class MyPolicy extends Policy {
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
return (new AllPermission()).newPermissionCollection();
}
}
推荐答案
基于 @EJP 的建议,我使用 -Djava.security.debug = access <进行了调试/ code>并在策略文件中找到所有必需的权限:
Based on @EJP's advice, I have debugged using -Djava.security.debug=access
and found all the needed permissions in a policy file :
grant {permission java.net.SocketPermission*: 1024-,connect,
resolve;};
grant { permission java.net.SocketPermission "*:1024-", "connect, resolve"; };
grant {permission java.util.PropertyPermission*,read,write;
};
grant { permission java.util.PropertyPermission "*", "read, write"; };
grant { permission java.io.FilePermission<>,read;
};
grant { permission java.io.FilePermission "<>", "read"; };
但是因为我不想创建策略文件,我找到了一种以编程方式复制此方法的方法通过扩展 java.security.Policy
类并使用 Policy.setPolicy(new MinimalPolicy());在我的应用程序启动时设置策略;
But because I didn't want to create a policy file, I found a way to replicate this programmatically by extending java.security.Policy
class and setting the policy at the startup of my application using Policy.setPolicy(new MinimalPolicy());
public class MinimalPolicy extends Policy {
private static PermissionCollection perms;
public MinimalPolicy() {
super();
if (perms == null) {
perms = new MyPermissionCollection();
addPermissions();
}
}
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
return perms;
}
private void addPermissions() {
SocketPermission socketPermission = new SocketPermission("*:1024-", "connect, resolve");
PropertyPermission propertyPermission = new PropertyPermission("*", "read, write");
FilePermission filePermission = new FilePermission("<<ALL FILES>>", "read");
perms.add(socketPermission);
perms.add(propertyPermission);
perms.add(filePermission);
}
}
class MyPermissionCollection extends PermissionCollection {
private static final long serialVersionUID = 614300921365729272L;
ArrayList<Permission> perms = new ArrayList<Permission>();
public void add(Permission p) {
perms.add(p);
}
public boolean implies(Permission p) {
for (Iterator<Permission> i = perms.iterator(); i.hasNext();) {
if (((Permission) i.next()).implies(p)) {
return true;
}
}
return false;
}
public Enumeration<Permission> elements() {
return Collections.enumeration(perms);
}
public boolean isReadOnly() {
return false;
}
}
这篇关于以编程方式授予权限,而不使用策略文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!