以编程方式授予权限，而不使用策略文件 [英] Programmatically grant Permissions without using policy file

问题描述

如何在不使用策略文件的情况下以编程方式将 AllPermissions 授予 RMI 应用程序？

How to programmatically grant AllPermissions to an RMI application without using policy file?

更新：

经过一番研究，我编写了这个自定义策略类并通过 Policy.setPolicy安装它（new MyPolicy（））。

After some researching, I have written this custom Policy Class and installed it via Policy.setPolicy(new MyPolicy()).

现在我收到以下错误：

无效权限：（java.io.FilePermission
\ C：\ eclipse \plugins\org.eclipse.osgi_3.7.0.v20110613.jar read

invalid permission: (java.io.FilePermission \C:\eclipse\plugins\org.eclipse.osgi_3.7.0.v20110613.jar read

class MyPolicy extends Policy {

    @Override
    public PermissionCollection getPermissions(CodeSource codesource) {
        return (new AllPermission()).newPermissionCollection();
    }

}

推荐答案

基于 @EJP 的建议，我使用 -Djava.security.debug = access <进行了调试/ code>并在策略文件中找到所有必需的权限：

Based on @EJP's advice, I have debugged using -Djava.security.debug=access and found all the needed permissions in a policy file :

grant {permission java.net.SocketPermission*： 1024-，connect，
resolve;};

grant { permission java.net.SocketPermission "*:1024-", "connect, resolve"; };

grant {permission java.util.PropertyPermission*，read，write;
};

grant { permission java.util.PropertyPermission "*", "read, write"; };

grant { permission java.io.FilePermission<>，read;
};

grant { permission java.io.FilePermission "<>", "read"; };

但是因为我不想创建策略文件，我找到了一种以编程方式复制此方法的方法通过扩展 java.security.Policy 类并使用 Policy.setPolicy（new MinimalPolicy（））;在我的应用程序启动时设置策略;

But because I didn't want to create a policy file, I found a way to replicate this programmatically by extending java.security.Policy class and setting the policy at the startup of my application using Policy.setPolicy(new MinimalPolicy());

public class MinimalPolicy extends Policy {

    private static PermissionCollection perms;

    public MinimalPolicy() {
        super();
        if (perms == null) {
            perms = new MyPermissionCollection();
            addPermissions();
        }
    }

    @Override
    public PermissionCollection getPermissions(CodeSource codesource) {
        return perms;
    }

    private void addPermissions() {
        SocketPermission socketPermission = new SocketPermission("*:1024-", "connect, resolve");
        PropertyPermission propertyPermission = new PropertyPermission("*", "read, write");
        FilePermission filePermission = new FilePermission("<<ALL FILES>>", "read");

        perms.add(socketPermission);
        perms.add(propertyPermission);
        perms.add(filePermission);
    }

}

---

---

class MyPermissionCollection extends PermissionCollection {

    private static final long serialVersionUID = 614300921365729272L;

    ArrayList<Permission> perms = new ArrayList<Permission>();

    public void add(Permission p) {
        perms.add(p);
    }

    public boolean implies(Permission p) {
        for (Iterator<Permission> i = perms.iterator(); i.hasNext();) {
            if (((Permission) i.next()).implies(p)) {
                return true;
            }
        }
        return false;
    }

    public Enumeration<Permission> elements() {
        return Collections.enumeration(perms);
    }

    public boolean isReadOnly() {
        return false;
    }

}

这篇关于以编程方式授予权限，而不使用策略文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！