安全管理器很少在服务器上使用? [英] Security manager rarely used on server?

问题描述

最近关于SO的问题导致我有关Java安全管理器的旧版 answer .我在那个答案中关于这一行的问题:

A recent question on SO lead me to an older answer about the Java Security Manager. My question about this line in that answer:

尽管如此，安全管理器会影响性能，并且很少在服务器端使用.

The security manager impacts performances though, and it is rarely used on the server side.

有人可以支持还是反驳?我认为总是有 安全管理器，自定义管理器或默认管理器，并且容器一直在使用它.

Can someone please back this up or refute? I thought there is always a security manager, a custom one or the default and that containers use it all the time.

推荐答案

在您自己编写的服务器端代码中，我认为您不需要使用SecurityManager，因为如果您正在编写代码以在您的应用程序中执行某些操作，则不太可能需要检查代码是否具有您授予的权限.

In server-side code that you yourself write, I can't think for any need for you to use a SecurityManager, since if you are writing the code to perform some operation in your application, it's unlikely that you need to check if your code has the permissions that you have given it.

例如，SecurityManager中的许多方法与IO操作有关-checkDelete()，checkRead()，checkWrite()等.当您尝试创建/写入/读取时，JDK库类将调用这些方法./删除文件，所以自己叫它们是毫无意义的.

For instance, a lot of the methods in SecurityManager are related to IO operations - checkDelete(), checkRead(), checkWrite(), etc. The JDK library classes will call these methods when you try to create/write/read/delete a file, so calling them yourself would be pointless.

因此，服务器端代码不太可能会大量使用SecurityManager.但是，代码所运行的代码(例如，如果您将其部署在servlet容器中)可能会利用这些方法，因为它们有兴趣确定您的代码是否具有某种程度的许可权， 他们给它.

So it's unlikely that your server-side code would make much use of the SecurityManager. However, the code that your code runs in - if you are deployed in a servlet container for instance - might make use of these methods, because they are interested in determining if your code has some level of permission that they give it.

这篇关于安全管理器很少在服务器上使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！