禁用当前线程的 Java 反射 [英] Disable Java reflection for the current thread

问题描述

我需要调用一些半可信的 Java 代码，并希望在该代码执行期间禁用使用反射的功能.

I need to call some semi-trustworthy Java code and want to disable the ability to use reflection for the duration of that code's execution.

try{
   // disable reflection somehow
   someObject.method();
}
finally{
   // enable reflection again
}

这可以通过 SecurityManager 来完成吗?如果可以，怎么做?

Can this be done with a SecurityManager, and if so, how?

澄清/上下文:这是另一个问题 关于限制可以从 JavaScript/Rhino 调用的包.接受的答案引用了一篇关于如何做到这一点的博客条目，它需要两个步骤，第一个步骤使用 Rhino API (ClassShutter)，第二个步骤关闭反射和 Class.forName().我想我可以使用 SecurityManager 更干净地完成第二步(了解 SecurityManager，正如已经指出的那样，它是一个复杂的野兽，一路走来).

Clarification/Context: This is a follow-up to another question about restricting the packages that can be called from JavaScript/Rhino. The accepted answer references a blog entry on how to do that, and it requires two steps, the first one using a Rhino API (ClassShutter), the second one turning off reflection and Class.forName(). I was thinking I can do that second step more cleanly using a SecurityManager (learning about SecurityManager, which as has been pointed out, is a complex beast, along the way).

总而言之，我想(从代码，而不是设置文件)关闭 Class.forName() 和对整个反射包的任何访问.

To sum up, I want (from code, not setting file) to turn off Class.forName() and any access to the whole reflection package.

推荐答案

这取决于您要限制的内容.

It depends on what you are trying to restrict.

一般来说，可公开访问的 API 不受限制.但是，只要您不授予不可信代码 ReflectPermission("suppressAccessChecks") 权限，它将无法访问另一个包中的非公共 API.

In general, publicly accessible API is not restricted. However, as long as you don't grant the untrustworthy code the ReflectPermission("suppressAccessChecks") permission, it won't be able to get access to non-public API in another package.

如果您有要限制所有访问的软件包列表，则有两个步骤.首先，在 Security 属性中，在package.access列表中包含受限包.然后给你的可信代码RuntimePermission("accessClassInPackage." + pkg).

If you have a list of packages to which you want to restrict all access, there are two steps. First, in the Security properties, include the restricted package in the package.access list. Then give your trusted code RuntimePermission("accessClassInPackage." + pkg).

区分不受信任代码的常用方法是从不同位置加载它，并在授予权限时参考策略文件中的不同代码库.

A common way to distinguish your untrusted code is to load it from a different location, and refer to the different codebases in your policy file when granting permissions.

Java 安全架构很强大，但我知道它也很复杂；如果你想要一个更具体的例子，请准确描述你想要限制的调用，我会尽量更明确.

The Java security architecture is very powerful, but I know it is also complicated; if you would like a more concrete example, please describe exactly what calls you want to restrict and I'll try to be more explicit.

在不修改java.policy 文件和/或java.security 文件的情况下做你想做的事情会非常困难，甚至不可能.java.security.Policy 表示 java.policy 中的信息，但它不提供写访问权限.只要现有 SecurityManager 允许，您可以创建自己的 Policy 实现并在运行时安装它.

To do what you want without modifying the java.policy file and/or the java.security file would be very difficult, maybe impossible. The java.security.Policy represents the information in java.policy, but it doesn't offer write access. You could create your own Policy implementation and install it at runtime as long as any existing SecurityManager permits it.

另一方面，您可以将自定义 java.policy 文件指定为命令行选项.如果您提供带有某种启动器的完整应用程序，这可能很容易实现.它还为您的用户提供了一些透明度.资深用户可以查看您希望授予应用程序的权限.

On the other hand, you can specify a custom java.policy file as a command-line option. If you are providing a complete application with some sort of launcher, that might be easily accomplished. It also provides some transparency to your users. A sophisticated user can review the permissions you'd like to have granted to the application.

这篇关于禁用当前线程的 Java 反射的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！