使用“代码库”在Eclipse的开发过程中的安全策略 [英] Working with "codebases" in the security policy during development in Eclipse
问题描述
我可以让它工作直到我在策略中使用 codebase 属性。
我有一个类包 application 创建一个 LoginContext 。策略文件位于我的项目的根目录。有了这个内容,它可以正常工作:
grant {
permission javax.security.auth.AuthPermissioncreateLoginContext.Sample ;
权限javax.security.auth.AuthPermissiondoAsPrivileged;
};
但是当我添加代码库失败时,无法创建LoginContext。访问被拒绝(javax.security.auth.AuthPermissioncreateLoginContext.Sample)
grant代码库文件:./ bin / application / - {
权限javax.security.auth.AuthPermissioncreateLoginContext.Sample;
权限javax.security.auth.AuthPermissiondoAsPrivileged;
};
我尝试过这些值为 codebase / p>
- file:application / -
- file:./ application / -
- 文件:bin / application / -
- 文件:./ bin / application / -
- file:C:/ Full Path / to / project / bin / application / -
- file:// C:/ Full Path / to / project / bin / application / -
- 进入
项目属性> Java构建路径并选择源选项卡 - 激活
允许输出文件夹源文件夹 - 添加您喜欢的源文件夹,点击
添加文件夹 - 对于每个源文件夹,首先选择输出文件夹项,然后单击编辑来指定输出文件夹。
- file:application/-
- file:./application/-
- file:bin/application/-
- file:./bin/application/-
- file:C:/Full Path/to/project/bin/application/-
- file://C:/Full Path/to/project/bin/application/-
- Go into
Project Properties > Java Build Pathand select theSourcetab - Activate
Allow output folders for source folders - Add as many source folders you like, by clicking
Add Folder - For each source folder, specify the output folder by first selecting the output folder item and then click edit.
<
(如果重要:完整路径包含空格)
我设法使用 JAAS的调试输出,我真的可以推荐。
简而言之,代码库总是二进制根文件夹(或jar),而不是包含类文件的包文件夹。在我的情况下,这意味着所有类的代码库是 path / to / project / bin 不符合 path / to / project / bin / application / -
要解决这个问题,需要有多个bin文件夹或输出文件夹作为Eclipse名称他们。要获得这一点:
此后您可以按照这样的方式指向每个文件夹
grant codebasefile:binLogin / - {
permission javax.security.auth.AuthPermissionmodifyPrincipals;
};
授权代码库file:binApp / - {
权限javax.security.auth.AuthPermissioncreateLoginContext.Sample;
权限javax.security.auth.AuthPermissiondoAsPrivileged;
};
我希望将来可能会帮助别人。
I am working with Java security policies and it's still rather new for me. I will like to be able to run the code directly as a launch configuration, so I have a debugger and all the other nice IDE stuff.
I can get it to work until I use the codebase attribute in the policy.
I have a class in the package application that creates a LoginContext. The policy file is located in the root of my project. With this content it works fine:
grant {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
};
But when I add the codebase it fails with Cannot create LoginContext. access denied ("javax.security.auth.AuthPermission" "createLoginContext.Sample")
grant codebase "file:./bin/application/-" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
};
I have tried these values for codebase
(In case it matters: The full path includes spaces)
I managed to find the problem using JAAS's debug output, which I can really recommend.
In short the codebase is always the binary root folder (or jar) not the package folder containing the class file. In my case it meant that the codebase of all classes was path/to/project/bin which didn't match path/to/project/bin/application/- specified in the policy.
To solve this one needs to have multiple bin-folders or "output folder" as Eclipse name them. To get this:
After this you can have the policy point to each folder like this
grant codebase "file:binLogin/-" {
permission javax.security.auth.AuthPermission "modifyPrincipals";
};
grant codebase "file:binApp/-" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
};
I hope this might help others in the future.
这篇关于使用“代码库”在Eclipse的开发过程中的安全策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
