什么是简单的Java安全策略来限制文件写入单个目录? [英] What is a simple Java security policy for restricting file writes to a single directory?
问题描述
因此,使用Java的安全框架来限制程序的重命名,删除或写作不包含在特定目录中的文件。在目录以外的阅读是好的,政策并不需要超级防弹 - 这是更多的是防止意外的伤害,而不是保护我的学生恶意。
$ b $然而,我并没有在学校编程课程之外做任何真正的Java工作,所以我不知道如何编写或激活策略文件。什么是一个简单的政策文件,我可以用来实现这一点,我将如何激活它,当运行我的学生的代码?
grant codeBasefile: / some / root / path / sandbox / - {
permission java.io.FilePermission*,read;
权限java.io.FilePermission/ tmp / *,读取,写入;
};
假定您将从 / some / root / path / sandbox ,并且您将仅授予 / tmp 文件夹的写入权限。您可以根据需要添加其他读写权限。要调用,使用以下命令行启动您的代码:
java -Djava.security.manager -Djava.security.policy = student。 policy YourClassName
这假设您将策略存储在一个名为student.policy的文件中,与您所在的文件夹从
启动代码
The students in my beginning Java class are beginning to learn about file I/O, and one of their projects involves deleting and renaming files. I can think of dozens of ways this can go wrong.
Therefore, it would be useful to use Java's security framework to restrict their programs from renaming, deleting, or writing over files that are not contained in a specific directory. Reading outside the directory is fine, and the policy doesn't need to be super-bulletproof -- this is more about preventing accidental damage than protecting against maliciousness on the part of my students.
However, I haven't done any real Java work outside the domain of programming courses at school, so I don't know how to write or activate policy files. What is a simple policy file I can use to achieve this, and how would I activate it when running my students' code?
Here is a dirt simple policy file that you can use for restricting file writes to a certain directory.
grant codeBase "file:/some/root/path/sandbox/-" {
permission java.io.FilePermission "*", "read";
permission java.io.FilePermission "/tmp/*", "read, write";
};
It assumes you will be staging and launching your code from /some/root/path/sandbox, and that you will be granting write permission only to the /tmp folder. You can add additional read and write permissions as required. To invoke, launch your code with the following command line:
java -Djava.security.manager -Djava.security.policy=student.policy YourClassName
This presumes you stored the policy in a file called student.policy, in the same folder as where you are launching the code from
这篇关于什么是简单的Java安全策略来限制文件写入单个目录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
