在java中设置Process对象的安全性 [英] Set security for Process object in java

问题描述

有人可以告诉我如何限制通过流程对象访问系统属性？如果我通过流程对象运行以下代码，我可以抛出安全异常。

Can some one tell how can I restrict System properties to be accessed through a process object? If I run the following piece of code through process object , can I throw security exceptions.

System.getProperty("user.home");

请告诉我如何配置过程对象的证券。

Please enlighten me about how to configure the securities for a process object.

在ProcessBuilder类文档中，在环境方法中写道：

In ProcessBuilder class document , in environment method it is written:

系统可能不允许修改环境变量或者
禁止某些变量名称或值。

A system may not allow modifications to environment variables or may forbid certain variable names or values.

所以，请告诉我如何禁止某些变量值。

So please let me know how to forbid certain variable values.

更新：
假设我正在使用Java Web应用程序并为客户端提供代码平台。然后，如何为java Web应用程序和客户端应用程序单独配置java安全性。（因为我永远不想限制Web应用程序获取System的任何属性，而我必须限制客户端使用这些命令来应用程序漏洞）

Updated: So suppose I am using a Java web application and giving the client side a platform to code. Then how to configure the java security separately for java web application and for client side application.(As I will never want to restrict the web application to get any property of System, whereas I must restrict client side to use these commands for application vulnerability)

推荐答案

创建自己的安全管理器并检查某些属性的访问权限

Create your own security manager and check access for some properties

public class MySecurityManager extends SecurityManager {

@Override
public void checkPropertyAccess(String key) throws SecurityException  {
        if ( key != null && key.equals("some.forbidden_value") {
            throw new SecurityException("some message");
         }
         super.checkPropertyAccess( key );
    }
}

代码中的其他地方附上您的安全经理：

And somewhere else in your code attach your security manager:

System.setSecurityManager( new MySecurityManager() );

这篇关于在java中设置Process对象的安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！