在java中设置Process对象的安全性 [英] Set security for Process object in java
问题描述
有人可以告诉我如何限制通过流程对象访问系统属性?如果我通过流程对象运行以下代码,我可以抛出安全异常。
Can some one tell how can I restrict System properties to be accessed through a process object? If I run the following piece of code through process object , can I throw security exceptions.
System.getProperty("user.home");
请告诉我如何配置过程对象的证券。
Please enlighten me about how to configure the securities for a process object.
在ProcessBuilder类文档中,在环境方法中写道:
In ProcessBuilder class document , in environment method it is written:
系统可能不允许修改环境变量或者
禁止某些变量名称或值。
A system may not allow modifications to environment variables or may forbid certain variable names or values.
所以,请告诉我如何禁止某些变量值。
So please let me know how to forbid certain variable values.
更新:
假设我正在使用Java Web应用程序并为客户端提供代码平台。然后,如何为java Web应用程序和客户端应用程序单独配置java安全性。(因为我永远不想限制Web应用程序获取System的任何属性,而我必须限制客户端使用这些命令来应用程序漏洞)
Updated: So suppose I am using a Java web application and giving the client side a platform to code. Then how to configure the java security separately for java web application and for client side application.(As I will never want to restrict the web application to get any property of System, whereas I must restrict client side to use these commands for application vulnerability)
推荐答案
创建自己的安全管理器并检查某些属性的访问权限
Create your own security manager and check access for some properties
public class MySecurityManager extends SecurityManager {
@Override
public void checkPropertyAccess(String key) throws SecurityException {
if ( key != null && key.equals("some.forbidden_value") {
throw new SecurityException("some message");
}
super.checkPropertyAccess( key );
}
}
代码中的其他地方附上您的安全经理:
And somewhere else in your code attach your security manager:
System.setSecurityManager( new MySecurityManager() );
这篇关于在java中设置Process对象的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!