如何在不使用策略文件的情况下以编程方式向 RMI 应用程序授予 AllPermissions
?
更新:
经过一些研究,我编写了这个自定义策略类并通过 Policy.setPolicy(new MyPolicy())
安装了它。
现在我得到以下错误:
invalid permission: (java.io.FilePermission \C:\eclipse\plugins\org.eclipse.osgi_3.7.0.v20110613.jar read
class MyPolicy extends Policy {
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
return (new AllPermission()).newPermissionCollection();
}
}
最佳答案
根据 @EJP 的建议,我使用 -Djava.security.debug=access
进行了调试,并在策略文件中找到了所有需要的权限:
grant { permission java.net.SocketPermission "*:1024-", "connect, resolve"; };
grant { permission java.util.PropertyPermission "*", "read, write"; };
grant { permission java.io.FilePermission "<>", "read"; };
但是因为我不想创建策略文件,所以我找到了一种通过扩展 java.security.Policy
类并在我的应用程序启动时使用Policy.setPolicy(new MinimalPolicy());
public class MinimalPolicy extends Policy {
private static PermissionCollection perms;
public MinimalPolicy() {
super();
if (perms == null) {
perms = new MyPermissionCollection();
addPermissions();
}
}
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
return perms;
}
private void addPermissions() {
SocketPermission socketPermission = new SocketPermission("*:1024-", "connect, resolve");
PropertyPermission propertyPermission = new PropertyPermission("*", "read, write");
FilePermission filePermission = new FilePermission("<<ALL FILES>>", "read");
perms.add(socketPermission);
perms.add(propertyPermission);
perms.add(filePermission);
}
}
class MyPermissionCollection extends PermissionCollection {
private static final long serialVersionUID = 614300921365729272L;
ArrayList<Permission> perms = new ArrayList<Permission>();
public void add(Permission p) {
perms.add(p);
}
public boolean implies(Permission p) {
for (Iterator<Permission> i = perms.iterator(); i.hasNext();) {
if (((Permission) i.next()).implies(p)) {
return true;
}
}
return false;
}
public Enumeration<Permission> elements() {
return Collections.enumeration(perms);
}
public boolean isReadOnly() {
return false;
}
}
关于java - 在不使用策略文件的情况下以编程方式授予权限,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11737971/