我有一个RMI应用程序,我正在尝试获取正确的策略文件。当我将权限设置为:
时,一切都很好grant codeBase "file:MyJar.jar" {
permission java.security.AllPermission;
};
但这对于生产环境而言过于宽松。当我改为:
grant codeBase "file:MyJar.jar" {
permission java.security.SocketPermission "*:1024-", "accept, resolve";
};
我得到如下的AccessControlException。我以为我已经获得了所需的许可?
Exception in thread "RMI TCP Connection(idle)" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:63014 accept,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkAccept(SecurityManager.java:1157)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.checkAcceptPermission(TCPTransport.java:636)
at sun.rmi.transport.tcp.TCPTransport.checkAcceptPermission(TCPTransport.java:275)
at sun.rmi.transport.Transport$1.run(Transport.java:158)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)
修改
运行-Djava.security.debug=access,failure并将"*:1024"更改为"localhost:1024"后:
access: domain that failed ProtectionDomain (file:MyJar.jar <no signer certificates>)
sun.misc.Launcher$AppClassLoader@6bbc4459
<no principals>
java.security.Permissions@281acd47 (
(unresolved java.security.SocketPermission localhost:1024- accept, resolve)
(java.io.FilePermission MyJar.jar read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission apple.laf.* read,write)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission com.apple.macos.useScreenMenuBar read,write)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission com.apple.hwaccel read,write)
(java.util.PropertyPermission mrj.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission apple.awt.* read,write)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.specification.vendor read)
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission exitVM)
(java.net.SocketPermission localhost:1024- listen,resolve)
)
答案 0 :(得分:3)
使用-Djava.security.debug = access运行它,无法确切地看到发生了什么。我不相信*本身是SocketPermission中的有效主机规范。我也不清楚你为什么要使用SecurityManager进行本地主机内的通信。
答案 1 :(得分:1)
好的,所以我在策略文件中键入错误的SocketPermission。它应该是java.net.SocketPermission而不是java.security.SocketPermission。这就是它说没有解决的原因。