我正在使用安全管理器编写Java安全策略文件的示例 我使用Eclipse和Windows 10
我想在Eclipse中运行我的代码以对其进行测试,因此我不处理jar文件。 我的项目目录是 E:\ Training-Projects \ JAVA \ ws_security \ 00610_folder_accesscontrol_policy
我想通过以下方式实现安全策略文件:-
1 /限制访问除3个目录中的文件以外的所有文件,即,如果代码访问了这3个目录中的文件,则应允许访问,但限制对其他目录的文件访问。 2 /授予代码库的所有其他权限。
与此相同
Block some permissions and grant other permissions in java security policy
进行测试,我在Eclipse src文件夹下创建了4个文件夹 文件夹/文件夹1,文件夹/文件夹2 ...文件夹/文件夹4
如果我的代码有效,则应该允许访问文件夹/文件夹1,文件夹/文件夹2,文件夹/文件夹3,并阻止访问文件夹/文件夹4
我的代码是
package code.secure;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
public class SecureFolderAccess {
public static void main(String[] args) {
// TODO Auto-generated method stub
// Get project codeBase
System.out.println("***");
System.out.println("codeBase");
System.out.println("Present Project Directory : "+ System.getProperty("user.dir"));
System.out.println("***");
// define 4 paths to 4 files
// Path file1 = Paths.get("src","access.policy");
Path file1 = Paths.get("src/folders/folder1/", "file1.txt");
Path file2 = Paths.get("src/folders/folder2/", "file2.txt");
Path file3 = Paths.get("src/folders/folder3/", "file3.txt");
Path file4 = Paths.get("src/folders/folder4/", "file4.txt");
System.out.println(file1.toAbsolutePath());
// E:\\Training-Projects\\JAVA\\ws_security\\00610_folder_accesscontrol_policy\\src\\access.policy
// Enable the security manager
try {
System.out.println("***");
System.out.println("Setting policy file");
System.out.println("Setting Security manager");
System.out.println("***");
// Must place any System.setProperty(...)
// before SecurityManager securityManager = new SecurityManager();
// System.setProperty("java.security.policy", "file:/E:\\Training-Projects\\JAVA\\ws_security\\00610_folder_accesscontrol_policy\\src\\access.policy");
System.setProperty("java.security.policy", "file:///E:/Training-Projects/JAVA/ws_security/00610_folder_accesscontrol_policy/src/access.policy");
SecurityManager securityManager = new SecurityManager();
System.setSecurityManager(securityManager);
} catch (SecurityException se) {
// SecurityManager already set
}
// Create 4 files
// in 4 different folders
try {
OutputStream os1 = new FileOutputStream(file1.toFile());
OutputStream os2 = new FileOutputStream(file2.toFile());
OutputStream os3 = new FileOutputStream(file3.toFile());
OutputStream os4 = new FileOutputStream(file4.toFile());
os1 = new FileOutputStream(file1.toFile());
os2 = new FileOutputStream(file2.toFile());
os3 = new FileOutputStream(file3.toFile());
os4 = new FileOutputStream(file4.toFile());
os1.write("Hello file1".getBytes()); ;
os2.write("Hello file2".getBytes()); ;
os3.write("Hello file3".getBytes()); ;
os4.write("Hello file4".getBytes()); ;
} catch (IOException e) {
System.err.println(e);
}
readFile(file1);
readFile(file2);
readFile(file3);
readFile(file4);
}
public static void readFile(Path path) {
try {
Files.lines(path)
// .filter(line -> line.startsWith("Love"))
.forEach(System.out::println);//print each line
} catch (IOException ex) {
ex.printStackTrace();//handle exception here
}
}
}
我的策略文件也在src文件夹下,在这里
grant codeBase "file:/E:/Training-Projects/JAVA/ws_security/00610_folder_accesscontrol_policy/-" {
permission java.io.FilePermission "E:\Training-Projects\JAVA\ws_security\00610_folder_accesscontrol_policy\src\folders\folder1/*", "read, write";
permission java.io.FilePermission "E:\Training-Projects\JAVA\ws_security\00610_folder_accesscontrol_policy\src\folders\folder2/*", "read, write";
permission java.io.FilePermission "E:\Training-Projects\JAVA\ws_security\00610_folder_accesscontrol_policy\src\folders\folder3/*", "read, write";
};
此操作无法正常工作,所有文件夹均被阻止。
我怀疑问题出在策略文件中的codeBase值中,但可能还有其他原因。
感谢您的帮助