The Java Security was made up of ClassLoader, Class file inspection, built-in security and securityManager.
The built-in security includes safely type cast, structural memory access, GC, bound check of array, null reference check.
The first three parts can ensure the integrity of the running program and JVM instance. However, SecurityManager attempts to protect the outer resource from being attacked by millions lines of code.
When a program starts, it will point to a java.lang.SecurityManager or pass its subtype's instance to setSecurityManager method as a parameter to install the SecurityManager. If it doesn't do so, the Java API can do anything without any restriction. Before the version 1.2, java.lang.SecurityManager was an abstract class and now it is a concrete class supplying a default implementation.
SecurityManager permits users to define policies without coding only by defining a file named policy file (ASIIC file). The permission is defined as a class extending from java.security.Permission, such as java.io.FilePermission to grant reading, writing, and executing permissions. When a SecurityManager is created, it will parse the policy file and generate the CodeSource and Permission Objects, which are encapsulated in a single Policy Object representing a runtime policy. Anytime there will be only one Policy installed Object.
When the check methods of a SecurityManager are called, many of them will pass the requests to an AccessControl Class. There are 28 different check methods in the old version and there are two another methods added into the version after 1.2, which are checkPermission(Permission) and checkPermission(Permission,Object).
Here is an example of one policy file called policy.txt
keystore "ijvmkeys";
grant signedBy "friend" {
permission java.io.FilePermission "question.txt", "read";
permission java.io.FilePermission "answer.txt", "read";
};
grant signedBy "stranger" {
permission java.io.FilePermission "question.txt", "read";
};
grant codeBase "file :${com.artima.ijvm.cdrom.home}/security/ex2/-" {
permission java.io.FilePermission "question.txt", "read";
permission java.io.FilePermission "answer.txt", "read";
};
It points out that if you use a jar package signed by "friend", you can read two files - question.txt and answer.txt; otherwise if you are "stranger", you can only read the question.txt.
The third segment means the policy file grants a read permission to the class file whose location is under the ${com.artima.ijvm.cdrom.home}/security/ex2/
The original article was edited by the blogger for correcting several grammar mistakes.
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/liuxizhiyi/archive/2008/10/23/3129893.aspx
分享到:
相关推荐
NULL 博文链接:https://lanhuidong.iteye.com/blog/1090395
下面小编就为大家带来一篇浅谈shiro的SecurityManager类结构。小编觉得挺不错的,现在就分享给大家,也给大家做个参考。一起跟随小编过来看看吧
创建安全管理器利用安全管理器public static void main(String args[]){方法调用此方法时,返回所有新创建的线程实例化后所在的线
适用于OpenIDConnect的Flask-AppBuilder SecurityManager 包装,公开了可与任何Flask-AppBuilder应用一起使用的SecurityManager 。 它将允许您的用户使用OpenIDConnect提供程序(例如Auth0,Okta或Google Apps)...
安全解决Java中设计缺陷的SecurityManager实现
这是使用Scala编写的Java SecurityManager对沙盒代码的实现。 它从Jens Nordahl的汲取了灵感,尽管花了点时间才能看清参数是什么。 它由一个Main类组成,该类启动一个沙箱,然后从该沙箱中启动一个脚本。 跑步 ...
NULL 博文链接:https://412887952-qq-com.iteye.com/blog/2299777
Shiro安全框架,整合了springboot项目,作为认证和授权两大功能 ... SecurityManager:它是Shiro框架的核心,典型的Facade模式,Shiro通过SecurityManager来管理内部组件实例,并通过它来提供安全管理的各种服务。
三个核心组件:Subject, SecurityManager 和 Realms. Subject:即"当前操作用户"。但是,在Shiro中,Subject这一概念并不仅仅指人,也可以是第三方进程、后台帐户(Daemon Account)或其他类似事物。它仅仅意味着"当前...
NULL 博文链接:https://tojaoomy.iteye.com/blog/1523880
Android_Umpt Android 手机卫士 保护伞 UMbrellaProTection 暑假和同学做的巨坑的项目,属于那种自己装上用了用都想删的坑,事实上我已经删了 但是毕竟自己想出来的题目,这辈子也许会填坑的 (:з」∠)
不说废话上代码: <!DOCTYPE html> <html lang=en> <head> <meta charset=UTF-8>... .something { color: red; } </style> </head> <body> <div
这是在android应用程序中实现运行时权限的最易于使用和开发人员友好的库之一。在android marshmallow(api级别23)中引入了运行时权限,应用程序将要求用户提供访问特定功能的权限。这个库也适用于API级别23及以下的...
使用详情见 博客 利用ScriptEngineManager执行js的RSA加密 http://blog.csdn.net/userwyh/article/details/52345718
指定的程序在沙箱中运行,对注册表、文件系统的访问在用户需要时可完全恢复。 (内附注册机)
Subject : 用户主体(把操作交给 SecurityManager) SecurityManager : 安全管理器(关联 Realm) Realm :Shiro 连接数据的桥梁 【备注】 主要针对计算机相关专业的正在做毕设的学生和需要项目实战的Java学习者。 ...
项目中一般都会配置 SecurityManager,开发人员将大部分精力放在了 Subject 认证主体上,与 Subject 交互背后的安全操作,则由 SecurityManager 来完成。 3. Realm 是一个域 它是连接 Shiro 和具体应用的桥梁。当...
此应用程序可以管理不同应用程序的不同 ACL/用户,并使用 WAMP/LAMP 通过 Web 服务或数据库视图公开它们
<property name="securityManager" ref="securityManager" /> /checkLogin.json = anon /** = authc </bean> <!-- 用户授权信息Cache --> ...
一个简单的fileprovider实例,不依赖任何自定义库实现android7.0以后系统权限申请,使用intent申请相机服务拍照截图,并申请访问系统相册,适合新手参考。