signed2.html

jdbc书

   this.password = p;
   this.buffy = b;
 }
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

The <CODE>accessOK</CODE> method prompts
the end user for a password, verifies the password, and returns
<CODE>true</CODE> if the password is correct and <CODE>false</CODE>
if it is not.

</FONT>

<PRE>
private boolean accessOK() {
  int c;
  String response;

  System.out.println("Password, please:");
  try {
    response = buffy.readLine();
    if (response.equals(password))
      return true;
    else
      return false;
  } catch (IOException e) {
    return false;
  }
}
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

<H4>Verify Access</H4>

The <CODE>SecurityManager</CODE> parent class provides methods
to verify file system read and write access. The <CODE>checkRead</CODE> 
and <CODE>checkWrite</CODE> methods each have a version that accepts 
a <CODE>String</CODE> and another verion that accepts a file descriptor.

<P>
This example overrides only the <CODE>String</CODE> versions 
to keep the example simple, and because the <CODE>FileIO</CODE> 
program accesses directories and files as <CODE>Strings</CODE>. 

</FONT>

<PRE>
public void checkRead(String filename) {
  if((filename.equals(File.separatorChar + "home" + 
	File.separatorChar + "monicap" + 
	File.separatorChar + "text2.txt"))){
  if(!accessOK()){
    super.checkRead(filename);
    throw new SecurityException("No Way!");
  } else {
    FilePermission perm = new FilePermission(
      File.separatorChar + "home" +
      File.separatorChar + "monicap" + 
      File.separatorChar + "text2.txt", "read");
      checkPermission(perm);
      }
   }
}

public void checkWrite(String filename) {
  if((filename.equals(File.separatorChar + "home" + 
		 File.separatorChar + "monicap" + 
		 File.separatorChar + "text.txt"))){
    if(!accessOK()){
      super.checkWrite(filename);
      throw new SecurityException("No Way!");
    } else {
      FilePermission perm = new FilePermission(
		File.separatorChar + "home" + 
		File.separatorChar + "monicap" + 
		File.separatorChar + "text.txt" , 
		"write");
            checkPermission(perm);
      }
    }
  }
}
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

The <CODE>checkWrite</CODE> method is called before the end user 
input is written to the output file. This is because
the <CODE>FileOutputStream</CODE> class calls 
<CODE>SecurityManager.checkWrite</CODE> first.

<P>  
The custom implementation for <CODE>SecurityManager.checkWrite</CODE>
tests for the pathname <CODE>/home/monicap/text.txt</CODE>,
if <CODE>true</CODE> prompts the end user for the password.
If the password is correct, the <CODE>checkWrite</CODE>
method performs the access check by creating an instance
of the required permission and passing it to the
<CODE>SecurityManager.checkPermission</CODE> method.
This check will succeed if the security manager finds a
system, user, or program policy file with the specified 
permission. 

Once the write operation completes, the end user is prompted for
the password two more times. The first time to read the 
<CODE>/home/monicap</CODE> directory, and the
second time to read the <CODE>text2.txt</CODE> file. An
access check is performed before the read operation takes place.

<H4>Policy File</H4>

Here is the policy file the <CODE>FileIO</CODE> program
needs for its read and write operations. It also grants 
permission to the custom security manager to access the event 
queue on behalf of the application and show the application window 
without the warning banner. 

</FONT>

<PRE>
grant {
  permission java.io.FilePermission 
        "${user.home}/text.txt", "write";
  permission java.util.PropertyPermission 
	"user.home", "read";
  permission java.io.FilePermission 
	"${user.home}/text2.txt", "read";
  permission java.awt.AWTPermission 
	"accessEventQueue";
  permission java.awt.AWTPermission 
	"showWindowWithoutWarningBanner";
};
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

<A NAME="run"></A>
<H4>Run the FileIO Program</H4>

Here is how to run the <CODE>FileIO</CODE>
program with the policy file:

</FONT>

<PRE>
 java -Djava.security.policy=polfile FileIO
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

<A NAME="ref"></A>
<H3>Reference Information</H3>

<P>
<A HREF="appA.html">Appendix A: Security and Permissions</A>
describes the available permissions and explains the consequences of
granting permissions.  One way to use this
information is to help you limit what permissions a given applet or
application might need to successfully execute. Another way to use
this information is to educate yourself on the ways in which a
particular permission can be exploited by malicious code.

<P>
<A HREF="appB.html">Appendix B: Classes, Methods, and Permissions</A>
provides lists of Java 2 platform software methods that are implemented to 
perform security access checks, the permission each requires, and 
the <CODE>java.security.SecurityManager</CODE> method called to 
perform the access check.

<P>
You can use this reference to write your own security manager
implementations or when you implement abstract methods that
perform security-related tasks.

<P>
<A HREF="appC.html">Appendix C: SecurityManager Methods</A> lists
the permissions checked for by the <CODE>SecurityManager</CODE>
methods.

<P ALIGN="RIGHT">
<FONT SIZE="-1">[<A HREF="#top">TOP</A>]</FONT>

</FONT>
</TD>
</TR>
</TABLE>




<!-- ================ -->
<!-- End Main Content -->
<!-- ================ -->

</TD>
</TR>
</TABLE>

<!-- Copyright Insert -->

<BR CLEAR="ALL">

<FORM ACTION="/cgi-bin/search.cgi" METHOD="POST">
<TABLE WIDTH="100%" CELLPADDING="0" BORDER="0" CELLSPACING="5">   
  <TR>
    <TD VALIGN="TOP">
	
    <P ALIGN=CENTER>
    <FONT SIZE="-1" COLOR="#999999" FACE="Verdana, Arial, Helvetica, sans-serif">
    [ This page was updated: <!-- new date --> 13-Oct-99 ]</font></P>
    </TD>
  </TR>
  
  <TR>
    <TD BGCOLOR="#CCCCCC">
    <IMG SRC="/images/pixel.gif" HEIGHT="1" WIDTH="1" ALT=""></TD>
  </TR>
  
  <TR>
    <TD>
    <CENTER>
    <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
    <A HREF="http://java.sun.com/products/">Products &amp; APIs</A> | 
    <A HREF="/developer/index.html">Developer Connection</A> | 
    <A HREF="/developer/infodocs/index.shtml">Docs &amp; Training</A> | 
    <A HREF="/developer/support/index.html">Online Support</A><BR>
    <A HREF="/developer/community/index.html">Community Discussion</A> |
    <A HREF="http://java.sun.com/industry/">Industry News</A> | 
    <A HREF="http://java.sun.com/solutions">Solutions Marketplace</A> | 
    <A HREF="http://java.sun.com/casestudies">Case Studies</A>
    </FONT>
    </CENTER>
    </TD>
  </TR>
  
  <TR>
    <TD BGCOLOR="#CCCCCC">
    <IMG SRC="/images/pixel.gif" HEIGHT="1" WIDTH="1" ALT=""></TD>
  </TR>

  <TR>
    <TD ALIGN="CENTER">
    <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
    <A HREF="http://java.sun.com/docs/glossary.html">Glossary</A> - 
    <A HREF="http://java.sun.com/applets/">Applets</A> - 
    <A HREF="http://java.sun.com/docs/books/tutorial/">Tutorial</A> - 
    <A HREF="http://java.sun.com/jobs/">Employment</A> - 
    <A HREF="http://java.sun.com/nav/business/">Business &amp; Licensing</A> - 
    <A HREF="http://java.sun.com/javastore/">Java Store</A> -
    <A HREF="http://java.sun.com/casestudies/">Java in the Real World</A>
    </FONT>
    </TD>
  </TR>

  <TR>
    <TD>
    <CENTER>
    <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
    <a href="/siteinfo/faq.html">FAQ</a> |
    <a href="/feedback/index.html">Feedback</a> | 
    <a href="http://www.dynamicdiagrams.net/mapa/cgi-bin/help.tcl?db=javasoft&dest=http://java.sun.com/">Map</a> | 
    <A HREF="http://java.sun.com/a-z/index.html">A-Z Index</A>
    </FONT>
    </CENTER>

    </TD>
  </TR>
  
  <TR>
    <TD>

    <TABLE WIDTH="100%" CELLPADDING="0" BORDER="0" CELLSPACING="0">
      <TR>
        <TD WIDTH="50%">
        <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
        For more information on Java technology<BR>
        and other software from Sun Microsystems, call:<BR>
        </FONT>
        <FONT SIZE="-1" FACE="Verdana, Arial, Helvetica, sans-serif">
        (800) 786-7638<BR></FONT>
        <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
        Outside the U.S. and Canada, dial your country's 
        <A HREF="http://www.att.com/business_traveler/attdirecttollfree/">AT&amp;T&nbsp;Direct&nbsp;Access&nbsp;Number</A> first.<BR>
        </FONT>
        </TD>

        <TD ALIGN="RIGHT" WIDTH="50%">
        <A HREF="http://www.sun.com"><IMG SRC="/images/lgsun.gif" width="64" height="30" border="0" ALT="Sun Microsystems, Inc."></A><BR>
        <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
        Copyright &copy; 1995-99
        <A HREF="http://www.sun.com">Sun Microsystems, Inc.</A><BR>
        All Rights Reserved. 
        <a href="http://www.sun.com/share/text/SMICopyright.html">Legal Terms</a>. 
        <A HREF="http://www.sun.com/privacy/">Privacy&nbsp;Policy</A>.
        </FONT>
        </TD>
      </TR>
    </TABLE>
	
    </TD>
  </TR> 
</TABLE>
</FORM>

<!-- End Copyright Insert -->


</BODY>
</HTML>