📄 _chapter 9.htm
字号:
<p class="docText">For example, here is the source code for the <tt>checkExit</tt>
method.</p>
<pre>public void checkExit()
{
checkPermission(new RuntimePermission("exitVM"));
}
</pre>
<p class="docText">Each security manager is free to provide its own
implementation of the <tt>checkPermission</tt> method. However, the JDK provides
a "standard model" of how to carry out permission checks. For the remainder of
this section, we describe this standard model. The standard model relies on two
classes:</p>
<pre>java.security.SecureClassLoader
java.lang.SecurityManager
</pre>
<p class="docText">These are the superclasses of the class loader and security
manager that are used in all practical settings (such as applets and remote
method invocation). In principle, you can install your own class loader and
security manager. However, that is a complex undertaking that few programmers
will want to attempt. It is much more common to extend the standard classes.</p>
<p class="docText">The standard model relies on a <tt>Policy</tt> object to map
code sources to permissions. There can be only one <tt>Policy</tt> object in
effect at any given time. The static <tt>getPolicy</tt> method of the <tt>Policy</tt>
class gets the current policy.</p>
<pre>Policy currentPolicy = Policy.getPolicy();
</pre>
<p class="docText">The principal method of the <tt>Policy</tt> class is the <tt>
getPermissions</tt> method that returns the permission collection for a
particular code source.</p>
<pre>PermissionCollection permissions
= currentPolicy.getPermissions(codeBase);
</pre>
<p class="docText">Each class has a <span class="docEmphasis">protection domain,</span>
an object that encapsulates both the code source and the collection of
permissions of the class. The <tt>getProtectionDomain</tt> method of the <tt>
Class</tt> class returns that domain.</p>
<pre>ProtectionDomain domain
= anObject.getClass().getProtectionDomain();
</pre>
<p class="docText">The <tt>getCodeSource</tt> and <tt>getPermissions</tt>
methods of the <tt>ProtectionDomain</tt> method return the code source and
permission collection.</p>
<p class="docText">In the standard model, the permission collection is entirely
dependent on the code source. The protection domain is set when the <tt>
SecureClassLoader</tt> loads the class. The <tt>SecureClassLoader</tt> queries
the current policy for the permissions that match the code source. It then
creates a <tt>ProtectionDomain</tt> object with the given code source and
permissions. Finally, it passes that object to the <tt>defineClass</tt> method.
<a class="docLink" href="#ch09fig06">Figure 9-6</a> shows the relationships
between these security classes.</p>
<center>
<h5 id="ch09fig06" class="docFigureTitle">Figure 9-6. Relationship between security classes</h5>
<p>
<img alt="graphics/09fig06.gif" src="09fig06.gif" border="0" width="500" height="514"><br>
</p>
</center>
<p class="docText">When the <tt>SecurityManager</tt> needs to check a
permission, it looks at the classes of all methods currently on the call stack.
It then gets the protection domains of all classes and asks each protection
domain if its permission collection allows the operation that is currently being
checked. If all domains agree, then the check passes. Otherwise, a <tt>
SecurityException</tt> is thrown.</p>
<p class="docText">Why do all methods on the call stack need to allow a
particular operation? Let us work through an example. Suppose the <tt>init</tt>
method of an applet wants to open a file. It might call</p>
<pre>Reader in = new FileReader(name);
</pre>
<p class="docText">The <tt>FileReader</tt> constructor calls the <tt>
FileInputStream</tt> constructor, which calls the <tt>checkRead</tt> method of
the security manager, which finally calls <tt>checkPermission</tt> with a <tt>
FilePermission(name, "read"</tt> object. <a class="docLink" href="#ch09table01">
Table 9-1</a> shows the call stack.</p>
<table cellSpacing="0" cellPadding="1" width="100%" border="1">
<caption>
<h5 id="ch09table01" class="docTableTitle">Table 9-1. Call stack during permission checking</h5>
</caption>
<colgroup span="4" align="left">
</colgroup>
<tr>
<th class="docTableHeader" vAlign="top"><span class="docEmphStrong">Class</span>
</th>
<th class="docTableHeader" vAlign="top"><span class="docEmphStrong">Method</span>
</th>
<th class="docTableHeader" vAlign="top"><span class="docEmphStrong">Code
Source</span> </th>
<th class="docTableHeader" vAlign="top"><span class="docEmphStrong">
Permissions</span> </th>
</tr>
<tr>
<td class="docTableCell" vAlign="top"><tt>SecurityManager</tt> </td>
<td class="docTableCell" vAlign="top"><tt>SecurityManager</tt> </td>
<td class="docTableCell" vAlign="top"><tt>null</tt> </td>
<td class="docTableCell" vAlign="top"><tt>AllPermission</tt> </td>
</tr>
<tr>
<td class="docTableCell" vAlign="top"><tt>SecurityManager</tt> </td>
<td class="docTableCell" vAlign="top"><tt>checkRead</tt> </td>
<td class="docTableCell" vAlign="top"><tt>null</tt> </td>
<td class="docTableCell" vAlign="top"><tt>AllPermission</tt> </td>
</tr>
<tr>
<td class="docTableCell" vAlign="top"><tt>FileInputStream</tt> </td>
<td class="docTableCell" vAlign="top">constructor </td>
<td class="docTableCell" vAlign="top"><tt>null</tt> </td>
<td class="docTableCell" vAlign="top"><tt>AllPermission</tt> </td>
</tr>
<tr>
<td class="docTableCell" vAlign="top"><tt>FileReader</tt> </td>
<td class="docTableCell" vAlign="top">constructor </td>
<td class="docTableCell" vAlign="top"><tt>null</tt> </td>
<td class="docTableCell" vAlign="top"><tt>AllPermission</tt> </td>
</tr>
<tr>
<td class="docTableCell" vAlign="top">applet </td>
<td class="docTableCell" vAlign="top"><tt>init</tt> </td>
<td class="docTableCell" vAlign="top">applet code source </td>
<td class="docTableCell" vAlign="top">applet permissions </td>
</tr>
<tr>
<td class="docTableCell" vAlign="top"><tt>. . .</tt> </td>
<td class="docTableCell" vAlign="top"> </td>
<td class="docTableCell" vAlign="top"> </td>
<td class="docTableCell" vAlign="top"> </td>
</tr>
</table>
<p class="docText">The <tt>FileInputStream</tt> and <tt>SecurityManager</tt>
classes are <span class="docEmphasis">system classes</span> whose <tt>CodeSource</tt>
is <tt>null</tt> and whose permissions consist of an instance of the <tt>
AllPermission</tt> class, which allows all operations. Clearly, their
permissions alone can't determine the outcome of the check. As you can see, the
<tt>checkPermission</tt> method must take into account the restricted
permissions of the applet class. By checking the entire call stack, the security
mechanism ensures that one class can never ask another class to carry out a
sensitive operation on its behalf.</p>
<div class="docNote">
<p class="docNoteTitle">NOTE</p>
<table cellSpacing="0" cellPadding="1" width="90%" border="0">
<tr>
<td vAlign="top" width="60">
<img alt="graphics/note.gif" src="note.gif" align="left" border="0" width="54" height="53"><br>
</td>
<td vAlign="top">
<p class="docText">This brief discussion of permission checking shows you
the basic concepts. However, there are a number of technical details that
we omit here. With security, the devil lies in the details, and we
encourage you to read the book by Li Gong for more information. For a more
critical view of the Java platform security model, see the book <i>
Securing Java</i> by Gary McGraw and Ed Felten [John Wiley & Sons 1999].
You can find an online version of that book at
<a class="docLink" href="http://www.securingjava.com" target="_blank">
http://www.securingjava.com</a>.</td>
</tr>
</table>
</div>
<h5 class="docSection3Title" id="ch09lev3sec4"><tt>java.lang.SecurityManager</tt></h5>
<p><img alt="graphics/api.gif" src="api.gif" border="0" width="46" height="45"><br>
</p>
<ul>
<li>
<p class="docList"><tt>void checkPermission(Permission p)</tt></li>
<li>
<p class="docList"><tt>void checkPermission(Permission p, Object context)</tt></p>
<p class="docList">check whether the current security policy permits the given
permission. The second method receives an object that encapsulates the call
stack. That method is used if one thread asks another thread to carry out a
permission check on its behalf.</li>
</ul>
<h5 class="docSection3Title" id="ch09lev3sec5"><tt>java.security.Policy</tt></h5>
<p><img alt="graphics/api.gif" src="api.gif" border="0" width="46" height="45"><br>
</p>
<ul>
<li>
<p class="docList"><tt>static Policy getPolicy()</tt></p>
<p class="docList">gets the current policy object, or <tt>null</tt> if no
security policy is in effect.</li>
<li>
<p class="docList"><tt>PermissionCollection getPermissions(CodeSource source)</tt></p>
<p class="docList">gets the permissions associated with the given code source.</li>
</ul>
<h5 class="docSection3Title" id="ch09lev3sec6"><tt>java.lang.Class</tt></h5>
<p><img alt="graphics/api.gif" src="api.gif" border="0" width="46" height="45"><br>
</p>
<ul>
<li>
<p class="docList"><tt>ProtectionDomain getProtectionDomain()</tt></p>
<p class="docList">gets the protection domain for this class, or <tt>null</tt>
if this class was loaded without a protection domain.</li>
</ul>
<h5 class="docSection3Title" id="ch09lev3sec7"><tt>java.lang.ClassLoader</tt></h5>
<p><img alt="graphics/api.gif" src="api.gif" border="0" width="46" height="45"><br>
</p>
<ul>
<li>
<p class="docList"><tt>Class defineClass(String name, byte[] data, int offset,
int length, ProtectionDomain domain)</tt></p>
<p class="docList">adds a new class to the virtual machine.</p>
<table cellSpacing="0" cellPadding="1" width="93%" border="1">
<colgroup span="3" align="left">
</colgroup>
<tr>
<td class="docTableCell" vAlign="top"><span class="docEmphasis">
Parameters:</span> </td>
<td class="docTableCell" vAlign="top"><tt>name</tt></td>
<td class="docTableCell" vAlign="top">the name of the class. Use . as
package name separator, and don't use a <tt>.class</tt> suffix.</td>
</tr>
<tr>
<td class="docTableCell" vAlign="top"> </td>
<td class="docTableCell" vAlign="top"><tt>data</tt></td>
<td class="docTableCell" vAlign="top">an array holding the bytecodes of
the class.</td>
</tr>
<tr>
<td class="docTableCell" vAlign="top"> </td>
<td class="docTableCell" vAlign="top"><tt>offset</tt></td>
<td class="docTableCell" vAlign="top">the start of the bytecodes in the
array.</td>
</tr>
<tr>
<td class="docTableCell" vAlign="top"> </td>
<td class="docTableCell" vAlign="top"><tt>length</tt></td>
<td class="docTableCell" vAlign="top">the length of the bytecodes in the
array.</td>
</tr>
<tr>
<td class="docTableCell" vAlign="top"> </td>
<td class="docTableCell" vAlign="top"><tt>domain</tt></td>
<td class="docTableCell" vAlign="top">the protection domain for this
class.</td>
</tr>
</table>
</li>
</ul>
<h5 class="docSection3Title" id="ch09lev3sec8"><tt>java.security.ProtectionDomain</tt></h5>
<p><img alt="graphics/api.gif" src="api.gif" border="0" width="46" height="45"><br>
</p>
<ul>
<li>
<p class="docList"><tt>ProtectionDomain(CodeSource source,
PermissionCollection collections)</tt></p>
<p class="docList">constructs a protection domain with the given code source
and permissions.</li>
<li>
<p class="docList"><tt>CodeSource getCodeSource()</tt></p>
<p class="docList">gets the code source of this protection domain.</li>
<li>
<p class="docList"><tt>PermissionCollection getPermissions()</tt></p>
<p class="docList">gets the permissions of this protection domain.</li>
</ul>
<h5 class="docSection3Title" id="ch09lev3sec9"><tt>java.security.PermissionCollection</tt></h5>
<p><img alt="graphics/api.gif" src="api.gif" border="0" width="46" height="45"><br>
</p>
<ul>
<li>
<p class="docList"><tt>void add(Permission p)</tt></p>
<p class="docList">adds a permission to this permission collection.</li>
<li>
<p class="docList"><tt>Enumeration elements()</tt></p>
<p class="docList">returns an enumeration to iterate through all permissions
in this collection.</li>
</ul>
<h5 class="docSection3Title" id="ch09lev3sec10"><tt>java.security.CodeSource</tt></h5>
<p><img alt="graphics/api.gif" src="api.gif" border="0" width="46" height="45"><br>
</p>
<ul>
<li>
<p class="docList"><tt>Certificate[] getCertificates()</tt></p>
<p class="docList">gets the certificates for class file signature associated
with this code source.</li>
<li>
<p class="docList"><tt>URL getLocation()</tt></p>
<p class="docList">gets the location of class files ass⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -