appx.html

来自「java2高级编程」· HTML 代码 · 共 1,311 行 · 第 1/5 页

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"><HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<META NAME="GENERATOR" CONTENT="Adobe FrameMaker 6.0/HTML Export Filter">
<LINK REL="STYLESHEET" HREF="APPX.css" CHARSET="ISO-8859-1" TYPE="text/css">
<TITLE> Covered in this Appendix</TITLE>
</HEAD>
<BODY BGCOLOR="#ffffff">
<P CLASS="CT">
<A NAME="pgfId-1061421"></A>A</P>
<P CLASS="CT">
<A NAME="pgfId-1063092"></A><A NAME="30291"></A>Security and Permissions</P>
<P CLASS="Body">
<A NAME="pgfId-1061422"></A>All applets and any applications invoked with a security manager must be granted explicit permission to access local system resources apart from accessing the directory where the program is invoked and its subdirectories. The Java platform provides permissions to allow various levels of access to different types of local information. Because permissions let an applet or application override the default security policy, you should be very careful when you assign permissions to not create an opening for malicious code to attack your system. </P>
<P CLASS="Body">
<A NAME="pgfId-1061423"></A>This appendix describes the available permissions and explains how each permission can create an opening for malicious attacks. One way to use this information is to help you limit what permissions a given applet or application might need to successfully execute. Another way to use this information is to educate yourself on the ways in which a particular permission can be exploited by malicious code so you can take steps against that. </P>
<P CLASS="Body">
<A NAME="pgfId-1061424"></A>As a safeguard, never trust an unknown applet or application. Always check the code carefully against the information in this appendix to be sure you are not giving malicious code permission to cause serious problems on the local system. </P>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061425"></A>Covered in this Appendix</H4>
<UL>
<LI CLASS="BL">
<A NAME="pgfId-1061429"></A><EM CLASS="Underline">
Overview</EM>
 (page 2) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061433"></A><EM CLASS="Underline">
Knowing Which Permissions</EM>
 (page 2) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061437"></A><EM CLASS="CODE">
AllPermission</EM>
 (page 3) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061441"></A><EM CLASS="CODE">
AWTPermission</EM>
 (page 3) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061445"></A><EM CLASS="CODE">
FilePermission</EM>
 (page 4) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061449"></A><EM CLASS="CODE">
NetPermission</EM>
 (page 5) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061453"></A><EM CLASS="CODE">
PropertyPermission</EM>
 (page 6) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061457"></A><EM CLASS="CODE">
ReflectPermission</EM>
 (page 6) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061461"></A><EM CLASS="CODE">
RuntimePermission</EM>
 (page 7) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061465"></A><EM CLASS="CODE">
SecurityPermission</EM>
 (page 10) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061469"></A><EM CLASS="CODE">
SerializablePermission</EM>
 (page 13) </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061473"></A><EM CLASS="CODE">
SocketPermission</EM>
 (page 14) </LI>
</UL>
</DIV>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061476"></A><EM CLASS="A">
</EM>
<A NAME="over"></A><A NAME="10818"></A>Overview</H4>
<P CLASS="Body">
<A NAME="pgfId-1061478"></A><A NAME="marker-1061477"></A>Permissions are granted to a program with a policy file. A policy file contains permissions for specific access. A permission consists of the permission name, a target, and in some cases, a comma-separated list of actions. </P>
<P CLASS="Body">
<A NAME="pgfId-1061479"></A>For example, the following policy file entry specifies a <EM CLASS="CODE">
java.io.FilePermission</EM>
 permission that grants <EM CLASS="CODE">
read</EM>
 access (the action) to the <EM CLASS="CODE">
${user.home}/text2.txt</EM>
 target. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061480"></A>grant {
  permission java.io.FilePermission &quot;${user.home}/text2.txt&quot;, &quot;read&quot;;
};</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061481"></A>There is one policy file for the Java platform installation (system) and an optional policy file for each user. The system policy file is in <EM CLASS="CODE">
{java.home}/lib/security/java.policy</EM>
, and the user policy file is in each user's home directory. The system and user policy files are combined. So, for example, there could be a system policy file with very few permissions granted to all users on the system, and individual policy files granting additional permissions to certain users. </P>
<P CLASS="Body">
<A NAME="pgfId-1061482"></A>To run an application with the security manager and a policy file named <EM CLASS="CODE">
polfile</EM>
 in the user's home directory, type: </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061483"></A>java -Djava.security.main  -DJava.security.policy=polfile  FileIO</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061484"></A>To run an applet in <EM CLASS="CODE">
appletviewer</EM>
 with a policy file named <EM CLASS="CODE">
polfile</EM>
 in the user's home directory, type: </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061485"></A>appletviewer -J-Djava.security.policy=polfile fileIO.html</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061486"></A>When running an applet in a browser, the browser looks for the user and system policy files to find the permissions the applet needs to access local system resources on behalf of the user who downloaded the applet.</P>
</DIV>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061488"></A><A NAME="25176"></A>Knowing Which Permissions</H4>
<P CLASS="Body">
<A NAME="pgfId-1061490"></A><A NAME="marker-1061489"></A>When you run an applet or invoke an application with a security manager that needs permissions, you will get a stack trace if you did not provide a policy file with all the needed permissions. The stack trace contains the information you need to add the permission to the policy file. If the program needs additional permissions, you will keep getting stack traces until all required permissions are added to the policy file. The only drawback to this approach is you have to try every possible code path in your application. </P>
<P CLASS="Body">
<A NAME="pgfId-1061491"></A>Another way to determine which permission your program needs is to browse Appendix B (<EM CLASS="Underline">
Classes, Methods, and Permissions</EM>
). This appendix tells you which Java 2 Platform software methods are prevented from executing without the listed permission. The information is also useful for developers who want to write their own security manager to customize the verifications and approvals needed in a program. </P>
<P CLASS="Body">
<A NAME="pgfId-1061492"></A>Here is a short example to show how to translate the first couple of lines in a stack trace to a policy file entry. The first line tells you access is denied. This means this stack trace was generated because the program tried to access a system resource without the proper permission. The second line means you need a <EM CLASS="CODE">
java.net.SocketPermission</EM>
 that gives the program permission to <EM CLASS="CODE">
connect</EM>
 to and <EM CLASS="CODE">
resolve</EM>
 the host name for Internet Protocol (IP) address <EM CLASS="CODE">
129.144.176.176</EM>
, port <EM CLASS="CODE">
1521</EM>
. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061493"></A>java.security.AccessControlException: access denied       (java.net.SocketPermission 129.144.176.176:1521 connect,resolve)</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061494"></A>To turn this into a policy file entry, list the permission name, a target, and an action list as follows, where <EM CLASS="CODE">
java.net.SocketPermission</EM>
 is the permission name, <EM CLASS="CODE">
129.144.176.176:1521</EM>
 is the target, and <EM CLASS="CODE">
connect,resolve</EM>
 is the action list. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061495"></A>grant {
permission java.net.SocketPermission  &quot;129.144.176.176:1521&quot;, &quot;connect,resolve&quot;;
};</PRE>
</DIV>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061497"></A><A NAME="14546"></A>AllPermission</H4>
<P CLASS="Body">
<A NAME="pgfId-1061500"></A><EM CLASS="CODE">
java.security.AllPermission</EM>
<A NAME="marker-1061498"></A><A NAME="marker-1061499"></A> specifies all permissions in the system for all possible targets and actions. This permission should be used only during testing because it grants permission to run with all security restrictions disabled as if there were no security manager. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061501"></A>grant {
  permission java.security.AllPermission;
};</PRE>
</DIV>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061503"></A><A NAME="95478"></A>AWTPermission</H4>
<P CLASS="Body">
<A NAME="pgfId-1061506"></A><EM CLASS="CODE">
java.awt.AWTPermission</EM>
<A NAME="marker-1061504"></A><A NAME="marker-1061505"></A> grants access to the following Abstract Window Toolkit (AWT) targets. The possible targets are listed by name with no action list. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061507"></A>grant {
  permission java.awt.AWTPermission &quot;accessClipboard&quot;;
  permission java.awt.AWTPermission &quot;accessEventQueue&quot;;
  permission java.awt.AWTPermission &quot;showWindowWithoutWarningBanner&quot;;
};</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061508"></A><EM CLASS="C-Code">
accessClipboard</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to post information to and retrieve information from the AWT clipboard. Granting this permission could allow malicious code to share potentially sensitive or confidential information. </P>
<P CLASS="Body">
<A NAME="pgfId-1061509"></A><EM CLASS="C-Code">
accessEventQueue</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to access the AWT event queue. Granting this permission could allow malicious code to peek at and remove existing events from the system, or post bogus events that could cause the application or applet to perform malicious actions. </P>
<P CLASS="Body">
<A NAME="pgfId-1061510"></A><EM CLASS="C-Code">
listenToAllAWTEvents</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to listen to all AWT events throughout the system. Granting this permission could allow malicious code to read and exploit confidential user input such as passwords. </P>
<P CLASS="Body">
<A NAME="pgfId-1061511"></A>Each AWT event listener is called from within the context of that event queue's <EM CLASS="CODE">
EventDispatchThread</EM>
, so if the <EM CLASS="CODE">
accessEventQueue</EM>
 permission is also enabled, malicious code could modify the contents of AWT event queues throughout the system, which can cause the application or applet to perform unintended and malicious actions. </P>
<P CLASS="Body">
<A NAME="pgfId-1061512"></A><EM CLASS="C-Code">
readDisplayPixels</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to read pixels back from the display screen. Granting this permission could allow interfaces such as <EM CLASS="CODE">
java.awt.Composite</EM>
 that allow arbitrary code to examine pixels on the display to include malicious code that snoops on user activities. </P>
<P CLASS="Body">
<A NAME="pgfId-1061513"></A><EM CLASS="C-Code">
showWindowWithoutWarningBanner</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to display a window without also displaying a banner warning that the window was created by an applet. Without this warning, an applet might pop up windows without the user knowing they belong to an applet. This could be a problem in environments in which users make security-sensitive decisions based on whether the window belongs to an applet or an application. For example, disabling the banner warning might trick the end user into entering sensitive user name and password information.</P>
</DIV>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061517"></A><A NAME="marker-1061514"></A><A NAME="marker-1061515"></A><A NAME="91112"></A>FilePermission</H4>
<P CLASS="Body">
<A NAME="pgfId-1061518"></A><EM CLASS="CODE">
java.io.FilePermission</EM>
 grants access to a file or directory. The targets consist of the target pathname and a comma-separated list of actions. This policy file grants <EM CLASS="CODE">
read</EM>
, <EM CLASS="CODE">
write</EM>
, <EM CLASS="CODE">
delete</EM>
, and <EM CLASS="CODE">
execute</EM>
 permission to all files. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061519"></A>grant {
  permission java.io.FilePermission 
          &quot;&lt;&lt;ALL FILES&gt;&gt;&quot;, &quot;read, write, delete, execute&quot;;
};</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061520"></A>This policy file grants <EM CLASS="CODE">
read</EM>
 and <EM CLASS="CODE">
write</EM>
 permission to <EM CLASS="CODE">
text.txt</EM>
 in the user's home directory. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061521"></A>grant {
  permission java.io.FilePermission  
                 &quot;${user.home}/text.txt&quot;, &quot;read, write&quot;;
};</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061522"></A>You can use the following wild cards to specify the target pathname. </P>
<UL>
<LI CLASS="BL">
<A NAME="pgfId-1061523"></A>A pathname that ends in <EM CLASS="CODE">
/*,</EM>
 where <EM CLASS="CODE">
/*</EM>
 is the file separator character and indicates a directory and all the files contained in that directory. </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061524"></A>A pathname that ends with <EM CLASS="CODE">
/-</EM>
 indicates a directory, and recursively, all files and subdirectories contained in that directory. </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061525"></A>A pathname consisting of a single asterisk (<EM CLASS="CODE">
*</EM>
) indicates all files in the current directory. </LI>
<LI CLASS="BL">
<A NAME="pgfId-1061526"></A>A pathname consisting of a single dash (<EM CLASS="CODE">
-</EM>
) indicates all files in the current directory, and recursively, all files and subdirectories contained in the current directory.</LI>
</UL>
<P CLASS="Body">
<A NAME="pgfId-1061527"></A>The actions are specified in a list of comma-separated keywords and have the following meanings: </P>
<UL>
<LI CLASS="BL">