appx.html

来自「java2高级编程」· HTML 代码 · 共 1,311 行 · 第 1/5 页

<A NAME="pgfId-1061528"></A><EM CLASS="CODE">
read</EM>
: Permission to read a file or directory</LI>
<LI CLASS="BL">
<A NAME="pgfId-1061529"></A><EM CLASS="CODE">
write</EM>
: Permission to write to and create a file or directory</LI>
<LI CLASS="BL">
<A NAME="pgfId-1061530"></A><EM CLASS="CODE">
execute</EM>
: Permission to execute a file or search a directory</LI>
<LI CLASS="BL">
<A NAME="pgfId-1061531"></A><EM CLASS="CODE">
delete</EM>
: Permission to delete a file or directory</LI>
</UL>
<P CLASS="Body">
<A NAME="pgfId-1061532"></A>When granting file permissions, always think about the implications of granting read and especially write access to various files and directories. The <EM CLASS="CODE">
&lt;&lt;ALL FILES&gt;&gt;</EM>
 permission with write action is especially dangerous because it grants permission to write to the entire file system. This means the system binary can be replaced, which includes the Java<EM CLASS="A">
<A HREF="ALLAPPX.html#TJVM" CLASS="Hypertext">1</A></EM>
 virtual machine run-time environment. <EM CLASS="A">
</EM>
<A NAME="NetPermission"></A></P>
</DIV>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061538"></A><A NAME="marker-1061535"></A><A NAME="marker-1061536"></A><A NAME="82632"></A>NetPermission</H4>
<P CLASS="Body">
<A NAME="pgfId-1061539"></A><EM CLASS="CODE">
java.net.NetPermission</EM>
 grants access to various network targets. The possible targets are listed by name with no action list. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061540"></A>grant {   permission java.net.NetPermission &quot;setDefaultAuthenticator&quot;;   permission java.net.NetPermission &quot;requestPasswordAuthentication&quot;; };</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061541"></A><EM CLASS="C-Code">
setDefaultAuthenticator</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to set the way authentication information is retrieved when a proxy or HTTP server asks for authentication. Granting this permission could mean malicious code can set an authenticator that monitors and steals user authentication input as it retrieves the input from the user. </P>
<P CLASS="Body">
<A NAME="pgfId-1061542"></A><EM CLASS="C-Code">
requestPasswordAuthentication</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to ask the authenticator registered with the system for a password. Granting this permission could mean malicious code might steal the password. </P>
<P CLASS="Body">
<A NAME="pgfId-1061543"></A><EM CLASS="C-Code">
specifyStreamHandler</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to specify a stream handler when constructing a URL. Granting this permission could mean malicious code might create a URL with resources to which it would not normally have access, or specify a stream handler that gets the actual bytes from somewhere to which it does have access. This means the malicious code could trick the system into creating a <EM CLASS="CODE">
ProtectionDomain/CodeSource</EM>
 for a class even though the class really did not come from that location. </P>
</DIV>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061547"></A><A NAME="marker-1061544"></A><A NAME="marker-1061545"></A><A NAME="71933"></A>PropertyPermission</H4>
<P CLASS="Body">
<A NAME="pgfId-1061548"></A><EM CLASS="CODE">
java.util.PropertyPermission</EM>
 grants access to system properties. The <EM CLASS="CODE">
java.util.Properties</EM>
 class represents persistent settings such as the location of the installation directory, the user name, or the user's home directory. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061549"></A>grant {   permission java.util.PropertyPermission &quot;java.home&quot;, &quot;read&quot;;   permission java.util.PropertyPermission &quot;os.name&quot;, &quot;write&quot;;   permission java.util.PropertyPermission &quot;user.name&quot;, &quot;read, write&quot;; };</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061550"></A>The target list contains the name of the property, for example, <EM CLASS="CODE">
java.home</EM>
 or <EM CLASS="CODE">
os.name</EM>
. The naming convention for the properties follows the hierarchical property naming convention, and includes wild cards. An asterisk at the end of the property name, after a dot (<EM CLASS="CODE">
.</EM>
), or alone signifies a wild card match. For example, <EM CLASS="CODE">
java.*</EM>
 or <EM CLASS="CODE">
*</EM>
 are valid, but <EM CLASS="CODE">
*java</EM>
 or <EM CLASS="CODE">
a*b</EM>
 are invalid. </P>
<P CLASS="Body">
<A NAME="pgfId-1061551"></A>The actions are specified in a list of comma-separated keywords, and have the following meanings: </P>
<UL>
<LI CLASS="BL">
<A NAME="pgfId-1061552"></A><EM CLASS="CODE">
read</EM>
: Permission to read (<EM CLASS="CODE">
get</EM>
) a property</LI>
<LI CLASS="BL">
<A NAME="pgfId-1061553"></A><EM CLASS="CODE">
write</EM>
: Permission to write (<EM CLASS="CODE">
set</EM>
) a property</LI>
</UL>
<P CLASS="Body">
<A NAME="pgfId-1061554"></A>Granting property permissions can leave your system open to intrusion. For example, granting permission to access the <EM CLASS="CODE">
java.home</EM>
 property makes the installation directory vulnerable to attack, and granting permission to access the <EM CLASS="CODE">
user.name</EM>
 and <EM CLASS="CODE">
user.home</EM>
 properties might reveal the user's account name and home directory to code that might misuse the information. <EM CLASS="A">
</EM>
<A NAME="ReflectPermission"></A></P>
</DIV>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061557"></A><A NAME="18308"></A>ReflectPermission</H4>
<P CLASS="Body">
<A NAME="pgfId-1061560"></A><EM CLASS="CODE">
java.lang.reflect.ReflectPermission</EM>
<A NAME="marker-1061558"></A><A NAME="marker-1061559"></A> grants permission for various reflective operations. The possible targets are listed by name with no action list. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061561"></A>grant {
 permission java.lang.reflect.ReflectPermission &quot;suppressAccessChecks&quot;;
};</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061562"></A><EM CLASS="C-Code">
suppressAccessChecks</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to access fields and invoke methods in a class. This includes public, protected, and private fields and methods. Granting this permission could reveal confidential information and make normally unavailable methods accessible to malicious code. <EM CLASS="A">
</EM>
<A NAME="RuntimePermission"></A></P>
</DIV>
<DIV>
<H4 CLASS="A">
<A NAME="pgfId-1061565"></A><A NAME="40186"></A>RuntimePermission</H4>
<P CLASS="Body">
<A NAME="pgfId-1061566"></A><EM CLASS="CODE">
java.lang.RuntimePermission</EM>
 grants access to various run-time targets such as the classloader, Java virtual machine, and thread. The possible targets are listed by name with no action list. </P>
<PRE CLASS="CODE"><A NAME="pgfId-1061567"></A>grant {
  permission java.lang.RuntimePermission &quot;createClassLoader&quot;;
  permission java.lang.RuntimePermission &quot;getClassLoader&quot;;
  permission java.lang.RuntimePermission &quot;exitVM&quot;;
  permission java.lang.RuntimePermission &quot;setFactory&quot;;
  permission java.lang.RuntimePermission &quot;setIO&quot;;
  permission java.lang.RuntimePermission &quot;modifyThread&quot;;
  permission java.lang.RuntimePermission &quot;modifyThreadGroup&quot;;
  permission java.lang.RuntimePermission &quot;getProtectionDomain&quot;;
  permission java.lang.RuntimePermission &quot;setProtectionDomain&quot;;
  permission java.lang.RuntimePermission &quot;readFileDescriptor&quot;;
  permission java.lang.RuntimePermission &quot;writeFileDescriptor&quot;;
  permission java.lang.RuntimePermission &quot;loadLibrary.&lt;library name&gt;&quot;;
  permission java.lang.RuntimePermission &quot;accessClassInPackage.&lt;package name&gt;&quot;;
  permission java.lang.RuntimePermission &quot;defineClassInPackage.&lt;package name&gt;&quot;;
  permission java.lang.RuntimePermission &quot;accessDeclaredMembers.&lt;class name&gt;&quot;;
  permission java.lang.RuntimePermission &quot;queuePrintJob&quot;;
};</PRE>
<P CLASS="Body">
<A NAME="pgfId-1061568"></A>The naming convention for target information where a library, package, or class name is added follows the hierarchical property naming convention, and includes wild cards. An asterisk at the end of the target name, after a dot (<EM CLASS="CODE">
.</EM>
), or alone signifies a wild card match. For example, <EM CLASS="CODE">
loadLibrary.*</EM>
 or <EM CLASS="CODE">
*</EM>
 are valid, but <EM CLASS="CODE">
*loadLibrary</EM>
 or <EM CLASS="CODE">
a*b</EM>
 are not. </P>
<P CLASS="Body">
<A NAME="pgfId-1061569"></A><EM CLASS="C-Code">
createClassLoader</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to create a classloader. Granting this permission might allow a malicious application to instantiate its own classloader and load harmful classes into the system. Once loaded, the class loader could place these classes into any protection domain and give them full permissions for that domain. </P>
<P CLASS="Body">
<A NAME="pgfId-1061570"></A><EM CLASS="C-Code">
getClassLoader</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to retrieve the classloader for the calling class. Granting this permission could enable malicious code to get the class loader for a particular class and load additional classes. </P>
<P CLASS="Body">
<A NAME="pgfId-1061571"></A><EM CLASS="C-Code">
setContextClassLoader</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to set the context classloader used by a thread. System code and extensions use the context class loader to look up resources that might not exist in the system classloader. Granting this permission allows code to change the context class loader that is used for a particular thread, including system threads. This can cause problems if the context class loader has malicious code. </P>
<P CLASS="Body">
<A NAME="pgfId-1061572"></A><EM CLASS="C-Code">
setSecurityManager</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to set or replace the security manager. The security manager is a class that allows applications to implement a security policy. Granting this permission could enable malicious code to install a less restrictive manager, and thereby bypass checks that would have been enforced by the original security manager. </P>
<P CLASS="Body">
<A NAME="pgfId-1061573"></A><EM CLASS="C-Code">
createSecurityManager</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to create a new security manager. Granting this permission could give malicious code access to protected and sensitive methods that might disclose information about other classes or the execution stack. It could also allow the introduction of a weakened security manager. </P>
<P CLASS="Body">
<A NAME="pgfId-1061574"></A><EM CLASS="C-Code">
exitVM</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to halt the Java virtual machine. Granting this permission could allow malicious code to mount a denial-of-service attack by automatically forcing the virtual machine to stop. </P>
<P CLASS="Body">
<A NAME="pgfId-1061575"></A><EM CLASS="C-Code">
setFactory</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to set the socket factory used by the <EM CLASS="CODE">
ServerSocket</EM>
 or <EM CLASS="CODE">
Socket</EM>
 class, or the stream handler factory used by the <EM CLASS="CODE">
URL</EM>
 class. Granting this permission allows code to set the actual implementation for the socket, server socket, stream handler, or RMI socket factory. An attacker might set a faulty implementation that mangles the data stream. </P>
<P CLASS="Body">
<A NAME="pgfId-1061576"></A><EM CLASS="C-Code">
setIO</EM>
<EM CLASS="Bold">
: </EM>
This target grants permission to change the value of the <EM CLASS="CODE">
System.out</EM>
, <EM CLASS="CODE">
System.in</EM>
, and <EM CLASS="CODE">
System.err</EM>
 standard system streams. Granting this permission could allow an attacker to change <EM CLASS="CODE">
System.in</EM>
 to steal user input, or set <EM CLASS="CODE">
System.err</EM>
 to a null output stream, which would hide any error messages sent to <EM CLASS="CODE">
System.err</EM>
. </P>
<P CLASS="Body">
<A NAME="pgfId-1061577"></A><EM CLASS="C-Code">
modifyThread</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to modify threads by calls to the <EM CLASS="CODE">
stop</EM>
, <EM CLASS="CODE">
suspend</EM>
, <EM CLASS="CODE">
resume</EM>
, <EM CLASS="CODE">
setPriority</EM>
, and <EM CLASS="CODE">
setName</EM>
 methods in the <EM CLASS="CODE">
Thread</EM>
 class. Granting this permission could allow an attacker to start or suspend any thread in the system. </P>
<P CLASS="Body">
<A NAME="pgfId-1061578"></A><EM CLASS="C-Code">
stopThread</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to stop threads. Granting this permission allows code to stop any thread in the system provided the code already has permission to access that thread. Malicious code could corrupt the system by killing existing threads. </P>
<P CLASS="Body">
<A NAME="pgfId-1061579"></A><EM CLASS="C-Code">
modifyThreadGroup</EM>
<EM CLASS="Bold">
:</EM>
 This target grants permission to modify threads by calls to the <EM CLASS="CODE">
destroy</EM>
, <EM CLASS="CODE">
resume</EM>
, <EM CLASS="CODE">