ch10.html
来自「java2高级编程」· HTML 代码 · 共 745 行 · 第 1/4 页
HTML
745 行
<PRE CLASS="CODE"><A NAME="pgfId-1087693"></A> } }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087694"></A> public void checkRead(String filename) {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087695"></A>//Mention file by name so don't get prompted for password </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087696"></A>//for everything the application loads to create itself</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087697"></A> if((filename.equals(File.separatorChar + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087698"></A> "home" + File.separatorChar + "monicap" + File.separatorChar + "text2.txt"))){</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087699"></A> if(!accessOK()){</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087700"></A> super.checkRead(filename);</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087701"></A> throw new SecurityException("No Way!");</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087702"></A> } else {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087703"></A> FilePermission perm = new FilePermission(File.separatorChar + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087704"></A> "home" + File.separatorChar + "monicap" + File.separatorChar + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087705"></A> "text2.txt", "read");</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087706"></A> checkPermission(perm);</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087707"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087708"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087709"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087710"></A> public void checkWrite(String filename) {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087711"></A>//Mention file by name so don't get prompted for password </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087712"></A>//for everything the application loads to create itself</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087713"></A> if((filename.equals(File.separatorChar + "home" + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087714"></A> File.separatorChar + "monicap"</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087715"></A> + File.separatorChar + "text.txt"))){</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087716"></A> if(!accessOK()){</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087717"></A> super.checkWrite(filename);</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087718"></A> throw new SecurityException("No Way!");</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087719"></A> } else {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087720"></A> FilePermission perm = new FilePermission(File.separatorChar + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087721"></A> "home" + File.separatorChar + "monicap" + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087722"></A> File.separatorChar + "text.txt" , "write");</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087723"></A> checkPermission(perm);</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087724"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087725"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087726"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087727"></A>}</PRE><P CLASS="Body"><A NAME="pgfId-1087728"></A>The <EM CLASS="CODE">accessOK</EM> method prompts the end user for a password, verifies the password, and returns <EM CLASS="CODE">true</EM> if the password is correct and <EM CLASS="CODE">false</EM> if it is not.</P><PRE CLASS="CODE"><A NAME="pgfId-1087729"></A>private boolean accessOK() {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087730"></A> int c;</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087731"></A> String response;</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087732"></A> </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087733"></A> System.out.println("Password, please:");</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087734"></A> try {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087735"></A> response = buffy.readLine();</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087736"></A> if (response.equals(password))</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087737"></A> return true;</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087738"></A> else</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087739"></A> return false;</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087740"></A> } catch (IOException e) {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087741"></A> return false;</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087742"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087743"></A>}</PRE><P CLASS="Body"><A NAME="pgfId-1087744"></A><EM CLASS="Bold">Verify Access. </EM>The <EM CLASS="CODE">SecurityManager</EM> parent class provides methods to verify file system read and write access. The <EM CLASS="CODE">checkRead</EM> and <EM CLASS="CODE">checkWrite</EM> methods each have a version that accepts a <EM CLASS="CODE">String</EM> and another version that accepts a file descriptor. This example overrides only the <EM CLASS="CODE">String</EM> versions to keep the example simple and because the <EM CLASS="CODE">FileIO</EM> program accesses directories and files as <EM CLASS="CODE">Strings</EM>. </P><PRE CLASS="CODE-caption"><A NAME="pgfId-1087746"></A>//API Ref: <A NAME="53537"></A>void checkRead(String filename)</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087751"></A><A NAME="methods"></A><A NAME="java.lang.SecurityManager class"></A><A NAME="SecurityManager class"></A><A NAME="checkRead method"></A>public void checkRead(String filename) {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087752"></A> if((filename.equals(File.separatorChar + "home" + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087753"></A> File.separatorChar + "monicap" + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087754"></A> File.separatorChar + "text2.txt"))){</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087755"></A> if(!accessOK()){</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087756"></A> super.checkRead(filename);</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087757"></A> throw new SecurityException("No Way!");</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087758"></A> } else {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087759"></A> FilePermission perm = new FilePermission(</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087760"></A> File.separatorChar + "home" +</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087761"></A> File.separatorChar + "monicap" + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087762"></A> File.separatorChar + "text2.txt", "read");</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087763"></A> checkPermission(perm);</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087764"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087765"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087766"></A>}</PRE><PRE CLASS="CODE-caption"><A NAME="pgfId-1087768"></A>//API Ref: <A NAME="57421"></A>void checkWrite(String filename)</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087771"></A><A NAME="methods"></A><A NAME="checkWrite method"></A>public void checkWrite(String filename) {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087772"></A> if((filename.equals(File.separatorChar + "home" + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087773"></A> File.separatorChar + "monicap" + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087774"></A> File.separatorChar + "text.txt"))){</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087775"></A> if(!accessOK()){</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087776"></A> super.checkWrite(filename);</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087777"></A> throw new SecurityException("No Way!");</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087778"></A> } else {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087779"></A> FilePermission perm = new FilePermission(</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087780"></A> File.separatorChar + "home" + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087781"></A> File.separatorChar + "monicap" + </PRE><PRE CLASS="CODE"><A NAME="pgfId-1087782"></A> File.separatorChar + "text.txt" , "write");</PRE><PRE CLASS="CODE-caption"><A NAME="pgfId-1087784"></A>//API Ref: <A NAME="19324"></A>void checkPermission(Permission perm)</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087787"></A> <A NAME="methods"></A><A NAME="checkPermission method"></A>checkPermission(perm);</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087788"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087789"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087790"></A> }</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087791"></A>}</PRE><P CLASS="Body"><A NAME="pgfId-1087792"></A>The <EM CLASS="CODE">checkWrite</EM> method is called before the end user input is written to the output file. This is because the <EM CLASS="CODE">FileOutputStream</EM> class calls <EM CLASS="CODE">SecurityManager.checkWrite</EM> first.</P><P CLASS="Body"><A NAME="pgfId-1087793"></A>The custom implementation for <EM CLASS="CODE">SecurityManager.checkWrite </EM>tests for the pathname <EM CLASS="CODE">/home/monicap/text.txt</EM>, and, if <EM CLASS="CODE">true</EM>, prompts the end user for the password. If the password is correct, the <EM CLASS="CODE">checkWrite</EM> method performs the access check by creating an instance of the required permission and passing it to the <EM CLASS="CODE">SecurityManager.checkPermission</EM> method. This check will succeed if the security manager finds a system, user, or program policy file with the specified permission. Once the write operation completes, the end user is prompted for the password two more times. The first time is to read the <EM CLASS="CODE">/home/monicap</EM> directory, and the second time is to read the <EM CLASS="CODE">text2.txt</EM> file. An access check is performed before the read operation takes place.</P><P CLASS="Body"><A NAME="pgfId-1087794"></A><EM CLASS="Bold">Policy File. </EM>Here is the policy file the <EM CLASS="CODE">FileIO</EM> program needs for its read and write operations. It also grants permission to the custom security manager to access the event queue on behalf of the application and show the application window without the warning banner. </P><PRE CLASS="CODE"><A NAME="pgfId-1087795"></A>grant {</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087796"></A> permission java.io.FilePermission "${user.home}/text.txt", "write";</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087797"></A> permission java.util.PropertyPermission "user.home", "read";</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087798"></A> permission java.io.FilePermission "${user.home}/text2.txt", "read";</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087799"></A> permission java.awt.AWTPermission "accessEventQueue";</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087800"></A> permission java.awt.AWTPermission "showWindowWithoutWarningBanner";</PRE><PRE CLASS="CODE"><A NAME="pgfId-1087801"></A>};</PRE><P CLASS="Body"><A NAME="pgfId-1087802"></A><EM CLASS="Bold">Run the </EM><EM CLASS="C-Code">FileIO</EM><EM CLASS="Bold"> Program. </EM>Here is how to run the <EM CLASS="CODE">FileIO</EM> program with the policy file:</P><PRE CLASS="CODE"><A NAME="pgfId-1087803"></A>java -Djava.security.policy=polfile FileIO</PRE></DIV><DIV><H5 CLASS="B"><A NAME="pgfId-1087804"></A>Reference Information</H5><P CLASS="Body"><A NAME="pgfId-1087805"></A>Appendix A, Security and Permissions, describes the available permissions and explains the consequences of granting permissions. One way to use this information is to help you limit what permissions a given applet or application might need to successfully execute. Another way to use this information is to educate yourself on the ways in which a particular permission can be exploited by malicious code.</P><P CLASS="Body"><A NAME="pgfId-1087806"></A>Appendix B, Classes, Methods, and Permissions, provides lists of Java 2 platform software methods that are implemented to perform security access checks, the permission each requires, and the <EM CLASS="CODE">java.security.SecurityManager</EM> method called to perform the access check. You can use this reference to write your own security manager implementations or when you implement abstract methods that perform security-related tasks.</P><P CLASS="Body"><A NAME="pgfId-1087807"></A>Appendix C, Security Manager Methods, lists the permissions checked for by the <EM CLASS="CODE">SecurityManager</EM> methods.</P><P CLASS="Body"><A NAME="pgfId-1026120"></A> </P></DIV></DIV></BODY></HTML>⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?