Java 安全管理器 - 它检查什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5192965/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Java Security Manager - What does it check?
提问by RubyDosa
This articleabout Java security says:
该文章有关Java安全说:
Code in the Java library consults the Security Manager whenever a dangerous operation is about to be attempted.
每当即将尝试危险操作时,Java 库中的代码都会咨询安全管理器。
So, what does this exactly mean? Say, if I've implemented my own securitymanager and enabled it for the whole JVM. Now, does the java runtime consults my securitymanager for each and every java call(like System.out.println() etc) or it consults only for dangerousapi calls like System.exit() ,file operations etc?
那么,这到底是什么意思呢?比如说,如果我已经实现了自己的安全管理器并为整个 JVM 启用了它。现在,java 运行时是为每个 java 调用(如 System.out.println() 等)咨询我的安全管理器,还是仅咨询dangerousSystem.exit() 、文件操作等 api 调用?
edit: let me clarify my question,
编辑:让我澄清我的问题,
I'm not questioning the possiblities of the securitymanager. I'm just asking if the security checks are done for the dangerous api's aloneor it is done for each and every method call. Which inturn causes a huge performance degradation in case of applications with large amounts of code.
我不是在质疑安全经理的可能性。我只是问安全检查是单独针对危险的 api 完成的,还是针对每个方法调用完成的。在具有大量代码的应用程序的情况下,这反过来会导致巨大的性能下降。
回答by dogbane
It will only consult the SecurityManager if the code says so. It won't do it for every single operation.
如果代码这样说,它只会咨询 SecurityManager。它不会对每一个操作都这样做。
For example in Runtime.exit, you see that the SecurityManager is consulted:
例如,在 中Runtime.exit,您会看到 SecurityManager 被咨询:
public void exit(int status) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkExit(status);
}
Shutdown.exit(status);
}
Similarly, in File, you will see that most methods consult the SecurityManager. Example:
同样,在 中File,您将看到大多数方法都咨询了 SecurityManager。例子:
public boolean canWrite() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkWrite(path);
}
return fs.checkAccess(this, FileSystem.ACCESS_WRITE);
}
If you are writing a method which might be "dangerous" then you should also consult the SecurityManager.
如果您正在编写一个可能“危险”的方法,那么您还应该咨询 SecurityManager。
回答by Suraj Chandran
Using security manager you could control access to :
使用安全管理器,您可以控制对以下内容的访问:
- File operations
- Reflection facility
- Read/Write IO
- Thread/Thread group operations
- Socket operations(listen, accept etc.)
- Power to create your own classloader.
- 文件操作
- 反射设施
- 读/写 IO
- 线程/线程组操作
- 套接字操作(监听、接受等)
- 创建您自己的类加载器的能力。
For each such thing there is a check*() method in SecurityManager
对于每个这样的事情,在 SecurityManager 中有一个 check*() 方法
For an exhaustive list check the constants in SecurityConstants
有关详尽列表,请检查SecurityConstants 中的常量
回答by jpkrohling
The security manager uses a policy file to see what is permitted and what's not permitted. "Dangerous" operations, as determined by this policy file, is granted or denied during the execution.
安全管理器使用策略文件来查看允许和不允许的内容。由该策略文件确定的“危险”操作在执行期间被授予或拒绝。
You can find more details about the default policy for Sun/Oracle JVM here:
您可以在此处找到有关 Sun/Oracle JVM 的默认策略的更多详细信息:
http://download.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html
http://download.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html
