Based on @EJP's advice, I have debugged using -Djava.security.debug=accessand found all the needed permissions in a policy file :

根据@EJP的建议，我调试了使用-Djava.security.debug=access并在策略文件中找到了所有需要的权限：

grant { permission java.net.SocketPermission "*:1024-", "connect, resolve"; };

grant { permission java.util.PropertyPermission "*", "read, write"; };

grant { permission java.io.FilePermission "<>", "read"; };

授予 { 权限 java.net.SocketPermission "*:1024-", "connect, resolve"; };

授予 { 权限 java.util.PropertyPermission "*", "read, write"; };

授予 { 权限 java.io.FilePermission "<>", "read"; };

But because I didn't want to create a policy file, I found a way to replicate this programmatically by extending java.security.Policyclass and setting the policy at the startup of my application using Policy.setPolicy(new MinimalPolicy());

但是因为我不想创建策略文件，所以我找到了一种通过扩展java.security.Policy类并在我的应用程序启动时使用Policy.setPolicy(new MinimalPolicy());

public class MinimalPolicy extends Policy {

    private static PermissionCollection perms;

    public MinimalPolicy() {
        super();
        if (perms == null) {
            perms = new MyPermissionCollection();
            addPermissions();
        }
    }

    @Override
    public PermissionCollection getPermissions(CodeSource codesource) {
        return perms;
    }

    private void addPermissions() {
        SocketPermission socketPermission = new SocketPermission("*:1024-", "connect, resolve");
        PropertyPermission propertyPermission = new PropertyPermission("*", "read, write");
        FilePermission filePermission = new FilePermission("<<ALL FILES>>", "read");

        perms.add(socketPermission);
        perms.add(propertyPermission);
        perms.add(filePermission);
    }

}

class MyPermissionCollection extends PermissionCollection {

    private static final long serialVersionUID = 614300921365729272L;

    ArrayList<Permission> perms = new ArrayList<Permission>();

    public void add(Permission p) {
        perms.add(p);
    }

    public boolean implies(Permission p) {
        for (Iterator<Permission> i = perms.iterator(); i.hasNext();) {
            if (((Permission) i.next()).implies(p)) {
                return true;
            }
        }
        return false;
    }

    public Enumeration<Permission> elements() {
        return Collections.enumeration(perms);
    }

    public boolean isReadOnly() {
        return false;
    }

}

Because your

因为你的

new AllPermission()).newPermissionCollection()

new AllPermission()).newPermissionCollection()

is treated by Java as immutable (why add permissions to a collection that already allows all permissions?), and because Java will try to add permissions to the collection. That's where the error message comes from - Java tried to add a java.io.FilePermission to your AllPermission.

被 Java 视为不可变的（为什么要向已经允许所有权限的集合添加权限？），并且因为 Java 会尝试向集合添加权限。这就是错误消息的来源 - Java 试图将 java.io.FilePermission 添加到您的 AllPermission。

Instead, do this:

相反，请执行以下操作：

class MyPolicy extends Policy {
    @Override
    public PermissionCollection getPermissions(CodeSource codesource) {
        Permissions p = new Permissions();
        p.add(new PropertyPermission("java.class.path", "read"));
        p.add(new FilePermission("/home/.../classes/*", "read"));
        ... etc ...
        return p;
    }
}

Short solution

简短的解决方案

Extend your updated solution to:

将更新后的解决方案扩展到：

public class MyPolicy extends Policy
{
    @Override
    public PermissionCollection getPermissions(CodeSource codesource)
    {
        Permissions p = new Permissions();
        p.add(new AllPermission());
        return p;
    }
}

Consider, that Policy.getPermissions()must always return a mutablePermissionCollection

考虑一下，Policy.getPermissions()必须总是返回一个可变的PermissionCollection

Returns:...If this operation is supported, the returned set of permissions must be a new mutable instance and it must support heterogeneous Permission types...

返回：...如果支持此操作，则返回的权限集必须是新的可变实例，并且必须支持异构权限类型...

This solution works already, since it adds an AllPermission object into every call of the Policy.getPermissions(ProtectionDomain), that refers to Policy.getPermissions(CodeSource).

此解决方案已经有效，因为它将 AllPermission 对象添加到 , 的每次调用中，该Policy.getPermissions(ProtectionDomain), 引用Policy.getPermissions(CodeSource).

Clean solution

清洁液

But there is a cleaner solution, that doesn't track any unnecessary other Permissions, since AllPermissions allows pretty everything already.

但是有一个更简洁的解决方案，它不会跟踪任何不必要的其他权限，因为 AllPermissions 已经允许所有内容。

public class MyPolicy extends Policy
{
    private static class AllPermissionsSingleton extends PermissionCollection
    {
        private static final long serialVersionUID = 1L;
        private static final Vector<Permission> ALL_PERMISSIONS_VECTOR = new Vector<Permission>(Arrays.asList(new AllPermission()));

        @Override
        public void add(Permission permission)
        {
        }

        @Override
        public boolean implies(Permission permission)
        {
            return true;
        }

        @Override
        public Enumeration<Permission> elements()
        {
            return ALL_PERMISSIONS_VECTOR.elements();
        }

        @Override
        public boolean isReadOnly()
        {
            return false;
        }
    }

    private static final AllPermissionsSingleton ALL_PERMISSIONS_SINGLETON = new AllPermissionsSingleton();

    @Override
    public PermissionCollection getPermissions(CodeSource codesource)
    {
        return ALL_PERMISSIONS_SINGLETON;
    }
}

Don't install the SecurityManager. You only need it if you're using the codebase feature, and if you need that you need a proper .policy file,

不要安装安全管理器。只有在使用代码库功能时才需要它，如果需要，则需要一个合适的 .policy 文件，