Write your own logon and access control modules

TIPS: I wrote my notes for the first time, and my hands were shaking a little bit. I got an axe from the class ~~~ Welcome!

Security is one of the features that Java advocates most. Indeed, Java's security features cover from the application level to the language level, and even the JVM itself. In the past, we all knew that there was a Sandbox, but only the Sandbox was not enough, or we could not easily meet all the security requirements we needed. For example, a system needs at least one login function, further, we also need to restrict the user's access to resources. I 'd like to give a general idea of how Java is doing these things, it is basically a summary or a "post-reading" nature. At the same time, it provides a simple implementation example. In fact, this example still imitates people's homes ......

1. Java access control mechanism

When it comes to access control or "Authorization", there are two meanings: first, from the perspective of resources, is this socket port allowed to operate? Is this file readable? Writable? Or executable? Or above? This is how we use "ls? L "command to list the"-rwx-"and other meanings of files in the current directory; second, from the visitor's point of view, I want to view the Sina European Cup news on the Web through port 80, is this qualification in this system? I want to play a video file named "friends. rm" on drive D. Have I obtained the permission to access this file? Do I have the permission to run the player?
Java considers both aspects of the access control policy at the same time. You said, "No, I use FileOutputStream to write files and use the Socket class to connect to the remote host, there is no limit. "First, let's talk about what is called"Security Manager(SecurityManger ). The security manager has been available since JDK 1.0. How old is it! Java has considered the security factor since the day of design. Security Manager is the most important part of Sandbox and the overall coordination of access control, we can normally use the network and files normally, because when the application is started (Note that it is application, not applet!), If you do not add"-Djava. security. manager"Option, the JVM will not start Sandbox, then you can" Do whatever you want ", instead of encountering exceptions such as SecurityException; once added"-Djava. security. manager "option, you will find a series of exceptions!

1. ExceptionIn thread "main" java. security.AccessControlException: Access denied (......)
2. ......

Java has a built-in default security policy. In this case, the security manager first loads the Default policy. Do not believe it. Do not believe it. Check your "% JAVA_HOME % jrelibsecurity" directory, is there a Java. policy"File? Use notepad to open it and see:

1. // Standard extensions get all permissions by default
3. Grant codeBase "file: $ {java. home}/lib/ext /*"{
4. Permission java. security.AllPermission;
5. };
7. // Default permissions granted to all domains
9. Grant {
10. // Allows any thread to stop itself using the java. lang. Thread. stop ()
11. // Method that takes no argument.
12. // Note that this permission is granted by default only to remain
13. // Backwards compatible.
14. // It is stronugly recommended that you either remove this permission
15. // From this policy file or further restrict it to code sources
16. // That you specify, because Thread. stop () is potentially unsafe.
17. // See "http://java.sun.com/notes" for more information.
18. Permission java. lang.RuntimePermission"StopThread ";
20. // Allows anyone to listen on un-privileged ports
21. Permission java.net.SocketPermission"Localhost: 1024-", "listen ";
23. // "Standard" properies that can be read by anyone
25. Permission java. util.PropertyPermission"Java. version", "read ";
26. Permission java. util.PropertyPermission"Java. vendor", "read ";
27. Permission java. util.PropertyPermission"Java. vendor. url", "read ";
28. Permission java. util.PropertyPermission"Java. class. version", "read ";
29. Permission java. util.PropertyPermission"OS. name", "read ";
30. Permission java. util.PropertyPermission"OS. version", "read ";
31. Permission java. util.PropertyPermission"OS. arch" <