Every Java application can have its own security manager, which is the main security guard against malicious attacks. The security manager performs runtime checks and Access Authorization to implement the security policies required by the application to protect resources from malicious operations. In fact, the security manager decides which group of permissions to grant to the Class Based on the Java security policy file. However, when untrusted classes and third-party applications use JVM, Java security manager uses JVM-related security policies to identify malicious operations. In many cases, the threat model does not contain malicious code running in JVM, so the Java security manager is not necessary. When the security manager detects a violation of the security policy, the JVM will cause accesscontrolexception or securityexception.
In Java applications, the security manager is set by the setsecuritymanager method in the system class. To obtain the current security manager, you can use getsecuritymanager.
The Java. Lang. securitymanager class contains many checkxxxx methods, such as the checkread (string file) method used to determine the file access permission. These Check Methods call the securitymanager. checkpermission method, which determines whether the called application has the operation permission to execute the request based on the security policy file. If no, securityexception is thrown.
To enable the application to use the security manager and Security Policy, you can set the-djava. Security. Manager option when starting JVM, and specify the security policy file at the same time. If Java security manager is enabled in the application, but no security policy file is specified, Java security manager uses the default security policy, they are written by Java in the $ java_home/JRE/lib/security directory. policy.
ConceptPolicy class loaders use policy objects to help them decide what permissions should be granted when a piece of code is imported to a virtual machine. each application has only one policy object at any time. the policy subclass of the policy file Sun's java1.2 platform describes the security policy in an ASCII policy file using context-independent grammar. A policy file contains a series of grant clauses, each of which grants some permissions to a code source. Protectiondomain: when the class loaders load types to a Java virtual machine, they assign a protection domain for each type to protect the domain definition from granting all permissions for a specific piece of code. each type loaded into the Java Virtual Machine belongs to one and only belongs to one protection domain. access Controller (accesscontroller) implies () is used to determine the permission of a permissioin object and whether the permission of another permissioin object is implicitly granted. The core method of checkpermission () accesscontroller. This method determines whether a specific operation can be allowed. it checks the stack from top to bottom. As long as it encounters an unauthorized token, it will throw an accesscontrolexception guide. Doprivileged () Sometimes, code with a higher invocation stack (closer to the top stack) may want to execute a piece of code, which is not allowed to be executed at a lower layer of the invocation stack. To make trusted code perform unreliable code operations (this unreliable code is located at a lower layer of the Call Stack and has no permission to perform this operation ), the accesscontroller class reloads four static methods named doprivileged. accesscontroller ignores the permission of the caller who calls the doprivileged () method. permission: Permission is an abstract class Java. security. permission is represented by an instance of a subclass. codesource: code source, including the code library URL and signatory. permissions: a subclass of permissioncollection
To generate a protected domain during loading:1. Generate a policy object based on the specified policy file. 2. Generate codesourc4use codesource to find the permissions4 corresponding to codesource in the policy. Use codesource and permissons to construct a protectiondomain5. Use protectiondomain to be the same class in the method area. connect the data (classloader. defineclass ()).
Run permission check:For example, if the current application executes new fileinputstream(a.txt), Java will check that the current Code has the permission to read a.txt. Step: 1. Call the securitymanager. checkread () method 2. Call accesscontrol. checkpermission () method and execute the stack check.
Steps for implementing the security manager:
(1) create a subclass of securitymanager;
(2) override some methods.
Import java. Io .*;
Public class testsecurity
{
Public static void main (string ARGs [])
{
Try {
System. setsecuritymanager (New passwordsecuritymanager ("123456 "));
} Catch (securityexception SE ){
System. Out. println ("securitymanager already set! ");
}
Try {
// Datainputstream FD = new datainputstream (New fileinputstream ("input.txt "));
Bufferedreader FCM = new bufferedreader (New filereader ("input.txt "));
// Dataoutputstream Fos = new dataoutputstream (New fileoutputstream ("output.txt "));
Bufferedwriter Fos = new bufferedwriter (New filewriter ("output.txt "));
String inputstring;
While (inputstring = Fi. Readline ())! = NULL ){
// FOS. writebytes (inputstring );
// FOS. writebyte ('\ n ');
FOS. Write (inputstring );
FOS. Write ('\ n ');
}
FCM. Close ();
FOS. Close ();
} Catch (ioexception IOE ){
System. Out. println ("I/O failed for securitymanagertest .");
} Catch (exception E)
{
System. Out. println (E. tostring ());
}
}
}
Import java. Io .*;
Class passwordsecuritymanager extends securitymanager {
Private string password;
Passwordsecuritymanager (string password ){
Super ();
This. Password = password;
}
Private Boolean accessok (){
Int C;
// Datainputstream Dis = new datainputstream (system. In );
Bufferedreader Dis = new bufferedreader (New inputstreamreader (system. In ));
String response;
System. Out. println ("what's the secret password? ");
Try {
Response = dis. Readline ();
If (response. Equals (password ))
Return true;
Else
Return false;
} Catch (ioexception e ){
Return false;
}
}
Public void checkread (filedescriptor ){
If (! Accessok ())
Throw new securityexception ("Not a chance! ");
}
Public void checkread (string filename ){
If (! Accessok ())
Throw new securityexception ("No way! ");
}
Public void checkread (string filename, object executioncontext ){
If (! Accessok ())
Throw new securityexception ("forget it! ");
}
Public void checkwrite (filedescriptor ){
If (! Accessok ())
Throw new securityexception ("not! ");
}
Public void checkwrite (string filename ){
If (! Accessok ())
Throw new securityexception ("not even! ");
}
}