Java's JVM Learning note four (security Manager)

Java's JVM Learning note four (security Manager)

The two components of the Java security Model (the class loader, type Checker) are described earlier, and the next step in the Java security model is to learn about the security Manager, which is another important component.

The security Manager is a separate object in the Java virtual machine, which has a central role in access control-access control for external resources

If the light-looking concept may not be well understood, or rather abstract, here is a constructor for ClassLoader, which is a simple look at what it does before initializing ClassLoader.

[Java]View Plaincopy

1. Protected ClassLoader (ClassLoader parent) {
2. SecurityManager security = System.getsecuritymanager ();
3. if (Security! = null) {
4. Security.checkcreateclassloader ();
5. }
6. this.parent = parent;
7. initialized = true;
8. }

The first word of this constructor (and, of course, the implicit invocation) is System.getsecuritymanager (); This line of code returns a security Manager object, The directory to which this object belongs is Java.lang.SecurityManager.

This constructor first determines if the security manager (in the previous class loader section, we mentioned that the class loader and security Manager can be customized by the user, here is the embodiment!! Since there is System.getsecuritymanager (), you should certainly guess that there is a system.setsecuritymanager ();), that is, the security manager is not empty, then perform the checksum, Jump to Checkcreateclassloader (); see what he's doing.

[Java]View Plaincopy

1. Public void Checkcreateclassloader () {
2. Heckpermission (securityconstants.create_classloader_permission);
3. }

Here again called another method, from the method name, it can be guessed that this method is used to verify the permissions, check whether there is permission to create ClassLoader, and then jump to the Checkpermisson method

[Java]View Plaincopy

2. public static void Checkpermission (Permission perm)
4. throws Accesscontrolexception
6. {
8. //system.err.println ("checkpermission" +perm);
10. //thread.currentthread (). DumpStack (); if (perm = = null) {
12. throw New NullPointerException ("permission can ' t be null");
14. } AccessControlContext stack = Getstackaccesscontrolcontext ();
16. //If context is null and we had privileged system code on the stack.
18. if (stack = = null) {
20. Debug debug = Accesscontrolcontext.getdebug ();
22. Boolean dumpdebug = false;
24. if (debug! = null) {
26. Dumpdebug =!  Debug.ison ("codebase=");
28. Dumpdebug &=!  Debug.ison ("permission=") | |
30. Debug.ison ("permission=" + perm.getclass (). Getcanonicalname ());
32. } if (Dumpdebug && Debug.ison ("stack")) {
34. Thread.CurrentThread (). DumpStack ();
36. } if (Dumpdebug && debug.ison ("domain")) {
38. Debug.println ("domain (context is null)");
40. } if (dumpdebug) {
42. Debug.println ("Access allowed" +perm);
44. }
46. return;
48. } AccessControlContext acc = Stack.optimize ();
50. Acc.checkpermission (perm);
52. }
54. }

The above method some code is difficult to understand, we do not have to read every line ( This method involves more things, it involves code signing authentication, policy and protection domain, these we will explain in detail in the latter section, do not understand the first skip), see its annotations/if context is NULL, we had privileged system code on the stack. This means that if the current Access controller context is empty, the systems codes on the stack will be privileged to find acc.checkpermission (perm); Jump in and find the code below .

[Java]View Plaincopy

2. /*
4. * Iterate through the protectiondomains in the context.
6. * Stop at the first one, doesn ' t allow the
8. * Requested permission (throwing an exception).
10. *
12. */ * If Ctxt is null, all we had on the stack were system domains,
14. Or the first domain was a privileged system domain. This
16. is to make the common case for system code very FAST * /if (context = = null)
18. return; For (int i=0; i< context.length; i++) {
20. if (context[i]! = null &&!context[i].implies (perm)) {
22. if (dumpdebug) {
24. Debug.println ("Access denied" + perm);
26. } if (Debug.ison ("failure") && Debug! = null) {
28. //Want to make sure this is the displayed for failure,
30. want to display again if already displayed
32. //above.
34. if (!dumpdebug) {
36. Debug.println ("Access denied" + perm);
38. }
40. Thread.CurrentThread (). DumpStack ();
42. final Protectiondomain pd = Context[i];
44. Final Debug db = Debug;
46. Accesscontroller.doprivileged (new Privilegedaction () {
48. Public Object Run () {
50. Db.println ("domain that Failed" +pd);
52. return null;
54. }
56. });
58. }
60. throw New Accesscontrolexception ("Access Denied" +perm, Perm);
62. }
64. }

Nothing to look at, just look at the top of that paragraph of the note, meaning traversal context in the protection domain, once found that the requested permission is not allowed, stop, throw an exception, here we have a relatively clear concept, the security Manager is used to control the execution of permissions, and the above code has a very important class Accesscontroller, Access controller, there is also a very important term protection domain ( protection domain We also have a simple in the previous section, is not a bit of impression), these may now listen a little vague, do not worry, temporarily do not tube, They will be explained slowly in a later chapter.

Well, after you understand what the security manager is doing, next, do a next experiment, first to verify that the default security management is not installed, and then try to install it. In my environment I did not install the default security manager, and did not write my own security manager based on the default security manager, if need to open, can be displayed in the program to install the Security manager, the same can let it automatically install the default security manager ( Add a-djava.security.manager to the JVM.

Below we use familiar ecplise to write a simple demo to see before and after the installation of the difference, in the next section, will be detailed to learn code signing authentication and policy, and write a security manager of their own.

[Java]View Plaincopy

1. <span style="FONT-SIZE:14PX;" > public static void Main (string[] args) {
2. System.out.println (System.getsecuritymanager ());
3. }</span>

Run this main function and output what? Yes output NULL, this time we did not install the default security Manager

Re-run, in ecplise right-click--run as--run configuration--arguments, in the VM Arguments column input

-djava.security.manager. When you click Run, what do you see at this time?

Output: The name of the SecurityManager object. This is when the default security manager is installed.

Summarize:

In a Java virtual machine, it plays a central role in access control-access control for external resources

Java's JVM Learning note four (security Manager)