As we all know, Java has a sound security framework. From programming languages, compilers, and interpreters to Java virtual machines, it can ensure that the java system is not secretly damaged by Invalid code or hostile compilers. Basically, they ensure that Java code operates according to predefined rules. However, when we need to pass these restrictions, such as reading and writing files, listening and reading and writing sockets, and exiting the java system, we must use a digital signature or security policy file (*. Policy ).
---- In the enterprise intranet, this article proposes a simple method to set Java program permissions using security policy files. Because the locations, purposes, and security of each computer in the enterprise intranet are clear, it is more suitable to use security policy files to set Java permissions. Software Installation, setup, upgrade, and migration are very convenient, in addition, it can be used with a digital signature. More importantly, it can subscribe the permissions of each Java program, which is flexible and convenient to use.
1. concept of security policy in Java
---- The security policy of the Java application environment, which describes in detail the permission for different resources owned by different codes, which is expressed by a policy object. To enable the applet (or an application running under securitymanager) to execute protected behaviors, such as reading and writing files, the applet (or Java application) must obtain the permission for that operation, the security policy file is used to implement these licenses.
---- The policy object may have multiple entities, although only one of them can work at any time. The currently Installed Policy object can be obtained by calling the getpolicy method in the program or by calling the setpolicy method. The policy object evaluates the entire policy and returns an appropriate permissions object, detailing the code that can access those resources.
---- Policy files can be stored in non-formatted ASCII files, binary files of policy classes, or databases. This article only discusses the format of non-formatted ASCII files.
Ii. Policy File Format
---- For better understanding of the following content, it is recommended that you refer to/jdk1.2/JRE/lib/security/Java during reading. policy file and/jdk1.2/JRE/lib/security/Java. security File.
---- 1. Syntax format and description of the policy file
---- A policy file is essentially a record list, which may contain one "keystore" record and zero or multiple "Grant" records. The format is as follows:
Keystore "some_keystore_url ",
"Keystore_type ";
Grant [signedby "signer_names"]
[, Codebase "url"] {
Permission permission_class_name
["Target_name"]
[, "Action"] [, signedby "signer_names"];
Permission...
};
---- 1.1 "keystore" records
---- A keystore is a private key database and a digital signature, such as an X.509 Certificate. The policy file may have only one keystore record (or this record may not exist), which can appear anywhere except the grant record in the file. The keystores specified in the policy configuration file is used to find the Public Key (public keys) of the signer specified in the grant record. If any grant record specifies the signer_names, the keystore record must appear in the policy configuration file.
---- "Some_keystore_url" refers to the URL location of the keystore, and "keystore_type" refers to the type of the keystore. The second option is optional. If not specified, this type is determined by the "keystore. Type" attribute in the Security Attribute file (Java. Security. The keystore type defines the storage and data format of the keystore information, and is used to protect the private key and the key store integrity algorithm in the keystore. Sun Microsystems supports "jks" by default ".
---- 1.2 "Grant" records
---- Each grant record in the policy file contains a codesource (a specified code) and its permission (license ).
---- Each grant record in the Policy File follows the following format and starts with the reserved word "Grant", indicating the start of a new record. "permission" is another reserved word, indicates the start of a new license in the record. Each grant record grants a Specified Code (codebase) a set of licenses ).
---- Permission_class_name must be a qualified and existing class name, such as Java. Io. filepermission, and cannot be abbreviated (for example, filepermission ).
---- Target_name is used to specify the location of the target class, and action is used to specify the permissions of the target class.
---- Target_name you can directly specify the class name (which can be an absolute or relative path), directory name, or the following wildcard:
All files under directory /*
* All files in the current directory
All files in the directory, including subdirectories
-All files in the current directory, including subdirectories
All files in the file system
For Java. Io. filepermission, the action can be:
Read, write, delete, and execute.
For java.net. socketpermission, the action can be:
Listen, accept, connect, read, write.
---- Property expansion in the 1.3 policy file)
---- Property extension is similar to the variable extension used in shell. Its format is:
"$ {Some. Property }"
An example is as follows:
Permission java. Io. filepermission
"$ {User. Home}", "read ";
The value of "$ {user. Home}" is "D:/Project ",
Therefore, the following statements are the same as the preceding statements:
Permission java. Io. filepermission"
D:/Project "," read ";
Iii. Instances
---- When initializing the policy, first load the system policy and then add the user policy. If neither of them exists, use the Default policy, that is, the original Sandbox Model.
---- The default location of the system policy file is:
{Java. Home}/lib/security/Java. Policy (Solaris)
{Java. Home}/lib/security/Java. Policy (Windows)
The default location of the user policy file is:
{User. Home}/. java. Policy (Solaris)
{User. Home}/. java. Policy (Windows)
---- Actually, in actual use, we may not be as complicated as described above, especially when no digital signature is used. At this time, we can fully learn from the ready-made/jdk1.2/JRE/lib/security/Java provided by JDK 1.2. policy file, which is modified according to our needs. This article describes the usage of the security policy file in detail when no digital signature is used.
---- The following is a complete. java. Policy file used in Windows 95/98/NT. In the file, the usage of each "permission" record is described in the form of annotations respectively.
// For lanservertalk. Java and lanclienttalk. Java
Grant {
// Read the system and user directory
Permission java. util. propertypermission
"User. dir", "read ";
Permission java. util. propertypermission
"User. Home", "read ";
Permission java. util. propertypermission
"Java. Home", "read ";
Permission java. util. propertypermission
"Java. Class. Path", "read ";
Permission java. util. propertypermission
"User. Name", "read ";
// Operation permissions on threads and thread groups
Permission java. Lang. runtimepermission
"Modifythread ";
Permission java. Lang. runtimepermission
"Modifythreadgroup ";
// Perform operations on various permissions on the socket Port
Permission java.net. socketpermission
"-", "Listen ";
Permission java.net. socketpermission
"-", "Accept ";
Permission java.net. socketpermission
"-", "Connect ";
Permission java.net. socketpermission "-", "read ";
Permission java.net. socketpermission "-", "write ";
// ACL for reading and writing files
Permission java. Io. filepermission "-", "read ";
Permission java. Io. filepermission "-", "write ";
// Permission to exit the system, such as system. Exit (0)
Permission java. Lang. runtimepermission "exitvm ";
};
Iv. Use of Java. policy files
---- For Windows 95/98/NT, there are two methods to use the. java. Policy file.
---- 1. Use the default directory
---- We can simply edit it. java. copy the policy file to the Home Directory of Windows 95/98/NT. In this case, all the applets (or Java applications) may have the same permissions, which is easy to use, but not flexible (for example, for Java. io. filepermission, The target_name of the target class must use an absolute path). If it is not used in the enterprise intranet, there may be some security risks.
---- 2. Specify
---- In the command line, if we want to pass a policy file to appletviewer, you can also use the "-J-Djava.security.policy" parameter to specify the location of the policy:
Appletviewer-J-Djava.security.
Policy = purl myapplet
---- Purl is the location of the policy file. Handler (load and run lanservertalk. Java in the file ):
Appletviewer-J-Djava.security.policy
=. Java. Policy lanservertalk.html
---- This method is flexible, especially when a software package is released on the enterprise intranet, the software is installed, set up, and migrated without having to modify the content of the policy file, scope control of security licenses is more precise.