Java Policy

# What

 

The policy for a Java™ programming language application environment (specifying which permissions are available for code from various sources, and executing as various principals) is represented by a Policy object. More specifically, it is represented by a Policy subclass providing an implementation of the abstract methods in the Policy class (which is in the java.security package).

Java™ 编程语言应用环境的安全策略是以一个 Policy 对象表示的。具体来说,它表示一个 Policy 的子类,该子类提供了类 Policy(在 java.security 包中)的抽象方法的实现。 

 

# Why

 

Policy 定义了很多 Permission,包括文件读取、网络等。只需要一个文件,就可以相对简单有效的控制 Java 程序的安全。

 

# How

 

Example:

// If the code is signed by "Duke", grant it read/write access to all 
// files in /tmp:
grant signedBy "Duke" {
    permission java.io.FilePermission "/tmp/*", "read,write";
};

// Grant everyone the following permission:
grant { 
    permission java.util.PropertyPermission "java.vendor", "read";
};

 

 

# Reference

http://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html

posted @ 2017-03-14 17:21  Piers  阅读(254)  评论(0编辑  收藏  举报