


网上很多使用的是getProperties。说获得系统变量,但是其实不正确。getProperties中所谓的"system properties"其实是指"java system",而非"operation system",概念完全不同,使用getProperties获得的其实是虚拟机的变量形如: -Djavaxxxx。


意思就是说:希望使用Java的系统变量替代操作系统的变量获取,如果你想访问某个系统的环境变量(operation system properties),请把他重新定义个名字,传给Java的JVM变量(jvm system properties)。要获得系统的环境变量,请使用:



Determines the current system properties.

public static Properties getProperties()
Determines the current system properties.
First, if there is a security manager, its checkPropertiesAccess method is called with no arguments. This may result in a security exception.
The current set of system properties for use by the getProperty(String) method is returned as a Properties object. If there is no current set of system properties, a set of system properties is first created and initialized. This set of system properties always includes values for the following keys:
Key Description of Associated Value
java.version Java Runtime Environment version
java.vendor Java Runtime Environment vendor
java.vendor.url Java vendor URL
java.home Java installation directory
java.vm.specification.version Java Virtual Machine specification version
java.vm.specification.vendor Java Virtual Machine specification vendor
java.vm.specification.name Java Virtual Machine specification name
java.vm.version Java Virtual Machine implementation version
java.vm.vendor Java Virtual Machine implementation vendor
java.vm.name Java Virtual Machine implementation name
java.specification.version Java Runtime Environment specification version
java.specification.vendor Java Runtime Environment specification vendor
java.specification.name Java Runtime Environment specification name
java.class.version Java class format version number
java.class.path Java class path
java.library.path List of paths to search when loading libraries
java.io.tmpdir Default temp file path
java.compiler Name of JIT compiler to use
java.ext.dirs Path of extension directory or directories
os.name Operating system name
os.arch Operating system architecture
os.version Operating system version
file.separator File separator ("/" on UNIX)
path.separator Path separator (":" on UNIX)
line.separator Line separator ("\n" on UNIX)
user.name User's account name
user.home User's home directory
user.dir User's current working directory
Multiple paths in a system property value are separated by the path separator character of the platform.
Note that even if the security manager does not permit the getProperties operation, it may choose to permit the getProperty(String) operation.
    the system properties
    SecurityException - if a security manager exists and its checkPropertiesAccess method doesn't allow access to the system properties.
System.load(String filename)等同于:System.getProperties().load(String filename)它们的作用是可以从作为动态库德本地文件系统中指定的文件名加载代码文件。
System.setProperties(Properties propes):将系统属性设置为Properties参数;
System.setProperties(String key,String value)等同于System.getProperties().setProperties(String key,String value):设置指定键指示的系统属性


Microsoft VM是WIN32操作环境中的虚拟机,VM一般安装在大多数操作系统下,也包含在多数IE中。
Microsoft VM存在漏洞允许攻击者对user.dir属性进行访问。user.dir属性包含当前应用程序的工作目录信息,也包含用户名信息,利用这个漏洞可以获得当前用户名称。

根据JDK 7中的描述

Returns an unmodifiable string map view of the current system environment.

public static Map<String,String> getenv()
Returns an unmodifiable string map view of the current system environment. The environment is a system-dependent mapping from names to values which is passed from parent to child processes.
If the system does not support environment variables, an empty map is returned.
The returned map will never contain null keys or values. Attempting to query the presence of a null key or value will throw a NullPointerException. Attempting to query the presence of a key or value which is not of type String will throw a ClassCastException.
The returned map and its collection views may not obey the general contract of the Object.equals(java.lang.Object) and Object.hashCode() methods.
The returned map is typically case-sensitive on all platforms.
If a security manager exists, its checkPermission method is called with a RuntimePermission("getenv.*") permission. This may result in a SecurityException being thrown.
When passing information to a Java subprocess, system properties are generally preferred over environment variables.
    the environment as a map of variable names to values
    SecurityException - if a security manager exists and its checkPermission method doesn't allow access to the process environment
