开发者

Java Security Manager - What does it check?

问答 作者:

This article about Java security says:

Code in the Java library consults the Security Manager whenever a dangerous operation is about to be attempted.

So, what does this exactly mean? Say, if I've implemented my own securitymanager and enabled it for the whole JVM. Now, does the java runtime consults my securitymanager for each and every java call(like System.out.println() etc) or it consults only for dangerous api calls like System.exit() ,file 开发者_如何学Gooperations etc?

edit: let me clarify my question,

I'm not questioning the possiblities of the securitymanager. I'm just asking if the security checks are done for the dangerous api's alone or it is done for each and every method call. Which inturn causes a huge performance degradation in case of applications with large amounts of code.

It will only consult the SecurityManager if the code says so. It won't do it for every single operation.

For example in Runtime.exit, you see that the SecurityManager is consulted:

public void exit(int status) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
    security.checkExit(status);
}
Shutdown.exit(status);
}

Similarly, in File, you will see that most methods consult the SecurityManager. Example:

public boolean canWrite() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
    security.checkWrite(path);
}
return fs.checkAccess(this, FileSystem.ACCESS_WRITE);
}

If you are writing a method which might be "dangerous" then you should also consult the SecurityManager.

Using security manager you could control access to :

  1. File operations
  2. Reflection facility
  3. Read/Write IO
  4. Thread/Thread group operations
  5. Socket operations(listen, accept etc.)
  6. Power to create your own classloader.

For each such thing there is a check*() method in SecurityManager

For an exhaustive list check the constants in SecurityConstants

The security manager uses a policy file to see what is permitted and what's not permitted. "Dangerous" operations, as determined by this policy file, is granted or denied during the execution.

You can find more details about the default policy for Sun/Oracle JVM here:

http://download.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html

继续阅读:securitymanager

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9