【Java安全技术探索之路系列：J2SE安全架构】之一：J2SE安全架构开篇

作者：郭嘉
邮箱：[email protected]
博客：http://blog.csdn.net/allenwells
github：https://github.com/AllenWell

【Java 安全技术探索之路系列：J2SE安全架构】章节列表

【Java安全技术探索之路系列：J2SE安全架构】之一：J2SE安全架构开篇
【Java 安全技术探索之路系列：J2SE安全架构】之五：类加载器
【Java 安全技术探索之路系列：J2SE安全架构】之六：安全管理工具

从Java语言设计之初，安全就是Java技术中不可分割的一部分，该安全架构体现在两个方面：

• Java安全架构基于JVM和Java语言，实现了基本的Java安全目标，并不断扩展其安全功能以确保机密性、完整性和信任度。
• Java安全架构提供可互操作的，独立于平台的安全基础设施，该基础设施能集成底层操作系统和服务的安全。

J2SE安全架构基本结构

在J2SE安全架构中，所有代码都要遵循JVM用户或管理员配置的安全策略，所有代码都被配置使用特定的域（沙箱）和安全策略，该安全策略决定了能否在特定域中运行。

相对于J1SE，J2SE针对安全架构做的改进如下所示：

• 使用限制策略对JVM资源的访问，
• 基于规则的类加载器和字节码验证。
• 用于代码签名和指定能力等级的系统，、
• 使用策略限制通过Web浏览器下载的Applet的访问权限。

J2SE安全架构基本结构及其基本元素如下图所示：

一 保护域

保护域（ProtectionDomain）是将类和实例分组，然后将其同一组资源权限相关联。保护域分为两大类：

• 系统域
• 应用域

所有受保护的外部资源，如文件系统、网络等都只能通过系统域来访问。属于同一个执行线程的资源被视为是一个应用域。

保护域由Java运行环境定义的安全策略决定的。java.security.ProtectionDomain封装了保护域的特征，保护域包含了一系列的类和以用户的名义运行时授予这些类的权限。

二 权限

权限（Permission）决定了允许还是拒绝对JVM资源的访问。抽象类java.security.Permission是一个根类，它表示对目标资源的访问权限，它还包含了一组用于构建对特定资源的访问权限的操作。

三 策略

策略通过访问权限和权限集为所有运行的Java代码定义了保护域，策略由java.security.Policy对象来表示，该对象提供了一种声明权限的方式，以便授予Java应用访问所需资源的权限。通常，所有JVM都内置了安全机制，允许使用Java安全策略文件来定义权限，JVM使用策略驱动的访问控制机制，这是通过动态地映射一组静态权限来实现，这组静态权限定义于一个或多个策略配置文件，这些条目通常被称为grant条目。

在J2SE环境中，默认的系统安全策略文件是JRE_HOME/lib/security、java.policy，该文件的内容如下所示：

// Standard extensions get all permissions by default

grant codeBase "file:${
   {java.ext.dirs}}/*" {
        permission java.security.AllPermission;
};

// default permissions granted to all domains

grant {
        // Allows any thread to stop itself using the java.lang.Thread.stop()
        // method that takes no argument.
        // Note that this permission is granted by default only to remain
        // backwards compatible.
        // It is strongly recommended that you either remove this permission
        // from this policy file or further restrict it to code sources
        // that you specify, because Thread.stop() is potentially unsafe.
        // See the API specification of java.lang.Thread.stop() for more
        // information.
        permission java.lang.RuntimePermission "stopThread";

        // allows anyone to listen on dynamic ports
        permission java.net.SocketPermission "localhost:0", "listen";

        // "standard" properies that can be read by anyone

        permission java.util.PropertyPermission "java.version", "read";
        permission java.util.PropertyPermission "java.vendor", "read";
        permission java.util.PropertyPermission "java.vendor.url", "read";
        permission java.util.PropertyPermission "java.class.version", "read";
        permission java.util.PropertyPermission "os.name", "read";
        permission java.util.PropertyPermission "os.version", "read";
        permission java.util.PropertyPermission "os.arch", "read";
        permission java.util.PropertyPermission "file.separator", "read";
        permission java.util.PropertyPermission "path.separator", "read";
        permission java.util.PropertyPermission "line.separator", "read";

        permission java.util.PropertyPermission "java.specification.version", "read";
        permission java.util.PropertyPermission "java.specification.vendor", "read";
        permission java.util.PropertyPermission "java.specification.name", "read";

        permission java.util.PropertyPermission "java.vm.specification.version", "read";
        permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
        permission java.util.PropertyPermission "java.vm.specification.name", "read";
        permission java.util.PropertyPermission "java.vm.version", "read";
        permission java.util.PropertyPermission "java.vm.vendor", "read";
        permission java.util.PropertyPermission "java.vm.name", "read";
};

策略文件的位置由安全属性文件中的JRE_HOME/security/java.security的设置来定义的，该文件的内容如下所示：

#
# This is the "master security properties file".
#
# An alternate java.security properties file may be specified
# from the command line via the system property
#
#    -Djava.security.properties=<URL>
#
# This properties file appends to the master security properties file.
# If both properties files specify values for the same key, the value
# from the command-line properties file is selected, as it is the last
# one loaded.
#
# Also, if you specify
#
#    -Djava.security.properties==<URL> (2 equals),
#
# then that properties file completely overrides the master security
# properties file.
#
# To disable the ability to specify an additional properties file from
# the command line, set the key security.overridePropertiesFile
# to false in the master security properties file. It is set to true
# by default.

# In this file, various security properties are set for use by
# java.security classes. This is where users can statically register
# Cryptography Package Providers ("providers" for short). The term
# "provider" refers to a package or set of packages that supply a
# concrete implementation of a subset of the cryptography aspects of
# the Java Security API. A provider may, for example, implement one or
# more digital signature algorithms or message digest algorithms.
#
# Each provider must implement a subclass of the Provider class.
# To register a provider in this master security properties file,
# specify the Provider subclass name and priority in the format
#
#    security.provider.<n>=<className>
#
# This declares a provider, and specifies its preference
# order n. The preference order is the order in which providers are
# searched for requested algorithms (when no specific provider is
# requested). The order is 1-based; 1 is the most preferred, followed
# by 2, and so on.
#
# <className> must specify the subclass of the Provider class whose