Set file permission in Java(Java 中文件权限的设置)

Prior to Java 6,  there is no good solution at the Java level to provide file permission management. You need to implement your own native methods or call the Runtime.exec() to invoke the system routine such as chmod in LInux. Since Java 6, Java introduces a set of methods which can be used to set the file permission at Java level. These methods include:

File.setReadable(boolean);
File.setWritable(boolean);
FIle.setExecutable(boolean);
File.setReadable(boolean, boolean);
File.setWritable(boolean, boolean);
FIle.setExecutable(boolean, boolean);

Here File.setReadable(boolean, true) is the same as File.setReadable(boolean) which set the permission for owner only. The two argument method provides some flexibility so that you can set the permission for the owner and everyone else. The second argument of the two argument method determines whether the permission applies to the owner only. If it's false, it will apply to everyone including the owner, otherwise, it will only apply to the owner.

Let's first create a normal file with default file permission, i.e, we don't set the file permission explicitly. The example is ran on Ubuntu which can demonstrate the file permission concept better.

File file = new File("file1.txt");
file.createNewFile();

This program will create a file named file1.txt, let's see the file permission, 

This file has a permission -rw-rw-r--(664), which means the owner and the users in group pike can read and write the file but cannot execute the file. While all other users can only read the file. Why this permission? This relates to theumask we set for the Ubuntu system we are using. In short, umask defines a set of permissions that applications cannot set on files. Here the umask is 0002. Java will create file without execute permission by default, so a file created with Java will have permission 666 before applying the system umask. The final file permission can be calculated as (application default permission - umask). That's why we see file1.txt has the final permission of 664.

Then let's explicitly set the file permission so that only the owner can read and write the file, all other users don't have any permission on this file. We may have below code:

File file = new File("file2.txt");
file.createNewFile();
 
file.setReadable(true, true);   // Only the owner can read
file.setWritable(true, true);   // Only the owner can write

Now, let's take a look at what the permission of file2.txt is :

Unfortunately, the file permission is still rw-rw-r--(664), this is not an expected result. This is because when you call File.setXXX(), it will not clear all the permissions first, it just set the requested permission. In above case, it just sets permission for owner and it doesn't care about permissions for other users.

To get the expected result, you need to first clear all permissions for all users. Hence the correct way of achieving the above request is below code:

File file = new File("file3.txt");
file.createNewFile();
 
// Clear all permissions for all users
file.setReadable(false, false); 
file.setWritable(false, false);
file.setExecutable(false, false);
 
file.setReadable(true, true);   // Only the owner can read
file.setWritable(true, true);   // Only the owner can write

file3.txt will be created with below permission:

 

Since Java 7, a new way of setting file permission is introduced with the introduction of Java Non-Blocking IO. The new way copies the idea from the permission management system from POSIX based system. That is, it will allow users to set permissions for owner, group and others just like what you can do on *nix based system. This gives more flexibility over Java 6 on how file permission can be set.

The new permission class is called PosixFilePermission and below is a demo on how to set the permission this way. We still try to set the permission that only owner can read and write the file. 

File file = new File("file4.txt");
file.createNewFile();
 
Set perms = new HashSet();
perms.add(PosixFilePermission.OWNER_READ);
perms.add(PosixFilePermission.OWNER_WRITE);
 
Files.setPosixFilePermissions(file.toPath(), perms);

Here is file4.txt's file permission:

Note, the new way can only be used on file systems which support POSIX file system. Otherwise, a java.lang.UnsupportedOperationException will be thrown. For example, if you run the above code on a Windows system, you will see above exception. 

Final words : to be cross platform compatible, you should combine the above ways of setting file permission in your application so that there is a fallback mechanism. For some applications where file permission should be strictly controlled, for example security applications, you may even need to use the native methods.




Java提供了一套权限控制机制,可以对用户访问服务器文件进行权限控制。 具体的实现方式是: 1. 定义文件访问权限对象(Permission):通过定义文件访问权限对象(例如FilePermission),来描述用户对文件访问的权限权限对象包括文件路径、访问方式等信息。 2. 创建权限集合(PermissionCollection):通过创建权限集合,将多个权限对象合并到一个集合,方便进行权限控制。 3. 配置安全策略文件:在安全策略文件,可以定义用户的访问权限,例如指定某个用户可以读取某个文件权限。 4. 运行时进行权限检查:在程序运行时,通过SecurityManager来进行权限检查,检查用户是否具有访问文件权限。 下面是一个简单的例子,展示了如何对用户访问服务器文件进行权限控制: ```java import java.io.FilePermission; import java.security.AccessControlException; import java.security.AccessController; import java.security.PermissionCollection; public class TestFilePermission { public static void main(String[] args) { // 定义文件访问权限 FilePermission filePermission = new FilePermission("/path/to/file.txt", "read"); // 创建权限集合 PermissionCollection permissionCollection = filePermission.newPermissionCollection(); permissionCollection.add(filePermission); // 配置安全策略文件 System.setProperty("java.security.policy", "file:/path/to/security.policy"); // 运行时进行权限检查 try { AccessController.checkPermission(filePermission); System.out.println("User has permission to access the file."); } catch (AccessControlException e) { System.out.println("User does not have permission to access the file."); } } } ``` 在上述例子,首先定义了用户对文件的访问权限,然后将其添加到权限集合。然后,在安全策略文件配置了用户的访问权限,最后在程序运行时,通过AccessController来进行权限检查。如果用户具有访问文件权限,则输出"User has permission to access the file.",否则输出"User does not have permission to access the file."。 总之,Java提供了一套完整的权限控制机制,可以对用户访问服务器文件进行细粒度的权限控制。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值