原文:
The sandbox is customizable
One of the greatest strengths of Java's security model is that two of the four components shown in the above list, the class loader and the security manager, are customizable. To customize a sandbox, you write a class that descends from java.lang.SecurityManager
. In this class, you override methods declared in the superclass that decide whether or not to allow particular actions, such as writing to the local disk. You will want to establish a custom SecurityManager
when you are using custom class loaders to load class that you don't fully trust.
As a developer, you may never need to create your own customized sandbox -- you can often make use of sandboxes created by others. When you write and run a Java applet, for instance, you make use of a sandbox created by the developers of the Web browser that hosts your applet.
Java 安全模型的最有力的优势来自上述列表中四项之中的两项:类装载器(class loader)和安全管理器(security manager),因为它们是可以定制。如果想定制化一个沙箱(sandbox),你可以写一个类继承自java.lang.SecurityManager类。在这个类中,重写父类中声明的方法决定是否允许特定的动作,比如说对本地磁盘进行写操作。当你使用定制的类装载器(custom class loaders)装载不完全信任的类的时候,此时你就会想要建立一个定制的安全管理器了。(SecurityManager)。
作为一个开发者,你可能需要创建属于你的定制化的沙箱,当然,你也可以使用其他人创建的沙箱。举个例子,当你编写并运行一个java小程序(Java Applet)的时候,可以使用浏览器(Web Browser)开发者创建的允许你的应用寄居的沙箱。
<望广大同行朋友批评指正,不胜感激>