【Java问题集】Caused by: java.security.AccessControlException: access denied

提示：文章写完后，目录可以自动生成，如何生成可参考右边的帮助文档

---

前言

今天在配置Java的测试环境时遇到了下面的错误。

Caused by: java.security.AccessControlException: access denied ("java.io.SerializablePermission" "enableSubclassImplementation")
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at com.sun.javaws.security.JavaWebStartSecurity.checkPermission(Unknown Source)
	一下部分省略

通过查看网络中的文章和JavaDoc文档，总结了解决方法。

为什么发生java.security.AccessControlException

为了防止恶意程序，Java也实现了自己的访问控制机制。通过编写安全策略文件实现访问控制。
默认的安全策略文件的路径为：

1. ${java.home}/lib/security/java.policy
2. ${user.home}/.java.policy

因此，首先需要查找jre系统属性java.home和user.home的值。

查找jre系统属性java.home和user.home

使用下面的程序，查看jre的路径：

package cn.com.chengq.example;

public class ShowProperties {
    public static void main(String[] args) {
        System.getProperties().forEach((k,v) -> {
            LogUtil.log("%s: %s", k, v);
        });
    }
}

在输出的结果中查找属性java.home和user.home的值。

添加安全访问策略

在文件${java.home}/lib/security/java.policy或${user.home}/.java.policy中添加相应的安全策略配置。
例如上面示例中出现的问题，需要在默认的${java.home}/lib/security/java.policy文件的最后添加配置：

// Standard extensions get all permissions by default

grant codeBase "file:${{java.ext.dirs}}/*" {
        permission java.security.AllPermission;
};

// default permissions granted to all domains

grant {
        // Allows any thread to stop itself using the java.lang.Thread.stop()
        // method that takes no argument.
        // Note that this permission is granted by default only to remain
        // backwards compatible.
        // It is strongly recommended that you either remove this permission
        // from this policy file or further restrict it to code sources
        // that you specify, because Thread.stop() is potentially unsafe.
        // See the API specification of java.lang.Thread.stop() for more
        // information.
        permission java.lang.RuntimePermission "stopThread";

        // allows anyone to listen on dynamic ports
        permission java.net.SocketPermission "localhost:0", "listen";

        // "standard" properies that can be read by anyone

        permission java.util.PropertyPermission "java.version", "read";
        permission java.util.PropertyPermission "java.vendor", "read";
        permission java.util.PropertyPermission "java.vendor.url", "read";
        permission java.util.PropertyPermission "java.class.version", "read";
        permission java.util.PropertyPermission "os.name", "read";
        permission java.util.PropertyPermission "os.version", "read";
        permission java.util.PropertyPermission "os.arch", "read";
        permission java.util.PropertyPermission "file.separator", "read";
        permission java.util.PropertyPermission "path.separator", "read";
        permission java.util.PropertyPermission "line.separator", "read";

        permission java.util.PropertyPermission "java.specification.version", "read";
        permission java.util.PropertyPermission "java.specification.vendor", "read";
        permission java.util.PropertyPermission "java.specification.name", "read";

        permission java.util.PropertyPermission "java.vm.specification.version", "read";
        permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
        permission java.util.PropertyPermission "java.vm.specification.name", "read";
        permission java.util.PropertyPermission "java.vm.version", "read";
        permission java.util.PropertyPermission "java.vm.vendor", "read";
        permission java.util.PropertyPermission "java.vm.name", "read";
   
        permission java.io.SerializablePermission "enableSubclassImplementation";
};

注意策略文件的格式，末尾需要添加分号

---

本文仅供参考，如有帮助不胜荣幸，请关注、点赞、收藏。
如需转载请注明出处。