java AccessController.doPrivileged使用

AccessController.doPrivileged意思是这个是特别的,不用做权限检查.

在什么地方会用到呢:加入1.jar中有类可以读取一个文件,现在我们要使用1.jar去做这个事情.但是我们的类本生是没有权限去读取那个文件的,一般情况下就是眼睁睁的看着了.

但是jiava提供了doPrivileged.在1.jar中如果读取文件的方法是通过doPrivileged来实现的.就不会有后面的检查了,现在我们就可以使用1.jar去读取那个文件了.

例子:

package huangyunbin.client;  

import java.io.FilePermission;  
import java.security.AccessController;  
import java.security.Permission;  
import java.security.PrivilegedAction;  

public class Client  
{  
    public   void  doCheck() {  
                AccessController.doPrivileged( new  PrivilegedAction()  {  
            public  Object run()  {  
                check();  
                return   null ;  
            }  
        } );  
    }  

    private   void  check()  {  
        Permission perm  =   new FilePermission( "/1.txt" ,  "read" );  
        AccessController.checkPermission(perm);  
        System.out.println( " TestService has permission " );  
    }  
}  

把这个类打包成client.jar 放到/home/h/client/下
我们建立个my.policy文件,文件内容是:

grant codeBase  "file:/home/h/client/*"   {  
     permission java.io.FilePermission  "/1.txt","read";  
 }; 

配置文件的意思是 /home/h/client/下面的jar包或class类 可以读取/1.txt.

现在我们再创建一个项目:创建一个类来调用前面的Client

public class server  
{  
    public static void main(String[] args)  
    {  
        Client c =new    Client();  
        c.doCheck();  
    }  
} 

运行这个server类.注意这里要用上之前的my.policy文件
在vm参数中写上这样的:

-Djava.security.manager   
-Djava.security.policy=/home/h/my.policy  

运行,结果是
TestService has permission

在配置文件my.policy中我们没有允许server去读取/1.txt,但是现在却可以正常访问.这个就是 AccessController.doPrivileged的作用.

转载自:http://huangyunbin.iteye.com/blog/1942509

java.lang.IllegalStateException: mBeanFactory.removeContext.addServicedFail at org.apache.catalina.mbeans.MBeanFactory.removeContext(MBeanFactory.java:767) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:294) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) at com.sun.jmx.remote.security.MBeanServerAccessController.invoke(MBeanServerAccessController.java:468) at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1468) at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76) at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1309) at java.security.AccessController.doPrivileged(Native Method) at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1408) at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:829) at sun.reflect.GeneratedMethodAccessor49.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357) at sun.rmi.transport.Transport$1.run(Transport.java:200) at sun.rmi.transport.Transport$1.run(Transport.java:197) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Transport.java:196) at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
06-03
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值