1、Permission:
String path = "D:\\222.txt";
FilePermission f = new FilePermission(path, "read");
AccessController.checkPermission(f);
会报AccessControlException异常。
因为上面的代码会到C:\Program Files\Java\jre6\lib\security\java.policy找是否配了这个权限,没找到,因此报了AccessControlException异常。
因此在java.policy中加上
grant {
permission java.io.FilePermission "d:/222.txt","read";
};
或者
grant codeBase "file:/D:/code/java/studyspring2.5/classes/*"{ //你代码的类路径
permission java.io.FilePermission "d:/222.txt","read";
};
则不会报这个异常。
2、比如方法调用MethodA—>MethodB—>MethodC
检查权限的顺序C、B、A。
新建一个工程testsecurity创建一个类:
package security;
import java.io.FilePermission;
import java.security.AccessController;
import java.security.PrivilegedAction;
public class Test2 {
public void test(){
test1();
}
public void test1(){
// AccessController.doPrivileged(new PrivilegedAction() {
// public Object run(){
// String path = "d:\\111.txt";
// FilePermission f1 = new FilePermission(path, "read");
// AccessController.checkPermission(f1);
// System.out.println("check permission successfule!");
// return null;
// }
// });
String path = "d:\\111.txt";
FilePermission f1 = new FilePermission(path, "read");
AccessController.checkPermission(f1);
System.out.println("check permission successfule!");
}
}
打包成jar文件引进另外的工程,比如我的是(studyspring2.5)
在studyspring2.5新建一个类Test1
package security.s1;
import java.io.FilePermission;
import java.security.AccessController;
import security.Test2;
public class Test1 {
public void test(){
String path = "d:\\222.txt";
FilePermission f1 = new FilePermission(path, "read");
AccessController.checkPermission(f1);
Test2 t = new Test2();
t.test();
}
public static void main(String[] args) {
Test1 te = new Test1();
te.test();
}
}
然后在java.plicy中配上权限:
grant codeBase "file:/D:/code/java/studyspring2.5/classes/*"{
permission java.io.FilePermission "d:/222.txt","read";
};
grant codeBase "file:/D:/testsecurity.jar"{
permission java.io.FilePermission "d:/111.txt","read";
};
然后执行Test1中会报错,因为在Test2中的test方法中会检查Test1的权限也就是当前类是否具有d:222.txt的read属性。
因此会抛出错误:AccessControlException
因此在Test2中把test1方法改为:
public void test1(){
AccessController.doPrivileged(new PrivilegedAction() {
public Object run(){
String path = "d:\\111.txt";
FilePermission f1 = new FilePermission(path, "read");
AccessController.checkPermission(f1);
System.out.println("check permission successfule!");
return null;
}
});
}
doPrivileged方法只检查当前代码自己的权限,而不根据堆栈去检查Test1的权限,因此可以执行成功。