AccessController 类用于以下三个目的:
1. 基于当前生效的安全策略决定是允许还是拒绝对关键系统资源的访问。
2. 将代码标记为享有“特权”,从而影响后续访问决定,以及获取当前调用上下文的“快照”,这样便可以相对于已保存的上下文作出其他上下文的访问控制决定。
package com.what21.security01;
import java.awt.AWTPermission;
import java.io.FilePermission;
import java.security.AccessController;
public class PermissionTest {
public static void main(String[] args) {
// 检查用户的AWT权限
AWTPermission ap = new AWTPermission("accessClipboard");
AccessController.checkPermission(ap);
// 检查用户的文件权限
FilePermission fp = new FilePermission("c:\\exec.bat", "read");
AccessController.checkPermission(fp);
}
}
package com.what21.security01;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FilePermission;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
public class PermissionTest02 {
public static void main(String[] args) throws FileNotFoundException {
// 检查用户的文件权限
FilePermission fp = new FilePermission("c:\\exec.bat", "read");
AccessControlContext acc = AccessController.getContext();
acc.checkPermission(fp);
//
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
return new Object();
}
}, acc);
// 文件访问控制校验
try {
FileInputStream fis = (FileInputStream) AccessController
.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws FileNotFoundException {
return new FileInputStream("someFile");
}
});
} catch (PrivilegedActionException e) {
throw (FileNotFoundException) e.getException();
}
}
}