sample.policy
grant {
permission java.security.AllPermission;
};
SampleProject\SampleProject.java
package sampleproject;
import lib.Lib;
/**
*
* @author java
*/
public class SampleProject {
public static void main(String[] args) {
Lib l = new Lib();
l.method();
}
}
Lib\Lib.java
package lib;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.stream.Stream;
/**
*
* @author java
*/
public class Lib {
public void method() {
try {
Stream<Path> s = Files.list(Paths.get("C:\\dirtest"));
s.forEach(System.out::println);
} catch (IOException ex) {
ex.printStackTrace();
}
}
}
C:\Users\java\Documents\NetBeansProjects\SampleProject\build\classes>java -cp .;C:\Users\java\Documents\NetBeansProjects\Lib\dist\Lib.jar -Djava.security.manager -Djava.security.policy=C:\Users\java\Documents\NetBeansProjects\SampleProject\sample.policy sampleproject.SampleProject
C:\dirtest\showa.txt
C:\dirtest\test.java
C:\dirtest\test.txt
C:\dirtest\testfile.txt
C:\dirtest\testmakefile.txt
C:\dirtest\testwritefile.txt
codeBaseでLib.jarだけに権限を与えたポリシーで動かすと、SampleProjectの権限がないのでエラーになる
sample2.policy
grant codeBase "file:C:/Users/java/Documents/NetBeansProjects/Lib/dist/Lib.jar" {
permission java.security.AllPermission;
};
C:\Users\java\Documents\NetBeansProjects\SampleProject\build\classes>java -cp .;C:\Users\java\Documents\NetBeansProjects\Lib\dist\Lib.jar -Djava.security.manager -Djava.security.policy=C:\Users\java\Documents\NetBeansProjects\SampleProject\sample2.policy sampleproject.SampleProject
Exception in thread "main" java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\dirtest" "read")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661)
at java.base/sun.nio.fs.WindowsPath.checkRead(WindowsPath.java:847)
at java.base/sun.nio.fs.WindowsFileSystemProvider.newDirectoryStream(WindowsFileSystemProvider.java:520)
at java.base/java.nio.file.Files.newDirectoryStream(Files.java:472)
at java.base/java.nio.file.Files.list(Files.java:3699)
at lib.Lib$1.run(Lib.java:25)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at lib.Lib.method(Lib.java:21)
at sampleproject.SampleProject.main(SampleProject.java:17)
LibをdoPrivileged(PrevilegedAction)として実行すると権限がSampleProjectではなく
Libの権限で実行される
Lib\Lib.java
package lib;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.stream.Stream;
/**
*
* @author java
*/
public class Lib {
public void method() {
AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
try {
Stream<Path> s = Files.list(Paths.get("C:\\dirtest"));
s.forEach(System.out::println);
} catch (IOException ex) {
ex.printStackTrace();
}
return null;
}
});
}
}
C:\Users\java\Documents\NetBeansProjects\SampleProject\build\classes>java -cp .;C:\Users\java\Documents\NetBeansProjects\Lib\dist\Lib.jar -Djava.security.manager -Djava.security.policy=C:\Users\java\Documents\NetBeansProjects\SampleProject\sample2.policy sampleproject.SampleProject
C:\dirtest\showa.txt
C:\dirtest\test.java
C:\dirtest\test.txt
C:\dirtest\testfile.txt
C:\dirtest\testmakefile.txt
C:\dirtest\testwritefile.txt