SecurityManagerを設定すると、全体的にアクセス権が失われ、アプリで設定したポリシーに従ったアクセス制御となる
Policy.setPolicyで設定する
class SamplePolicy extends Policy{
PermissionCollection pc;
SamplePolicy(PermissionCollection pc) {
this.pc = pc;
}
@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
System.out.println("implies executed");
boolean bl = pc.implies(permission);
System.out.println(bl);
return pc.implies(permission);
}
}
class NocheckSecurityManager extends SecurityManager {
@Override
public void checkPermission(Permission perm) {
System.out.println(perm);
System.out.println("checkPermission executed");
}
}
public class SampleProject {
/**
* @param args the command line arguments
*/
public static void main(String[] args) {
System.setSecurityManager(new NocheckSecurityManager());
method();
System.setSecurityManager(new SecurityManager());
method();
Permissions ps = new Permissions();
ps.add(new FilePermission("C:\\dirtest","read"));
Policy.setPolicy(new SamplePolicy(ps));
method();
}
static void method() {
try {
Stream<Path> s = Files.list(Paths.get("C:\\dirtest"));
s.forEach(System.out::println);
} catch (IOException|AccessControlException ex) {
ex.printStackTrace();
}
}
}
("java.io.FilePermission" "C:\dirtest" "read")
checkPermission executed
C:\dirtest\cook.jpg
C:\dirtest\cookcpy.jpg
C:\dirtest\dir1
C:\dirtest\iii
C:\dirtest\sample-utf8.properties
C:\dirtest\sample.properties
C:\dirtest\sample.properties.0
java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\dirtest" "read")
C:\dirtest\sample.ser
C:\dirtest\sample_en_US.properties
C:\dirtest\sample_ja_JP.properties
C:\dirtest\showa.txt
C:\dirtest\test.java
C:\dirtest\test.txt
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661)
at java.base/sun.nio.fs.WindowsPath.checkRead(WindowsPath.java:847)
at java.base/sun.nio.fs.WindowsFileSystemProvider.newDirectoryStream(WindowsFileSystemProvider.java:520)
at java.base/java.nio.file.Files.newDirectoryStream(Files.java:472)
at java.base/java.nio.file.Files.list(Files.java:3699)
at sampleproject.SampleProject.method(SampleProject.java:62)
at sampleproject.SampleProject.main(SampleProject.java:54)
C:\dirtest\testfile.txt
C:\dirtest\testmakefile.txt
C:\dirtest\testwritefile.txt
("java.lang.RuntimePermission" "createSecurityManager")
checkPermission executed
("java.lang.RuntimePermission" "setSecurityManager")
checkPermission executed
implies executed
true
C:\dirtest\cook.jpg
C:\dirtest\cookcpy.jpg
C:\dirtest\dir1
C:\dirtest\iii
C:\dirtest\sample-utf8.properties
C:\dirtest\sample.properties
C:\dirtest\sample.properties.0
C:\dirtest\sample.ser
C:\dirtest\sample_en_US.properties
C:\dirtest\sample_ja_JP.properties
C:\dirtest\showa.txt
C:\dirtest\test.java
C:\dirtest\test.txt
C:\dirtest\testfile.txt
C:\dirtest\testmakefile.txt
C:\dirtest\testwritefile.txt
setSecurityManager, setPolicyあたりでエラーが出るのでjava.policyに権限追加したら解消した。
java.policy
permission java.lang.RuntimePermission "setSecurityManager", "read,write";
permission java.security.SecurityPermission "setPolicy", "read,write";