What about Java Security?

V

Vasily Zhukov2011-12-27 14:23:14

Java

Vasily Zhukov, 2011-12-27 14:23:14

There is Java code. Runs without SecurityManager

    public static void main(String[] args)
    {
        Permissions ps = new Permissions();
        ps.add(new AllPermission());
        ProtectionDomain domain = new ProtectionDomain(null, ps);
        AccessControlContext context = new AccessControlContext(new ProtectionDomain[]{domain});

        AccessController.doPrivileged(new PrivilegedAction<Object>()
        {
            @Override
            public Object run()
            {
                AccessController.checkPermission(new FilePermission("/home/user/file.txt", SecurityConstants.FILE_READ_ACTION));
                return null;
            }
        }, context); // java.security.AccessControlException: access denied (java.io.FilePermission /home/user/file.txt read)
    }

Why is access denied? After all, he gave all the rights to the current context.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vasily Zhukov, 2011-12-27
@vip_delete

It just starts up. via java Not an applet. Seems to have figured it out. The permissions in the *.policy file were "default" by default, and they did not read an arbitrary file, and AccessController.checkPermission takes the intersection of rights, which is why access denied occurs