神马文学网如何写RMI Policy File
来源:百度文库 编辑:神马文学网 时间:2024/04/30 15:40:51
发信人: Xwang_Wang (清规戒律求同存异),原信区: ustcbbs
标 题: 如何写RMI Policy File
发信站: 中国科大BBS站 (Sat, 13 May 2000 08:44:36),站内信件
发信人: maht (Trill-TimeKiller), 信区: Java
标 题: 如何写RMI Policy File
发信站: BBS 水木清华站 (Sat Mar 11 18:20:20 2000)
======================================================================
如何写RMI Policy File
maht@smth翻译修改
RMI Security的一个说明
JDK1.2的安全模型比JDK1.1使用的更为成熟。Jdk1.2要求对代码授于具体
的操作权才能被允许执行某个操作。
在JDK1.2,在class path里面的代码是被信任的,能执行任何操作,下载的代码被预装载
的安全管理器的规则所管理。如果运行一个JDK1.2里面的例子,当你运行你的服务器和客
户端,你需要特别指定一个policy file。下面是一个一般的policy file,它允许从任何
codebase(这个指代码的路径前缀,可以是URL)下载的代码做两件事:
1 连接任何主机上的一个非特权的端口(大于1024的端口),或者接受从这样的连接;
2 连接80端口(HTTP port)
grant {
permission java.net.SocketPermission "*:1024-65535",
"connect,accept";
permission java.net.SocketPermission "*:80", "connect";
};
如果你想通过HTTP地址下载代码有效,你必须使用上面的policy file(或者把这段
grant加到你的缺省的java policy file里面去)。还有,如你想使用file URL,
那么你用下面的policy file.
grant {
permission java.net.SocketPermission "*:1024-65535", "connect,accept";
permission java.io.FilePermission
"c:\\home\\ann\\public_html\\classes\\-", "read";
permission java.io.FilePermission
"c:\\home\\jones\\public_html\\classes\\-", "read";
};
======================================================================
原文:
The JDK1.2 security model is more sophisticated than the model used for
JDK1.1. JDK1.2 contains enhancements for finer-grained security and requires
code to be granted specific permissions to be allowed to perform certain
operations.
In JDK1.1, code in the class path is trusted and can perform any operation;
downloaded code is governed by the rules of the installed security manager.
If you run this example in JDK1.2, you need to specify a policy file when
you run your server and client. Here is a general policy file that allows
downloaded code, from any codebase, to do two things:
connect to or accept connections on unprivileged ports (ports greater than
1024) on any host, and
connect to port 80 (the port for HTTP).
grant {
permission java.net.SocketPermission "*:1024-65535",
"connect,accept";
permission java.net.SocketPermission "*:80", "connect";
};
If you make your code available for downloading via HTTP URLs, you should
use the policy file above when you run this example. However, if you use
file URLs instead, you can use the policy file below. Note that in
Windows-style file names, the backslash character needs to be represented by
two backslash characters in the policy file.
grant {
permission java.net.SocketPermission "*:1024-65535",
"connect,accept";
permission java.io.FilePermission
"c:\\home\\ann\\public_html\\classes\\-", "read";
permission java.io.FilePermission
"c:\\home\\jones\\public_html\\classes\\-", "read";
};
This example assumes that the policy file is called java.policy and contains
the appropriate permissions. If you run this example on JDK1.1, you will not
need to use a policy file, since the RMISecurityManager provides all the
protection you need.
--
什么时候发了,要把微软给买了,不过没想好有什么用,
或许给解散了,为人类作点贡献。
※ 来源:·BBS 水木清华站 smth.org·[FROM: 166.111.25.111]
※ 来源: 中国科大BBS站 [bbs.ustc.edu.cn]
[返回上一页] [本讨论区]
标 题: 如何写RMI Policy File
发信站: 中国科大BBS站 (Sat, 13 May 2000 08:44:36),站内信件
发信人: maht (Trill-TimeKiller), 信区: Java
标 题: 如何写RMI Policy File
发信站: BBS 水木清华站 (Sat Mar 11 18:20:20 2000)
======================================================================
如何写RMI Policy File
maht@smth翻译修改
RMI Security的一个说明
JDK1.2的安全模型比JDK1.1使用的更为成熟。Jdk1.2要求对代码授于具体
的操作权才能被允许执行某个操作。
在JDK1.2,在class path里面的代码是被信任的,能执行任何操作,下载的代码被预装载
的安全管理器的规则所管理。如果运行一个JDK1.2里面的例子,当你运行你的服务器和客
户端,你需要特别指定一个policy file。下面是一个一般的policy file,它允许从任何
codebase(这个指代码的路径前缀,可以是URL)下载的代码做两件事:
1 连接任何主机上的一个非特权的端口(大于1024的端口),或者接受从这样的连接;
2 连接80端口(HTTP port)
grant {
permission java.net.SocketPermission "*:1024-65535",
"connect,accept";
permission java.net.SocketPermission "*:80", "connect";
};
如果你想通过HTTP地址下载代码有效,你必须使用上面的policy file(或者把这段
grant加到你的缺省的java policy file里面去)。还有,如你想使用file URL,
那么你用下面的policy file.
grant {
permission java.net.SocketPermission "*:1024-65535", "connect,accept";
permission java.io.FilePermission
"c:\\home\\ann\\public_html\\classes\\-", "read";
permission java.io.FilePermission
"c:\\home\\jones\\public_html\\classes\\-", "read";
};
======================================================================
原文:
The JDK1.2 security model is more sophisticated than the model used for
JDK1.1. JDK1.2 contains enhancements for finer-grained security and requires
code to be granted specific permissions to be allowed to perform certain
operations.
In JDK1.1, code in the class path is trusted and can perform any operation;
downloaded code is governed by the rules of the installed security manager.
If you run this example in JDK1.2, you need to specify a policy file when
you run your server and client. Here is a general policy file that allows
downloaded code, from any codebase, to do two things:
connect to or accept connections on unprivileged ports (ports greater than
1024) on any host, and
connect to port 80 (the port for HTTP).
grant {
permission java.net.SocketPermission "*:1024-65535",
"connect,accept";
permission java.net.SocketPermission "*:80", "connect";
};
If you make your code available for downloading via HTTP URLs, you should
use the policy file above when you run this example. However, if you use
file URLs instead, you can use the policy file below. Note that in
Windows-style file names, the backslash character needs to be represented by
two backslash characters in the policy file.
grant {
permission java.net.SocketPermission "*:1024-65535",
"connect,accept";
permission java.io.FilePermission
"c:\\home\\ann\\public_html\\classes\\-", "read";
permission java.io.FilePermission
"c:\\home\\jones\\public_html\\classes\\-", "read";
};
This example assumes that the policy file is called java.policy and contains
the appropriate permissions. If you run this example on JDK1.1, you will not
need to use a policy file, since the RMISecurityManager provides all the
protection you need.
--
什么时候发了,要把微软给买了,不过没想好有什么用,
或许给解散了,为人类作点贡献。
※ 来源:·BBS 水木清华站 smth.org·[FROM: 166.111.25.111]
※ 来源: 中国科大BBS站 [bbs.ustc.edu.cn]
[返回上一页] [本讨论区]