java sandbox是什么?让我们一起来了解一下吧!
java sandbox是指java程序中的沙箱。它是java安全模型的核心。沙箱是制止程序继续运行的环境。沙箱机制是把Java代码圈在虚拟机限定的运行范围,严格拒绝代码对资源系统的访问。
java沙箱是由以下基本部分组成的:
1.字节码校验器 bytecode verifier
保证java类文件遵循java语言规范,帮助程序实现内存保护。
2.存取控制器 access controller
它的作用是操控核心API对操作系统的存取权限。
3.类加载器 class loader
双亲委派机制、安全校验等,防止恶意代码干涉。
4.安全软件包 secruity package
java.secruity下的类和扩展包下的类,允许用户为自己的应用增加新的安全特性。
5.安全管理器 security manager
它是核心API和系统间的主要接口,实现权限控制,比存取控制器优先级高。
沙箱的关键内容——策略文件,查看具体步骤如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | // Standard extensions get all permissions by default grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }; // default permissions granted to all domains grant { // Allows any thread to stop itself using the java.lang.Thread.stop() // method that takes no argument. // Note that this permission is granted by default only to remain // backwards compatible. // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. // See the API specification of java.lang.Thread.stop() for more // information. permission java.lang.RuntimePermission "stopThread" ; // allows anyone to listen on dynamic ports permission java.net.SocketPermission "localhost:0" , "listen" ; // permission for standard RMI registry port permission java.net.SocketPermission "localhost:1099" , "listen" ; // "standard" properies that can be read by anyone permission java.util.PropertyPermission "java.version" , "read" ; permission java.util.PropertyPermission "java.vendor" , "read" ; permission java.util.PropertyPermission "java.vendor.url" , "read" ; permission java.util.PropertyPermission "java.class.version" , "read" ; permission java.util.PropertyPermission "os.name" , "read" ; permission java.util.PropertyPermission "os.version" , "read" ; permission java.util.PropertyPermission "os.arch" , "read" ; permission java.util.PropertyPermission "file.separator" , "read" ; permission java.util.PropertyPermission "path.separator" , "read" ; permission java.util.PropertyPermission "line.separator" , "read" ; permission java.util.PropertyPermission "java.specification.version" , "read" ; permission java.util.PropertyPermission "java.specification.vendor" , "read" ; permission java.util.PropertyPermission "java.specification.name" , "read" ; permission java.util.PropertyPermission "java.vm.specification.version" , "read" ; permission java.util.PropertyPermission "java.vm.specification.vendor" , "read" ; permission java.util.PropertyPermission "java.vm.specification.name" , "read" ; permission java.util.PropertyPermission "java.vm.version" , "read" ; permission java.util.PropertyPermission "java.vm.vendor" , "read" ; permission java.util.PropertyPermission "java.vm.name" , "read" ; }; |
以上就是小编今天的分享了,希望可以帮助到大家。