文章介绍了当遇到`java.security.AccessControlException`异常时,如何查找`java.home`和`user.home`属性,以及如何在`java.policy`文件中添加安全访问策略来解决问题。主要步骤包括检查JRE路径,修改默认的安全策略文件,添加AllPermission配置以允许特定权限。
提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
文章目录
- 前言
- 为什么发生`java.security.AccessControlException`
- 查找jre系统属性`java.home`和`user.home`
- 添加安全访问策略
前言
今天在配置Java的测试环境时遇到了下面的错误。
Caused by: java.security.AccessControlException: access denied ("java.io.SerializablePermission" "enableSubclassImplementation")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at com.sun.javaws.security.JavaWebStartSecurity.checkPermission(Unknown Source)
一下部分省略
通过查看网络中的文章和JavaDoc文档,总结了解决方法。
为什么发生java.security.AccessControlException
为了防止恶意程序,Java也实现了自己的访问控制机制。通过编写安全策略文件实现访问控制。
默认的安全策略文件的路径为:
${java.home}/lib/security/java.policy${user.home}/.java.policy
因此,首先需要查找jre系统属性java.home和user.home的值。
查找jre系统属性java.home和user.home
使用下面的程序,查看jre的路径:
package cn.com.chengq.example;
public class ShowProperties {
public static void main(String[] args) {
System.getProperties().forEach((k,v) -> {
LogUtil.log("%s: %s", k, v);
});
}
}
在输出的结果中查找属性java.home和user.home的值。
添加安全访问策略
在文件${java.home}/lib/security/java.policy或${user.home}/.java.policy中添加相应的安全策略配置。
例如上面示例中出现的问题,需要在默认的${java.home}/lib/security/java.policy文件的最后添加配置:
// Standard extensions get all permissions by default
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};
// default permissions granted to all domains
grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See the API specification of java.lang.Thread.stop() for more
// information.
permission java.lang.RuntimePermission "stopThread";
// allows anyone to listen on dynamic ports
permission java.net.SocketPermission "localhost:0", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
permission java.io.SerializablePermission "enableSubclassImplementation";
};
注意策略文件的格式,末尾需要添加分号
本文仅供参考,如有帮助不胜荣幸,请关注、点赞、收藏。
如需转载请注明出处。
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
