<link rel="stylesheet" href="https://js.how234.com/third-party/SyntaxHighlighter/shCoreDefault.css" type="text/css" /><script type="text/javascript" src="https://js.how234.com/third-party/SyntaxHighlighter/shCore.js"></script><script type="text/javascript"> SyntaxHighlighter.all(); </script>
java sandbox是什麼?讓我們一起來了解一下吧!
java sandbox是指java程序中的沙箱。它是java安全模型的核心。沙箱是制止程序繼續執行的環境。沙箱機制是把Java代碼圈在虛擬機限定的執行範圍,嚴格拒絕代碼對資源系統的訪問。
java沙箱是由以下基本部分組成的:
1.字節碼校驗器 bytecode verifier
保證java類檔案遵循java語言規範,幫助程序實現內存保護。
2.存取控制器 access controller
它的作用是操控核心API對操作系統的存取權限。
3.類加載器 class loader
雙親委派機制、安全校驗等,防止惡意代碼干涉。
4.安全軟件包 secruity package
java.secruity下的類和擴展包下的類,允許用戶爲自己的應用增加新的安全特性。
5.安全管理器 security manager
它是核心API和系統間的主要接口,實現權限控制,比存取控制器優先級高。
沙箱的關鍵內容——策略檔案,檢視具體步驟如下:
// Standard extensions get all permissions by defaultgrant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission;};// default permissions granted to all domainsgrant { // Allows any thread to stop itself using the java.lang.Thread.stop() // method that takes no argument. // Note that this permission is granted by default only to remain // backwards compatible. // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. // See the API specification of java.lang.Thread.stop() for more // information. permission java.lang.RuntimePermission "stopThread"; // allows anyone to listen on dynamic ports permission java.net.SocketPermission "localhost:0", "listen"; // permission for standard RMI registry port permission java.net.SocketPermission "localhost:1099", "listen"; // "standard" properies that can be read by anyone permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; permission java.util.PropertyPermission "java.vendor.url", "read"; permission java.util.PropertyPermission "java.class.version", "read"; permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.version", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "file.separator", "read"; permission java.util.PropertyPermission "path.separator", "read"; permission java.util.PropertyPermission "line.separator", "read"; permission java.util.PropertyPermission "java.specification.version", "read"; permission java.util.PropertyPermission "java.specification.vendor", "read"; permission java.util.PropertyPermission "java.specification.name", "read"; permission java.util.PropertyPermission "java.vm.specification.version", "read"; permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; permission java.util.PropertyPermission "java.vm.specification.name", "read"; permission java.util.PropertyPermission "java.vm.version", "read"; permission java.util.PropertyPermission "java.vm.vendor", "read"; permission java.util.PropertyPermission "java.vm.name", "read";};