java sandbox

java sandbox是什么？讓我們一起來了解一下吧！

java sandbox是指java程序中的沙箱。它是java安全模型的核心。沙箱是制止程序繼續運行的環境。沙箱機制是把Java代碼圈在虛擬機限定的運行范圍，嚴格拒絕代碼對資源系統的訪問。

java沙箱是由以下基本部分組成的：

1.字節碼校驗器 bytecode verifier

保證java類文件遵循java語言規范，幫助程序實現內存保護。

2.存取控制器 access controller

它的作用是操控核心API對操作系統的存取權限。

3.類加載器 class loader

雙親委派機制、安全校驗等，防止惡意代碼干涉。

4.安全軟件包 secruity package

java.secruity下的類和擴展包下的類，允許用戶為自己的應用增加新的安全特性。

5.安全管理器 security manager

它是核心API和系統間的主要接口，實現權限控制，比存取控制器優先級高。

沙箱的關鍵內容——策略文件，查看具體步驟如下：

//?Standard?extensions?get?all?permissions?by?default
grant?codeBase?"file:${{java.ext.dirs}}/*"?{
????????permission?java.security.AllPermission;
};
//?default?permissions?granted?to?all?domains
grant?{
????????//?Allows?any?thread?to?stop?itself?using?the?java.lang.Thread.stop()
????????//?method?that?takes?no?argument.
????????//?Note?that?this?permission?is?granted?by?default?only?to?remain
????????//?backwards?compatible.
????????//?It?is?strongly?recommended?that?you?either?remove?this?permission
????????//?from?this?policy?file?or?further?restrict?it?to?code?sources
????????//?that?you?specify,?because?Thread.stop()?is?potentially?unsafe.
????????//?See?the?API?specification?of?java.lang.Thread.stop()?for?more
????????//?information.
????????permission?java.lang.RuntimePermission?"stopThread";
????????//?allows?anyone?to?listen?on?dynamic?ports
????????permission?java.net.SocketPermission?"localhost:0",?"listen";
????????//?permission?for?standard?RMI?registry?port
????????permission?java.net.SocketPermission?"localhost:1099",?"listen";
????????//?"standard"?properies?that?can?be?read?by?anyone
????????permission?java.util.PropertyPermission?"java.version",?"read";
????????permission?java.util.PropertyPermission?"java.vendor",?"read";
????????permission?java.util.PropertyPermission?"java.vendor.url",?"read";
????????permission?java.util.PropertyPermission?"java.class.version",?"read";
????????permission?java.util.PropertyPermission?"os.name",?"read";
????????permission?java.util.PropertyPermission?"os.version",?"read";
????????permission?java.util.PropertyPermission?"os.arch",?"read";
????????permission?java.util.PropertyPermission?"file.separator",?"read";
????????permission?java.util.PropertyPermission?"path.separator",?"read";
????????permission?java.util.PropertyPermission?"line.separator",?"read";
????????permission?java.util.PropertyPermission?"java.specification.version",?"read";
????????permission?java.util.PropertyPermission?"java.specification.vendor",?"read";
????????permission?java.util.PropertyPermission?"java.specification.name",?"read";
????????permission?java.util.PropertyPermission?"java.vm.specification.version",?"read";
????????permission?java.util.PropertyPermission?"java.vm.specification.vendor",?"read";
????????permission?java.util.PropertyPermission?"java.vm.specification.name",?"read";
????????permission?java.util.PropertyPermission?"java.vm.version",?"read";
????????permission?java.util.PropertyPermission?"java.vm.vendor",?"read";
????????permission?java.util.PropertyPermission?"java.vm.name",?"read";
};

以上就是小編今天的分享了，希望可以幫助到大家。