指定 Java 安全策略的远程代码库
我有一个客户端安全策略,其中包含授予权限的语句。我希望能够指定它仅授予 RMI 服务器的权限集。例如,这是可行的:
grant{
//my permissions
};
但我无法弄清楚如何链接这组权限,以便它们适用于服务器上的我的代码库。其实什么都可以,只要和服务器绑定就可以了。我尝试过:
grant codeBase "file://hostname/-"{
//my permissions
};
主机名是机器的名称或IP,带或不带端口号。但这不起作用,使用 http 代替 file 也不起作用。如果我正确理解到目前为止所读的内容,末尾的连字符应该将权限应用于服务器上的任何内容。有人知道我需要做什么才能让它发挥作用吗?
谢谢。
这是运行服务器时指定的代码库:
-Djava.rmi.server.codebase=file://home/me/PageServer/build/classes/ pageserver.LoginService pageserver.PlannerService
I have a client-side security policy, with a statement that grants permissions. I want to be able to specify it to grant the set of permissions for an RMI server only. For example this works:
grant{
//my permissions
};
But I cant figure out how to link the set of permissions so that they apply to my codebase on the server. Actually anything, as long as its tied to the server would be fine. I have tried:
grant codeBase "file://hostname/-"{
//my permissions
};
With the hostname being the name or IP of the machine, both with and w/o the port number. But this does not work, neither does using http instead of file. If I understand what I read so far correctly the hyphen at the end should apply the permissions to anything located on the server. Anyone know what I need to do to get this to work?
Thanks.
Heres the codebase specified when running the server:
-Djava.rmi.server.codebase=file://home/me/PageServer/build/classes/ pageserver.LoginService pageserver.PlannerService
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
本地JVM从哪里获取应该被授予权限的代码?
如果是从服务器上的 HTTP 代码库下载代码,则可以使用以“http:”开头的 URL。
如果是本地代码,您可以使用以“file:”开头并以本地路径结尾的 URL。
免责声明:我为 Jini 编写了安全文件,它构建在 RMI 之上,已经有几年了。对我错过的一切表示歉意。
Where is the local JVM getting the code that should be granted permissions?
If it's downloading the code from an HTTP codebase on the server, you can use a URL starting with "http:".
If it's local code, you can use a URL starting with "file:" and ending with a local path.
Disclaimer: I've written security files for Jini, which is built atop RMI, and it's been a few years. Apologies for anything I've missed.
使用 JAR 作为代码库,并在 .policy 文件中准确指定您在 -Djava.rmi.server.codebase 中指定的 HTTP URL。
Use a JAR for the codebase, and specify exactly the HTTP URL in the .policy file that you specified in -Djava.rmi.server.codebase.