Java SocketPermission 策略问题

发布于 2024-10-02 05:37:45 字数 1531 浏览 9 评论 0原文

我有一个尝试相互通信的客户端和服务器程序。在我的服务器策略文件中,我指定了以下内容:

grant signedBy "vivin" {
  permission java.io.FilePermission "-", "read, write";
  permission java.net.SocketPermission "localhost:2220-2230", "accept, connect, listen, resolve", signedBy "vivin";
};

在我的客户端策略文件中,我有:

grant signedBy "vivin" {
  permission java.net.SocketPermission "localhost:2220-2230", "accept, connect, listen, resolve", signedBy "vivin";
};

我启动我的服务器,它侦听端口 2225。然后我启动我的客户端,它尝试连接到服务器它正在侦听端口 2225。不幸的是,我在服务器上收到此错误:

[java] Exception in thread "main" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:45944 accept,resolve)
[java]  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
[java]  at java.security.AccessController.checkPermission(AccessController.java:546)
[java]  at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[java]  at java.lang.SecurityManager.checkAccept(SecurityManager.java:1157)
[java]  at java.net.ServerSocket.implAccept(ServerSocket.java:457)
[java]  at java.net.ServerSocket.accept(ServerSocket.java:421)

端口号不断变化;我假设它是客户端的端口号(服务器连接回客户端的端口号?)。这是正确的吗?对于此分配,对端口号指定了限制:

您的客户端和服务器应该使用 Java 安全管理器,并且您的项目必须包含每个策略文件,这些文件定义了它们运行所需的权限。允许您的服务器和客户端使用2220-2230范围内的端口在本地主机上相互联系。

我怎样才能遵守这个限制?或者这仅适用于服务器侦听的端口?我认为如果我为大于 2231 的端口授予 acceptresolve 权限,我就可以让它工作。但我不知道这是否违反了限制。

I have a client and server program that attempt to communicate with each other. In my policy file for the server, I have specified the following:

grant signedBy "vivin" {
  permission java.io.FilePermission "-", "read, write";
  permission java.net.SocketPermission "localhost:2220-2230", "accept, connect, listen, resolve", signedBy "vivin";
};

And in my client's policy-file I have:

grant signedBy "vivin" {
  permission java.net.SocketPermission "localhost:2220-2230", "accept, connect, listen, resolve", signedBy "vivin";
};

I start up my server and it listens on port 2225. I then start up my client and it tries to connect to the server that is listening on port 2225. Unfortunately, I get this error on the server:

[java] Exception in thread "main" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:45944 accept,resolve)
[java]  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
[java]  at java.security.AccessController.checkPermission(AccessController.java:546)
[java]  at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[java]  at java.lang.SecurityManager.checkAccept(SecurityManager.java:1157)
[java]  at java.net.ServerSocket.implAccept(ServerSocket.java:457)
[java]  at java.net.ServerSocket.accept(ServerSocket.java:421)

The port number keeps changing; I am assuming that it is the port number for the client (where the server connects back to the client?). Is that correct? For this assignment, there is a restriction specified on the port numbers:

Your client and server should use the Java Security manager, and your project must include policy files for each that defines the necessary permissions for them to run. Allow your server and client to contact each other on localhost using ports in the range 2220-2230.

How can I adhere to this restriction? Or does this only apply to the port that the server listens on? I figure I can make it work if I give accept and resolve permissions for ports greater than 2231. But I don't know if that runs afoul of the restriction.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

┼── 2024-10-09 05:37:45

因为客户端随机选择它的本地 TCP 端口(我想),所以你应该给它适当的权限:

grant signedBy "vivin" {
  permission java.net.SocketPermission "localhost:1024-", "connect, resolve", signedBy "vivin";
};

客户端不侦听传入连接,并且不需要“侦听”和“接受”权限。在服务器上,只要服务器不建立传出 TCP 连接,您就可以删除“连接”权限。

Because the client choses it's local tcp port randomly (i suppose) you should give it the proper permission:

grant signedBy "vivin" {
  permission java.net.SocketPermission "localhost:1024-", "connect, resolve", signedBy "vivin";
};

The client is not listening for incoming connections and does not need the permissions for "listen" and "accept". On the server you likely can drop the permission for "connect" as long as the server is not making outgoing tcp connection.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文