我对理解Java安全模型有些困惑.在我的${JDK_HOME}/jre/lib/security/java.policy文件中,我可以看到以下条目:
grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See "http://java.sun.com/notes" for more information.
permission java.lang.RuntimePermission "stopThread";
// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.vm.version", "read";
..... .....
最后一行是: permission java.util.PropertyPermission "java.vm.version", "read";
我把它解释为:在VM中运行的Java程序有权读取属性'java.vm.version'
根据这种理解,我写了一个示例程序只是为了检查,如果我得到任何运行时错误如果我改变这个属性:
System.setProperty("java.vm.version", "my.jvm.version.2345");
System.out.println(System.getProperty("java.vm.version"));
没有错误; 而是System.out.println显示我的修改值即my.jvm.version.2345
这是否意味着制定的政策java.policy不起作用,我在这里缺少什么?
| 归档时间: |
|
| 查看次数: |
5559 次 |
| 最近记录: |