RMI アプリケーションがあり、ポリシー ファイルを正しく取得しようとしています。権限を次のように設定すると、すべて問題ありません。
grant codeBase "file:MyJar.jar" {
permission java.security.AllPermission;
};
しかし、これは本番環境には自由すぎる。次のように変更すると:
grant codeBase "file:MyJar.jar" {
permission java.security.SocketPermission "*:1024-", "accept, resolve";
};
以下のように AccessControlException を取得します。必要な許可をカバーしたと思いましたか?
Exception in thread "RMI TCP Connection(idle)" java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:63014 accept,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkAccept(SecurityManager.java:1157)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.checkAcceptPermission(TCPTransport.java:636)
at sun.rmi.transport.tcp.TCPTransport.checkAcceptPermission(TCPTransport.java:275)
at sun.rmi.transport.Transport$1.run(Transport.java:158)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)
編集:
で実行し-Djava.security.debug=access,failure
てに変更した"*:1024"
後"localhost:1024"
:
access: domain that failed ProtectionDomain (file:MyJar.jar <no signer certificates>)
sun.misc.Launcher$AppClassLoader@6bbc4459
<no principals>
java.security.Permissions@281acd47 (
(unresolved java.security.SocketPermission localhost:1024- accept, resolve)
(java.io.FilePermission MyJar.jar read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission apple.laf.* read,write)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission com.apple.macos.useScreenMenuBar read,write)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission com.apple.hwaccel read,write)
(java.util.PropertyPermission mrj.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission apple.awt.* read,write)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.specification.vendor read)
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission exitVM)
(java.net.SocketPermission localhost:1024- listen,resolve)
)