java sandbox

java sandbox是什么？讓我們一起來了解一下吧！

java sandbox是指java程序中的沙箱。它是java安全模型的核心。沙箱是制止程序繼續(xù)運行的環(huán)境。沙箱機(jī)制是把Java代碼圈在虛擬機(jī)限定的運行范圍，嚴(yán)格拒絕代碼對資源系統(tǒng)的訪問。

java沙箱是由以下基本部分組成的：

1.字節(jié)碼校驗器 bytecode verifier

保證java類文件遵循java語言規(guī)范，幫助程序?qū)崿F(xiàn)內(nèi)存保護(hù)。

2.存取控制器 access controller

它的作用是操控核心API對操作系統(tǒng)的存取權(quán)限。

3.類加載器 class loader

雙親委派機(jī)制、安全校驗等，防止惡意代碼干涉。

4.安全軟件包 secruity package

java.secruity下的類和擴(kuò)展包下的類，允許用戶為自己的應(yīng)用增加新的安全特性。

5.安全管理器 security manager

它是核心API和系統(tǒng)間的主要接口，實現(xiàn)權(quán)限控制，比存取控制器優(yōu)先級高。

沙箱的關(guān)鍵內(nèi)容——策略文件，查看具體步驟如下：

//?Standard?extensions?get?all?permissions?by?default
grant?codeBase?"file:${{java.ext.dirs}}/*"?{
????????permission?java.security.AllPermission;
};
//?default?permissions?granted?to?all?domains
grant?{
????????//?Allows?any?thread?to?stop?itself?using?the?java.lang.Thread.stop()
????????//?method?that?takes?no?argument.
????????//?Note?that?this?permission?is?granted?by?default?only?to?remain
????????//?backwards?compatible.
????????//?It?is?strongly?recommended?that?you?either?remove?this?permission
????????//?from?this?policy?file?or?further?restrict?it?to?code?sources
????????//?that?you?specify,?because?Thread.stop()?is?potentially?unsafe.
????????//?See?the?API?specification?of?java.lang.Thread.stop()?for?more
????????//?information.
????????permission?java.lang.RuntimePermission?"stopThread";
????????//?allows?anyone?to?listen?on?dynamic?ports
????????permission?java.net.SocketPermission?"localhost:0",?"listen";
????????//?permission?for?standard?RMI?registry?port
????????permission?java.net.SocketPermission?"localhost:1099",?"listen";
????????//?"standard"?properies?that?can?be?read?by?anyone
????????permission?java.util.PropertyPermission?"java.version",?"read";
????????permission?java.util.PropertyPermission?"java.vendor",?"read";
????????permission?java.util.PropertyPermission?"java.vendor.url",?"read";
????????permission?java.util.PropertyPermission?"java.class.version",?"read";
????????permission?java.util.PropertyPermission?"os.name",?"read";
????????permission?java.util.PropertyPermission?"os.version",?"read";
????????permission?java.util.PropertyPermission?"os.arch",?"read";
????????permission?java.util.PropertyPermission?"file.separator",?"read";
????????permission?java.util.PropertyPermission?"path.separator",?"read";
????????permission?java.util.PropertyPermission?"line.separator",?"read";
????????permission?java.util.PropertyPermission?"java.specification.version",?"read";
????????permission?java.util.PropertyPermission?"java.specification.vendor",?"read";
????????permission?java.util.PropertyPermission?"java.specification.name",?"read";
????????permission?java.util.PropertyPermission?"java.vm.specification.version",?"read";
????????permission?java.util.PropertyPermission?"java.vm.specification.vendor",?"read";
????????permission?java.util.PropertyPermission?"java.vm.specification.name",?"read";
????????permission?java.util.PropertyPermission?"java.vm.version",?"read";
????????permission?java.util.PropertyPermission?"java.vm.vendor",?"read";
????????permission?java.util.PropertyPermission?"java.vm.name",?"read";
};

以上就是小編今天的分享了，希望可以幫助到大家。