问题描述

我有一个应用程序可以加载插件(普通 jar 文件)并从中运行代码.插件使用 URLClassLoader 加载.我想阻止这些插件访问文件和其他资源，同时保留我自己代码的所有权限.

I have an application that loads plugins (plain jar files) and runs code from them. The plugins are loaded using an URLClassLoader. I would like to prevent those plugings from accessing files and other resources, while retaining all permissions for my own code.

以下是插件代码与我自己的应用程序及其库不同的两个特性:1) 它由为此目的创建的 URLClassLoader 加载.2)它的jar文件被复制到一个特定的目录，URLClassLoader从中获取它们.

Here are the two features by which plugin code is distinct from my own application and its libraries:1) It is loaded by a URLClassLoader created for this purpose.2) Its jar files are copied to a specific directory, from which the URLClassLoader takes them.

但我不知道如何使用任一功能来制定政策规则.在策略规则中根本不能使用类加载器(可以理解，它是在运行时创建的).该目录可用于授予特定权限，但不能取消它们.似乎也没有除此目录外的任何地方的代码"的语法.

But I don't see how I can use either feature to formulate a policy rule. The classloader can't be used at all in a policy rule (understandable, it's created at runtime). The directory can be used to grant specific permissions but not to take them away. There doesn't seem to be a syntax for "code from anywhere EXCEPT this directory" either.

还有其他选择吗?

推荐答案

Subclass URLClassLoader.重新添加因不使用 URLClassLoader.newInstance 而遗漏的安全位.覆盖 URLClassLoader.getPermissions(CodeSource) 以返回适当的权限.

Subclass URLClassLoader. Add back in the security bits you miss out from not using URLClassLoader.newInstance. Override URLClassLoader.getPermissions(CodeSource) to return appropriate permissions.

如果父类加载器只有插件[静态]使用的通用类型，那可能是最好的.主应用程序应该从不同的子类加载器加载.package.access 安全属性也可以隐藏实现类.

It's probably best if the parent class loader just has the common types the plugin [statically] uses. The main application should be loaded from a different child class loader. Implementation classes can also be hidden by the package.access security property.

这篇关于Java 安全策略:根据类加载器授予访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！