问题描述
我有一个应用程序可以加载插件(普通 jar 文件)并从中运行代码.插件使用 URLClassLoader 加载.我想阻止这些插件访问文件和其他资源,同时保留我自己代码的所有权限.
I have an application that loads plugins (plain jar files) and runs code from them. The plugins are loaded using an URLClassLoader. I would like to prevent those plugings from accessing files and other resources, while retaining all permissions for my own code.
以下是插件代码与我自己的应用程序及其库不同的两个特性:1) 它由为此目的创建的 URLClassLoader 加载.2)它的jar文件被复制到一个特定的目录,URLClassLoader从中获取它们.
Here are the two features by which plugin code is distinct from my own application and its libraries:1) It is loaded by a URLClassLoader created for this purpose.2) Its jar files are copied to a specific directory, from which the URLClassLoader takes them.
但我不知道如何使用任一功能来制定政策规则.在策略规则中根本不能使用类加载器(可以理解,它是在运行时创建的).该目录可用于授予特定权限,但不能取消它们.似乎也没有除此目录外的任何地方的代码"的语法.
But I don't see how I can use either feature to formulate a policy rule. The classloader can't be used at all in a policy rule (understandable, it's created at runtime). The directory can be used to grant specific permissions but not to take them away. There doesn't seem to be a syntax for "code from anywhere EXCEPT this directory" either.
还有其他选择吗?
推荐答案
Subclass URLClassLoader
.重新添加因不使用 URLClassLoader.newInstance
而遗漏的安全位.覆盖 URLClassLoader.getPermissions(CodeSource)
以返回适当的权限.
Subclass URLClassLoader
. Add back in the security bits you miss out from not using URLClassLoader.newInstance
. Override URLClassLoader.getPermissions(CodeSource)
to return appropriate permissions.
如果父类加载器只有插件[静态]使用的通用类型,那可能是最好的.主应用程序应该从不同的子类加载器加载.package.access
安全属性也可以隐藏实现类.
It's probably best if the parent class loader just has the common types the plugin [statically] uses. The main application should be loaded from a different child class loader. Implementation classes can also be hidden by the package.access
security property.
这篇关于Java 安全策略:根据类加载器授予访问权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!