yuweijun'blog: Permission

Thursday, July 17, 2008

reflect permission and security manage in java

import java.lang.reflect.Field;
import java.lang.reflect.ReflectPermission;

public class ReflectField {

    private String test = "test string in class ReflectField!";
    
    public static void main(String[] args) throws Exception {
        Class ref = ReflectField.class;

        SecurityManager nsm = new SecurityManager();
        System.setSecurityManager(nsm);
        ReflectPermission rp = new ReflectPermission("suppressAccessChecks", null);
        System.out.println(rp);
        // java.security.AccessControlException: 
        // access denied (java.lang.reflect.ReflectPermission suppressAccessChecks
        // nsm.checkPermission(rp);
        SecurityManager sm = System.getSecurityManager();
        System.out.println(sm);

        Field[] fields = ref.getDeclaredFields();
        System.out.println(fields.length);
        for (Field field : fields) {
            // java.security.AccessControlException: 
            // access denied (java.lang.reflect.ReflectPermission suppressAccessChecks
            // field.setAccessible(true);
            
            // java.lang.IllegalArgumentException
            // at sun.reflect.UnsafeFieldAccessorImpl.ensureObj(UnsafeFieldAccessorImpl.java)
            // System.out.println(field.get(ref));
            
            System.out.println(field.getName());
        }

    }

}

This main method had set a security manage to this java application, in order to prevent java reflect get and set private fields.

Wednesday, April 04, 2007

Apache2.2.4中无法建立虚拟路径的问题

在Apache2中可以用Alias VirtualPath SystemPath 来虚拟目录，可以指定到DocumentRoot之外的系统目录中。
在Apache2 默认一般是支持Alias的，所以在配置文件里用Alias /test /var/test这样来访问/var/test/目录下的文件。但在设置时发现Alias设置了之后无效，总是报You don't have permission to access /test/ on this server.这样的错误，因为语法很简单，肯定不会错，而且httpd -M也看到alias module被加载进来了，却还是不行，即使对应的/var/test目录设置为755或者是777都无法访问，所以是配置文件其他设置出问题了。
修改几个参数后发现


# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

这里设置了Deny from all导致了Alias无效，改成Allow或者注掉此行即可。

yuweijun'blog

Thursday, July 17, 2008

reflect permission and security manage in java

Wednesday, April 04, 2007

Apache2.2.4中无法建立虚拟路径的问题

About Me

Blog Archive