关于java.security.AccessControlException: access denied 的解决方法


今天调试一个Applet程序,本来想在程序运行过程中,将中间数据文件通过文件输出流存到客户端,但是java控制台出现异常:

    java.security.AccessControlException: access denied (java.io.FilePermission E:\temp.xlsx write)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkWrite(Unknown Source)
    at java.io.FileOutputStream.(Unknown Source)
    at java.io.FileOutputStream.(Unknown Source)
    ……

很显然这样的情况是不允许程序 向客户端写文件的。不像cookies. 所以我们必须人为让客户端授权允许这样的操作。
查阅了一些资料,得到结果总结一下:
首先我们的找到客户端的java运行环境(这里指Java 控制台里面显示的JRE安装目录):....lib/ security目录下一个权限控制文件:java.policy

// Standard extensions get all permissions by default

grant codeBase "file:${{java.ext.dirs}}/*" {
    permission java.security.AllPermission;
};

// default permissions granted to all domains

grant {
    // Allows any thread to stop itself using the java.lang.Thread.stop()
    // method that takes no argument.
    // Note that this permission is granted by default only to remain
    // backwards compatible.
    // It is strongly recommended that you either remove this permission
    // from this policy file or further restrict it to code sources
    // that you specify, because Thread.stop() is potentially unsafe.
    // See " http://java.sun.com/notes" for more information.
    permission java.lang.RuntimePermission "stopThread";

    // allows anyone to listen on un-privileged ports
    permission java.net.SocketPermission "localhost:1024-", "listen";

    // "standard" properies that can be read by anyone

    permission java.util.PropertyPermission "java.version", "read";
    permission java.util.PropertyPermission "java.vendor", "read";
    permission java.util.PropertyPermission "java.vendor.url", "read";
    permission java.util.PropertyPermission "java.class.version", "read";
    permission java.util.PropertyPermission "os.name", "read";
    permission java.util.PropertyPermission "os.version", "read";
    permission java.util.PropertyPermission "os.arch", "read";
    permission java.util.PropertyPermission "file.separator", "read";
    permission java.util.PropertyPermission "path.separator", "read";
    permission java.util.PropertyPermission "line.separator", "read";

    permission java.util.PropertyPermission "java.specification.version", "read";
    permission java.util.PropertyPermission "java.specification.vendor", "read";
    permission java.util.PropertyPermission "java.specification.name", "read";

    permission java.util.PropertyPermission "java.vm.specification.version", "read";
    permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
    permission java.util.PropertyPermission "java.vm.specification.name", "read";
    permission java.util.PropertyPermission "java.vm.version", "read";
    permission java.util.PropertyPermission "java.vm.vendor", "read";
    permission java.util.PropertyPermission "java.vm.name", "read";
};
这是默认的配置。

针对我的情况只需要加上:
grant{
  permission java.security.AllPermission;
  permission java.util.PropertyPermission "E:\\*", "read";        //允许访问本地E盘
  permission java.io.FilePermission "E:\\*", "read,write";         //允许IO访问本地E盘,并写入文件。
};
//也可以直接写在默认grant{} 中

如遇到类似的问题,只需要查阅资料理解个参数 修改这个文件,加入相应控制语句。

你可能感兴趣的:(JAVA,Personal,Diary)