[英]grant SQLPermission and permission to connect to the database in policy file java
如何將SQLPermission
授予Java中的codebase
? 我正在嘗試使用JDBC連接到數據庫(MySql)。
我發現的唯一有用的信息是在SQLPermission上,即使不夠清楚。
我是否必須同時授予Socket
權限?
我使用過的政策文件
grant
{
permission java.net.SocketPermission "*", "listen, connect, accept";
permission java.sql.SQLPermission "setLog";
permission java.sql.SQLPermission "callAbort";
permission java.sql.SQLPermission "setSyncFactory";
permission java.sql.SQLPermission "setNetworkTimeout";
};
statck跟蹤:
Exception in thread "Abandoned connection cleanup thread" java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "setContextClassLoader")
當我添加權限java.lang.RuntimePermission "setContextClassLoader";
在策略文件中沒有例外,但是未創建的Connection和Statement始終為null。在調試時,應用程序直接跳轉到return flag;
在conn = DriverManager.getConnection(DB_URL,USER,PASS);
之后try塊的末尾conn = DriverManager.getConnection(DB_URL,USER,PASS);
當然,在未設置安全管理器或授予AllPermission的情況下,一切都可以完美運行。
public boolean validate(String name,String password)
{
Connection conn = null;
Statement stmt = null;
try{
System.out.println("retrieving data");
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection(DB_URL,USER,PASS);
System.out.println("Connection successful");
stmt = conn.createStatement();
String sql;
sql = "SELECT * FROM Employees";
ResultSet rs = stmt.executeQuery(sql);
while(rs.next())
{
String userName = rs.getString("userName");
System.out.println(userName+" "+name);
if(name.equals(userName))
{
String pwd=rs.getString("pass");
System.out.println(pwd+" "+password);
if(pwd.equalsIgnoreCase(password))
{
String position = rs.getString("position");
flag=true;
map.put("userName", userName) ;
map.put("password", pwd) ;
map.put("position", position) ;
System.out.println(map);
System.out.println("user authenticated");
}
}
}
rs.close();
stmt.close();
conn.close();
return flag;
}catch(SQLException se)
{
se.printStackTrace();
System.out.println(se.getMessage());
return flag;
}finally
{
try
{
if(stmt!=null)
stmt.close();
}catch(SQLException se2)
{
se2.printStackTrace();
System.out.println(se2.getMessage());
}
try
{
if(conn!=null)
conn.close();
}
catch(SQLException se)
{
se.printStackTrace();
}
return flag;
}
是的,問題確實出在連接數據庫的權限上。新策略文件可以正常工作。
grant
{
permission java.net.SocketPermission "*", "accept, connect, listen, resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "*";
};
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.