I believe we have seen a similar code below, particularly in some of the more underlying code when reading.
SecurityManager sm = System.getSecurityManager();
if(sm != null){
sm.checkRead(name)
}
// FileInputStream.java
This code is what does that mean? Honestly, for a long time I was not fully understand, after all, not many. Including read "in-depth understanding of JVM" in the introduction, I did not understand.
Behind, in front of the official documentation and code, think carefully about the next, it is actually a security program java platform provided some security to protect sensitive resources (such as: local files) and sensitive code. Which, SecurityManager is a security administrator, all safety-related decisions are made by the class to decide. java local application by default does not open, you need to add this command to start: -Djava.security.manager。
Permission default permissions
When the class is loaded into memory when the loader will automatically associate the following information:
1. classpath. Whether it is downloaded from the Internet, or loaded from a local file, there will be a path, expressed in the form of a URL.
2. Signature
3. The default permissions. For the code loaded from the Internet, the default permissions include permission to connect back to the source code for the address. For code that is loaded from a local file, the default permissions include permissions to read files from the same directory and subdirectories.
policy (policy file column)
As mentioned earlier, there will be some default permissions assigned code is loaded at the time the class is loaded. In addition, administrators can also manage additional rights through policy documents. Column default policy file path: <java_home> /jre/lib/security/java.policy.
Java platform will be packaged into policy documents Policy object, and this process has only one Java Policy object. The main task of the Policy is to determine whether to allow resources to be accessed is called code access (to make a judgment based on URL, signature and default permissions calling code)
Access Control Enforcement (Access Control)
Java runtime will trace the call stack (call methods in the order and the like), when accessing a protected resource, the entire call stack should be assessed whether there is access. If any one does not have permission, will throw java.lang.SecurityException
For example, as shown below. ClassA ClassB call the method, ClassB create a FileInputStream, read permission FileInputStream constructor checks files. The system only checks whether the ClassA and ClassB have permission to read, because the other three classes are all automatically have full privileges. Java.policy to view files.
Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/security/overview/jsoverview.html