From owner-java@jp.FreeBSD.org Mon Sep  9 22:02:59 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g89D2xQ96015;
	Mon, 9 Sep 2002 22:02:59 +0900 (JST)
	(envelope-from owner-java@jp.FreeBSD.org)
Received: from pooh.softalia.com (pooh.softalia.com [65.161.202.173])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g89D2u396006
	for <java@jp.FreeBSD.org>; Mon, 9 Sep 2002 22:02:57 +0900 (JST)
	(envelope-from kkonaka@softalia.com)
Received: from tigger.softalia.com (tigger-2.softalia.com [10.10.10.2])
	by pooh.softalia.com (8.9.3+Sun/3.7W-isfs) with ESMTP id JAA10166;
	Mon, 9 Sep 2002 09:02:53 -0400 (EDT)
Received: from tigger.softalia.com (kkonaka@tigger.softalia.com [65.161.202.175])
	by tigger.softalia.com (8.11.4/3.7W-isfs) with ESMTP id g89D2qZ16949;
	Mon, 9 Sep 2002 09:02:52 -0400
Message-ID: <sqbznurnwn9.wl@nue.mac.com>
From: kkonaka@mac.com
To: java@jp.FreeBSD.org
In-Reply-To: <20020909165608.3844b00e.daichi@jp.freebsd.org>
References: <20020830193608.276e0304.daichi@jp.freebsd.org>
        <20020830221132.44bbf4d4.daichi@jp.freebsd.org>
        <20020830225015.3e45a0f3.daichi@jp.freebsd.org>
        <20020905.200422.596521274.shudoh@localhost>
        <20020909165608.3844b00e.daichi@jp.freebsd.org>
User-Agent: Wanderlust/2.6.0 (Twist And Shout) SEMI/1.14.3 (Ushinoya)
 FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/20.7
 (i586-pc-linux-gnu) MULE/4.0 (HANANOEN)
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: java@jp.FreeBSD.org
Precedence: list
Date: Mon, 09 Sep 2002 09:02:50 -0400
X-Sequence: java 217
Subject: [java 217] Re: Java =?ISO-2022-JP?B?GyRCJEskKiQxJGtGfBsoQg==?=
 =?ISO-2022-JP?B?GyRCS1w4bEZ+Tk8kTkApOGYkSyREJCQkRhsoQg==?= 
Errors-To: owner-java@jp.FreeBSD.org
Sender: owner-java@jp.FreeBSD.org
X-Originator: kkonaka@mac.com
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020902

$BBgCO$5$s(B:

> $B%3!<%I$H$7$F$O$3$s$J46$8$G$9!#(B

$B$3$l$O(B security policy/manager $B$N@_Dj$@$1$NLdBj$G$7$g$&(B: 

tigger$ cat Ac.java
import java.lang.reflect.Field;
public class Ac {
  static class Target {
    private Object x = new Object();
    public String toString() {
      return super.toString() + ":" + x.toString();
    }
  }
  public static void main(String[] args) throws Exception {
    Target t = new Target();
    System.out.println("t = " + t);
    Field f = t.getClass().getDeclaredField("x");
    f.setAccessible(true);
    f.set(t, new Object());
    System.out.println("t = " + t);
  }
}
tigger$ cat ac.policy
grant {
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};


tigger$ java Ac                                                 ;; $B$3$l$O(B OK
t = Ac$Target@cde100:java.lang.Object@6f0472
t = Ac$Target@cde100:java.lang.Object@26b249

tigger$ java -Djava.security.manager -Djava.security.policy=ac.policy Ac  ;;$B$3$l$O(B OK
t = Ac$Target@e63e3d:java.lang.Object@4901
t = Ac$Target@e63e3d:java.lang.Object@5b7986


tigger$ java -Djava.security.manager -Djava.security.policy=/dev/null Ac   ;;$B$3$l$O$@$a(B
t = Ac$Target@e63e3d:java.lang.Object@4901
Exception in thread "main" java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
        at java.security.AccessController.checkPermission(AccessController.java:401)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
        at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
        at Ac.main(Ac.java:13)


($B>e$@$1$G$O$J$s$J$N$G(B (^^; -)

1.4 $B4XO"$NOC$H$7$F$O!'(B
> Support for dynamic policies has been added. In J2SDK
> releases prior to version 1.4, classes were statically
> bound with permissions by querying security policy
> during class loading. The lifetime of this binding was
> scoped by the lifetime of the class loader. In version
> 1.4 this binding is now deferred until needed by a
> security check. The lifetime of the binding is now
> scoped by the lifetime of the security policy.
   -- http://java.sun.com/j2se/1.4/docs/guide/security/

$B$H$$$&$N$,(B -$BM7$s$G$_$k$K$O(B- $BLLGr$$$H;W$$$^$9!#(B

$B$3$J$+(B
