JUnit SecurityManager

Java程序在默认情况下是没有安装默认的安全管理器，所以如果需要使用安全管理器，需要在运行时指定启动项：-Djava.security.manager。

但在使用JUnit运行时，比如运行测试用例，可能会出现问题：

java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:3063 connect,resolve)

at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)

at java.security.AccessController.checkPermission(AccessController.java:546)

at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)

at java.net.Socket.connect(Socket.java:513)

at java.net.Socket.connect(Socket.java:469)

at java.net.Socket.<init>(Socket.java:366)

at java.net.Socket.<init>(Socket.java:180)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.connect(RemoteTestRunner.java:570)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:373)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)

看如下程序：

public class SecurityManager1Test {

/**

* -Djava.security.manager

* permission java.net.SocketPermission "127.0.0.1:*", "connect,resolve";

* permission java.lang.RuntimePermission "accessDeclaredMembers";

@Test

public void getSecurityManager() {

SecurityManager sm = System.getSecurityManager();

if (sm == null) {

System.out.println("no security manager");

} else {

System.out.println("exist security manager");

}

在运行时如果不加上启动项：-Djava.security.manager，运行结果如下：

no security manager

如果加上启动项：-Djava.security.manager，运行结果如下：

java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:3070 connect,resolve)

at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)

at java.security.AccessController.checkPermission(AccessController.java:546)

at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)

at java.net.Socket.connect(Socket.java:513)

at java.net.Socket.connect(Socket.java:469)

at java.net.Socket.<init>(Socket.java:366)

at java.net.Socket.<init>(Socket.java:180)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.connect(RemoteTestRunner.java:570)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:373)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)

这个时候需要添加访问权限，具体在jre\lib\security\java.policy策略文件中添加访问策略。

在上面的错误信息，应该是没有java.net.SocketPermission 127.0.0.1:3165 connect,resolve访问权限，打开jre\lib\security\java.policy，在最后添加：

permission java.net.SocketPermission "127.0.0.1:*", "connect,resolve";

运行后结果如下：

java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)

at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)

at java.security.AccessController.checkPermission(AccessController.java:546)

at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)

at java.lang.Class.checkMemberAccess(Class.java:2157)

at java.lang.Class.getDeclaredMethods(Class.java:1790)

at org.junit.internal.MethodSorter.getDeclaredMethods(MethodSorter.java:54)

at org.junit.runners.model.TestClass.scanAnnotatedMembers(TestClass.java:65)

at org.junit.runners.model.TestClass.<init>(TestClass.java:57)

at org.junit.runners.ParentRunner.createTestClass(ParentRunner.java:88)

at org.junit.runners.ParentRunner.<init>(ParentRunner.java:83)

at org.junit.runners.BlockJUnit4ClassRunner.<init>(BlockJUnit4ClassRunner.java:65)

at org.junit.internal.builders.JUnit4Builder.runnerForClass(JUnit4Builder.java:10)

at org.junit.runners.model.RunnerBuilder.safeRunnerForClass(RunnerBuilder.java:59)

at org.junit.internal.builders.AllDefaultPossibilitiesBuilder.runnerForClass(AllDefaultPossibilitiesBuilder.java:26)

at org.junit.runners.model.RunnerBuilder.safeRunnerForClass(RunnerBuilder.java:59)

at org.junit.internal.requests.ClassRequest.getRunner(ClassRequest.java:33)

at org.eclipse.jdt.internal.junit4.runner.JUnit4TestLoader.createUnfilteredTest(JUnit4TestLoader.java:84)

at org.eclipse.jdt.internal.junit4.runner.JUnit4TestLoader.createTest(JUnit4TestLoader.java:70)

at org.eclipse.jdt.internal.junit4.runner.JUnit4TestLoader.loadTests(JUnit4TestLoader.java:43)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:444)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)

还是报错，需要添加java.lang.RuntimePermission accessDeclaredMembers访问策略，打开jre\lib\security\java.policy，在最后添加：

permission java.lang.RuntimePermission "accessDeclaredMembers";

运行后结果如下：

exist security manager

猜你喜欢