====================================================================== 原文: The JDK1.2 security model is more sophisticated than the model used for JDK1.1. JDK1.2 contains enhancements for finer-grained security and requires
code to be granted specific permissions to be allowed to perform certain operations. In JDK1.1, code in the class path is trusted and can perform any operation; downloaded code is governed by the rules of the installed security manager. If you run this example in JDK1.2, you need to specify a policy file when you run your server and client. Here is a general policy file that allows downloaded code, from any codebase, to do two things: connect to or accept connections on unprivileged ports (ports greater than
1024) on any host, and connect to port 80 (the port for HTTP). grant { permission java.net.SocketPermission "*:1024-65535", "connect,accept"; permission java.net.SocketPermission "*:80", "connect"; };
If you make your code available for downloading via HTTP URLs, you should use the policy file above when you run this example. However, if you use file URLs instead, you can use the policy file below. Note that in Windows-style file names, the backslash character needs to be represented by
two backslash characters in the policy file. grant { permission java.net.SocketPermission "*:1024-65535", "connect,accept"; permission java.io.FilePermission "c:\\home\\ann\\public_html\\classes\\-", "read"; permission java.io.FilePermission "c:\\home\\jones\\public_html\\classes\\-", "read"; };
This example assumes that the policy file is called java.policy and contains
the appropriate permissions. If you run this example on JDK1.1, you will not
need to use a policy file, since the RMISecurityManager provides all the protection you need.
