Trail: Security Features in Java SE

« Previous • Trail • Next »

~~The Java Tutorials have been written for JDK 8.~~Java教程是为JDK 8编写的。~~Examples and practices described in this page don't take advantage of improvements introduced in later releases and might use technology no longer available.~~本页中描述的示例和实践没有利用后续版本中引入的改进，并且可能使用不再可用的技术。
~~See Java Language Changes for a summary of updated language features in Java SE 9 and subsequent releases.~~有关Java SE 9及其后续版本中更新的语言特性的摘要，请参阅Java语言更改。
~~See JDK Release Notes for information about new features, enhancements, and removed or deprecated options for all JDK releases.~~有关所有JDK版本的新功能、增强功能以及已删除或不推荐的选项的信息，请参阅JDK发行说明。

Lesson: Signing Code and Granting It Permissions课：签名代码并授予其权限

~~This lesson shows how to use keytool, jarsigner, Policy Tool and jar to place files into JAR (Java ARchive) files for subsequent signing by the jarsigner tool.~~本课将展示如何使用keytool、jarsigner、Policy Tool和jar将文件放入jar(Java ARchive)文件中，以便jarsigner工具进行后续签名。

~~This lesson has two parts. First, you will create and deploy an application. Second; you will act as the recipient of a signed application.~~本课分为两部分。首先，您将创建并部署一个应用程序。第二；您将作为已签名申请的收件人。

~~Here are the steps to create and deploy an application:~~以下是创建和部署应用程序的步骤：

Note: ~~For convenience, you pretend to be a user/developer named Susan Jones. You need to define Susan Jones when you generate the keys.~~为了方便起见，你假装是一个名叫苏珊·琼斯的用户/开发人员。生成密钥时需要定义Susan Jones。

~~Put Java class files comprising your application into a JAR file~~将组成应用程序的Java类文件放入JAR文件中
~~Sign the JAR file~~签署JAR文件
~~Export the public key certificate corresponding to the private key used to sign the JAR file~~导出用于签名JAR文件的私钥对应的公钥证书

~~Here are the steps to grant permissions to an application~~以下是向应用程序授予权限的步骤

Note: ~~For convenience, you pretend to be a user named Ray.~~为了方便起见，您可以假装是一个名为Ray的用户。

~~You see how the signed application cannot normally read a file when it is run under a security manager.~~您可以看到，当签名的应用程序在安全管理器下运行时，它通常无法读取文件。
~~Use keytool to import a certificate into Ray's keystore in an entry aliased by susan~~使用keytool在susan别名的条目中将证书导入到Ray的密钥库中
~~Use the Policy Tool to create an entry in Ray's policy file to permit code signed by susan to read the specified file.~~使用策略工具在Ray的策略文件中创建一个条目，以允许susan签名的代码读取指定的文件。
~~Finally, you see how the application running under a security manager can now read the file, since it has been granted permission to do so.~~最后，您将看到在安全管理器下运行的应用程序现在如何读取文件，因为它已被授予读取权限。

~~For more information about digital signatures, certificates, keystores, and the tools, see the API and Tools Use for Secure Code and File Exchanges lesson.~~有关数字签名、证书、密钥库和工具的更多信息，请参阅API和用于安全代码和文件交换的工具课程。

Important: You need to perform the tasks in this lesson while working in the directory in which you store the sample application, but you should store the data file needed by the application in a different directory. 在存储示例应用程序的目录中工作时，需要执行本课中的任务，但应将应用程序所需的数据文件存储在其他目录中。~~All examples in this trail assume that you are working in the C:\Test directory, and that the data file is in the C:\TestData directory.~~本文中的所有示例都假设您在C:\Test目录中工作，并且数据文件在C:\TestData目录中。

~~If you are working on a UNIX system, substitute your own directory names.~~ 如果您在UNIX系统上工作，请替换您自己的目录名。

~~Here are the steps:~~以下是步骤：

« Previous • Trail • Next »