Contents | Package | Class | Tree | Deprecated | Index | Help | Java 1.2 Beta 3 | ||
PREV | NEXT | SHOW LISTS | HIDE LISTS |
java.lang.Object | +----java.lang.SecurityManager
The SecurityManager
class contains many methods with
names that begin with the word check
. These methods
are called by various methods in the Java libraries before those
methods perform certain potentially sensitive operations. The
invocation of such a check method typically looks like this:
SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkXXX(argument, . . . ); }
The security manager is thereby given an opportunity to prevent
completion of the operation by throwing an exception. A security
manager routine simply returns if the operation is permitted, but
throws a SecurityException
if the operation is not
permitted. The only exception to this convention is
checkTopLevelWindow
, which returns a
boolean
value.
The current security manager is set by the
setSecurityManager
method in class
System
. The current security manager is obtained
by the getSecurityManager
method.
As of JDK 1.2, the default implementation of each of the
check
XXX methods is to use the AccessController
to determine if the caller has permission to perform the requested
operation.
The special method checkPermission determines whether an access request indicated by a specified permission should be granted or denied. The default implementation calls
AccessController.checkPermission(perm);
If a requested access is allowed,
checkPermission
returns quietly. If denied, a
SecurityException is thrown.
Note that the checkPermission
method with
just a single permission argument always performs security checks
within the context of the currently executing thread.
Sometimes a security check that should be made within a given context
will actually need to be done from within a
different context (for example, from within a worker thread).
The getSecurityContext method and
the checkPermission
method that includes a context argument are provided
for this situation. The
getSecurityContext
method returns a "snapshot"
of the current calling context. (The default implementation
returns an AccessControlContext object.) A sample call is
the following:
Object context = null; SecurityManager sm = System.getSecurityManager(); if (sm != null) context = sm.getSecurityContext();
The checkPermission
method
that takes a context object (in addition to a permission)
makes access decisions based on that context,
rather than that of the current execution thread.
Code within a different context can thus call that method,
passing the permission and the
previously-saved context object. A sample call (using the
SecurityManager sm
obtained as in the previous example)
is the following:
if (sm != null) sm.checkPermission(permission, context);
Permissions fall into these categories: File, Socket, Net,
Security, Runtime, Property, and AWT. The classes managing these various
permission categories are java.io.FilePermission
,
java.net.SocketPermission
,
java.net.NetPermission
,
java.security.SecurityPermission
,
java.lang.RuntimePermission
,
java.util.PropertyPermission
, and
java.awt.AWTPermission
.
All but the first two (FilePermission and SocketPermission) are
subclasses of java.security.BasicPermission
, which itself
is an abstract subclass of the
top-level class for permissions, which is
java.security.Permission
. BasicPermission defines the
functionality needed for all permissions that contain a name
that follows the hierarchical property naming convention
(for example, "exit", "setFactory", "print.queueJob", etc).
An asterisk
may appear at the end of the name, following a ".", or by itself, to
signify a wildcard match. For example: "a.*" or "*" is valid,
"*a" or "a*b" is not valid.
FilePermission and SocketPermission are subclasses of the
top-level class for permissions
(java.security.Permission
). Classes like these
that have a more complicated name syntax than that used by
BasicPermission subclass directly from Permission rather than from
BasicPermission. For example,
for a java.io.FilePermission
object, the permission name is
the pathname of a file (or directory).
Some of the permission classes have an "actions" list that tells
the actions that are permitted for the object. For example,
for a java.io.FilePermission
object, the actions list
(such as "read, write") specifies which actions are granted for the
specified file (or for files in the specified directory).
Other permission classes are for "named" permissions - ones that contain a name but no actions list; you either have the named permission or you don't.
Note: There is also a java.security.AllPermission
permission that implies all permissions. It exists to simplify the work
of system administrators who might need to perform multiple
tasks that require all (or numerous) permissions.
The permission namespace is organized in the manner shown below. For each category, the category name is given, followed by an indented list of permission names (such as "createClassLoader" and "exit") and permission name types in braces (such as "{property name}" to represent an actual property name). Each permission name (or name type) is followed by the name in parentheses of the SecurityManager class(es) that handle that kind of permission.
RuntimePermission createClassLoader (checkCreateClassLoader) exit (checkExit) setFactory (checkSetFactory) setIO (java.lang.System.{setIn,setOut,SetErr}) thread (checkAccess(Thread), checkAccess(ThreadGroup)) fileDescriptor.read (checkRead(FileDescriptor)) fileDescriptor.write (checkWrite(FileDescriptor)) loadLibrary.{library name} (checkLink) package.access.{package name} (checkPackageAccess) package.define.{package name} (checkPackageDefinition) reflect.declared.{class name} (checkMemberAccess) print.queueJob (checkPrintJobAccess) NetPermission multicast (checkMulticast) Authenticator.setDefault Authenticator.requestPasswordAuthentication PropertyPermission * (checkPropertiesAccess) {property name} (checkPropertyAccess) AWTPermission topLevelWindow (checkTopLevelWindow) systemClipboard (checkSystemClipboardAccess) eventQueue (checkAwtEventQueueAccess) SecurityPermission {action} (checkSecurityAccess) FilePermission {file or directory pathname} (checkExec, checkRead(String), checkWrite(String), checkDelete} SocketPermission {host:port} {checkConnect, checkListen, checkAccept}
Field Summary | |
boolean | inCheck
true if there is a security check in
progress; false otherwise.
Deprecated |
Constructor Summary | |
SecurityManager()
SecurityManager .
|
Method Summary | |
void | checkAccept(String host,
int port)
SecurityException if the
calling thread is not permitted to accept a socket connection from
the specified host and port number.
|
void | checkAccess(Thread t)
SecurityException if the
calling thread is not allowed to modify the thread argument.
|
void | checkAccess(ThreadGroup g)
SecurityException if the
calling thread is not allowed to modify the thread group argument.
|
void | checkAwtEventQueueAccess()
|
void | checkConnect(String host,
int port)
SecurityException if the
calling thread is not allowed to open a socket connection to the
specified host and port number.
|
void | checkConnect(String host,
int port,
Object context)
SecurityException if the
specified security context is not allowed to open a socket
connection to the specified host and port number.
|
void | checkCreateClassLoader()
SecurityException if the
calling thread is not allowed to create a new class loader.
|
void | checkDelete(String file)
SecurityException if the
calling thread is not allowed to delete the specified file.
|
void | checkExec(String cmd)
SecurityException if the
calling thread is not allowed to create a subprocess.
|
void | checkExit(int status)
SecurityException if the
calling thread is not allowed to cause the Java Virtual Machine to
halt with the specified status code.
|
void | checkLink(String lib)
SecurityException if the
calling thread is not allowed to dynamic link the library code
specified by the string argument file.
|
void | checkListen(int port)
SecurityException if the
calling thread is not allowed to wait for a connection request on
the specified local port number.
|
void | checkMemberAccess(Class clazz,
int which)
|
void | checkMulticast(InetAddress maddr)
|
void | checkMulticast(InetAddress maddr,
byte ttl)
|
void | checkPackageAccess(String pkg)
SecurityException if the
calling thread is not allowed to access the package specified by
the argument.
|
void | checkPackageDefinition(String pkg)
SecurityException if the
calling thread is not allowed to define classes in the package
specified by the argument.
|
void | checkPermission(Permission perm)
SecurityException if the requested
access, specified by the given permission, is not permitted based
on the security policy currently in effect.
|
void | checkPermission(Permission perm,
Object context)
SecurityException if the
specified security context is denied access to the resource
specified by the given permission.
|
void | checkPrintJobAccess()
|
void | checkPropertiesAccess()
SecurityException if the
calling thread is not allowed to access or modify the system
properties.
|
void | checkPropertyAccess(String key)
SecurityException if the
calling thread is not allowed to access the system property with
the specified key name.
|
void | checkRead(FileDescriptor fd)
SecurityException if the
calling thread is not allowed to read from the specified file
descriptor.
|
void | checkRead(String file)
SecurityException if the
calling thread is not allowed to read the file specified by the
string argument.
|
void | checkRead(String file,
Object context)
SecurityException if the
specified security context is not allowed to read the file
specified by the string argument.
|
void | checkSecurityAccess(String action)
|
void | checkSetFactory()
SecurityException if the
calling thread is not allowed to set the socket factory used by
ServerSocket or Socket , or the stream
handler factory used by URL .
|
void | checkSystemClipboardAccess()
|
boolean | checkTopLevelWindow(Object window)
false if the calling
thread is not trusted to bring up the top-level window indicated
by the window argument.
|
void | checkWrite(FileDescriptor fd)
SecurityException if the
calling thread is not allowed to write to the specified file
descriptor.
|
void | checkWrite(String file)
SecurityException if the
calling thread is not allowed to write to the file specified by
the string argument.
|
int | classDepth(String name)
|
int | classLoaderDepth()
|
ClassLoader | currentClassLoader()
|
Class | currentLoadedClass()
|
Class[] | getClassContext()
|
boolean | getInCheck()
|
Object | getSecurityContext()
|
ThreadGroup | getThreadGroup()
|
boolean | inClass(String name)
|
boolean | inClassLoader()
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
protected boolean inCheck
checkPermission
call be used instead.
true
if there is a security check in
progress; false
otherwise.Constructor Detail |
public SecurityManager()
SecurityManager
. An application is
not allowed to create a new security manager if there is already a
current security manager.Method Detail |
public boolean getInCheck()
checkPermission
call be used instead.
inCheck
field. This field
should contain true
if a security check is
in progress,
false
otherwise.protected Class[] getClassContext()
The length of the array is the number of methods on the execution
stack. The element at index 0
is the class of the
currently executing method, the element at index 1
is
the class of that method's caller, and so on.
protected ClassLoader currentClassLoader()
null
if there is no occurrence on the
stack of a method from a class defined using a class loader.protected Class currentLoadedClass()
protected int classDepth(String name)
checkPermission
call be used instead.
name
- the fully qualified name of the class to search for.
-1
if such a frame cannot be found.protected int classLoaderDepth()
checkPermission
call be used instead.
-1
if there is no occurrence of a method from
a class defined using a class loader.protected boolean inClass(String name)
checkPermission
call be used instead.
name
- the fully qualified name of the class.
true
if a method from a class with the specified
name is on the execution stack; false
otherwise.protected boolean inClassLoader()
checkPermission
call be used instead.
true
if a method from a class defined using a
class loader is on the execution stack.public Object getSecurityContext()
checkConnect
method and by the
two-argument checkRead
method.
The default implementation of this method is to return
an AccessControlContext
object.
These methods are needed because a trusted method may be called on to read a file or open a socket on behalf of another method. The trusted method needs to determine if the other (possibly untrusted) method would be allowed to perform the operation on its own.
public void checkPermission(Permission perm)
SecurityException
if the requested
access, specified by the given permission, is not permitted based
on the security policy currently in effect.
The checkPermission
method for class
SecurityManager
calls
AccessController.checkPermission
with the
given permission.
perm
- the requested permission
public void checkPermission(Permission perm, Object context)
SecurityException
if the
specified security context is denied access to the resource
specified by the given permission.
The context must be a security
context returned by a previous call to
getSecurityContext
and the access control
decision is based upon the configured security policy for
that security context.
If context
is an instance of
AccessControlContext
then the
AccessControlContext.checkPermission
method will
be invoked with the specified permission.
If context
is not an instance of
AccessControlContext
then a
SecurityException
is thrown.
perm
- the specified permission
context
- a system-dependent security context.
public void checkCreateClassLoader()
SecurityException
if the
calling thread is not allowed to create a new class loader.
The checkCreateClassLoader
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("createClassLoader")
permission.
public void checkAccess(Thread t)
SecurityException
if the
calling thread is not allowed to modify the thread argument.
This method is invoked for the current security manager by the
stop
, suspend
, resume
,
setPriority
, setName
, and
setDaemon
methods of class Thread
.
The checkAccess
method for class
SecurityManager
first sees if the current
thread's ThreadGroup is a parent of t
's ThreadGroup.
If so, it returns. If not it calls
checkPermission
with the
RuntimePermission("thread")
permission.
t
- the thread to be checked.
public void checkAccess(ThreadGroup g)
SecurityException
if the
calling thread is not allowed to modify the thread group argument.
This method is invoked for the current security manager when a
new child thread or child thread group is created, and by the
setDaemon
, setMaxPriority
,
stop
, suspend
, resume
, and
destroy
methods of class ThreadGroup
.
The checkAccess
method for class
SecurityManager
first sees if the current
thread's ThreadGroup is a parent of t
's ThreadGroup.
If so, it returns. If not it calls
checkPermission
with the
RuntimePermission("thread")
permission.
g
- the thread group to be checked.
public void checkExit(int status)
SecurityException
if the
calling thread is not allowed to cause the Java Virtual Machine to
halt with the specified status code.
This method is invoked for the current security manager by the
exit
method of class Runtime
. A status
of 0
indicates success; other values indicate various
errors.
The checkExit
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("exit")
permission.
status
- the exit status.
public void checkExec(String cmd)
SecurityException
if the
calling thread is not allowed to create a subprocess.
This method is invoked for the current security manager by the
exec
methods of class Runtime
.
The checkExec
method for class
SecurityManager
calls
checkPermission
with the
FilePermission(cmd,"execute")
permission.
cmd
- the specified system command.
public void checkLink(String lib)
SecurityException
if the
calling thread is not allowed to dynamic link the library code
specified by the string argument file. The argument is either a
simple library name or a complete filename.
This method is invoked for the current security manager by
methods load
and loadLibrary
of class
Runtime
.
The checkLink
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("loadLibrary."+lib)
permission.
lib
- the name of the library.
public void checkRead(FileDescriptor fd)
SecurityException
if the
calling thread is not allowed to read from the specified file
descriptor.
The checkRead
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("fileDescriptor.read")
permission.
fd
- the system-dependent file descriptor.
public void checkRead(String file)
SecurityException
if the
calling thread is not allowed to read the file specified by the
string argument.
The checkRead
method for class
SecurityManager
calls
checkPermission
with the
FilePermission(file,"read")
permission.
file
- the system-dependent file name.
public void checkRead(String file, Object context)
SecurityException
if the
specified security context is not allowed to read the file
specified by the string argument. The context must be a security
context returned by a previous call to
getSecurityContext
.
If context
is an instance of
AccessControlContext
then the
AccessControlContext.checkPermission
method will
be invoked with the FilePermission(file,"read")
permission.
If context
is not an instance of
AccessControlContext
then a
SecurityException
is thrown.
file
- the system-dependent filename.
context
- a system-dependent security context.
public void checkWrite(FileDescriptor fd)
SecurityException
if the
calling thread is not allowed to write to the specified file
descriptor.
The checkWrite
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("fileDescriptor.write")
permission.
fd
- the system-dependent file descriptor.
public void checkWrite(String file)
SecurityException
if the
calling thread is not allowed to write to the file specified by
the string argument.
The checkWrite
method for class
SecurityManager
calls
checkPermission
with the
FilePermission(file,"write")
permission.
file
- the system-dependent filename.
public void checkDelete(String file)
SecurityException
if the
calling thread is not allowed to delete the specified file.
This method is invoked for the current security manager by the
delete
method of class File
.
The checkDelete
method for class
SecurityManager
calls
checkPermission
with the
FilePermission(file,"delete")
permission.
file
- the system-dependent filename.
public void checkConnect(String host, int port)
SecurityException
if the
calling thread is not allowed to open a socket connection to the
specified host and port number.
A port number of -1
indicates that the calling
method is attempting to determine the IP address of the specified
host name.
The checkConnect
method for class
SecurityManager
calls
checkPermission
with the
SocketPermission(host+":"+port,"connect")
permission if
the port is not equal to -1. If the port is equal to -1, then
it calls checkPermission
with the
SocketPermission(host,"resolve")
permission.
host
- the host name port to connect to.
port
- the protocol port to connect to.
host
and port
.public void checkConnect(String host, int port, Object context)
SecurityException
if the
specified security context is not allowed to open a socket
connection to the specified host and port number.
A port number of -1
indicates that the calling
method is attempting to determine the IP address of the specified
host name.
If context
is an instance of
AccessControlContext
then the
AccessControlContext.checkPermission
method will
be invoked with the
SocketPermission(host+":"+port,"connect")
permission if
the port is not equal to -1. If the port is equal to -1, then
it calls checkPermission
with the
SocketPermission(host,"resolve")
permission.
If context
is not an instance of
AccessControlContext
then a
SecurityException
is thrown.
host
- the host name port to connect to.
port
- the protocol port to connect to.
context
- a system-dependent security context.
host
and port
.public void checkListen(int port)
SecurityException
if the
calling thread is not allowed to wait for a connection request on
the specified local port number.
If port is not 0, the checkListen
method for class
SecurityManager
calls
checkPermission
with the
SocketPermission("localhost:"+port,"listen")
.
If port is zero, calls checkPermission
with SocketPermission("localhost:1024-","listen").
port
- the local port.
public void checkAccept(String host, int port)
SecurityException
if the
calling thread is not permitted to accept a socket connection from
the specified host and port number.
This method is invoked for the current security manager by the
accept
method of class ServerSocket
.
The checkAccept
method for class
SecurityManager
calls
checkPermission
with the
SocketPermission(host+":"+port,"accept")
permission.
host
- the host name of the socket connection.
port
- the port number of the socket connection.
public void checkMulticast(InetAddress maddr)
The checkMulticast
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("multicast")
permission.
maddr
- Internet group address to be used.
public void checkMulticast(InetAddress maddr, byte ttl)
The checkMulticast
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("multicast")
permission.
maddr
- Internet group address to be used.
ttl
- value in use, if it is multicast send.
public void checkPropertiesAccess()
SecurityException
if the
calling thread is not allowed to access or modify the system
properties.
This method is used by the getProperties
and
setProperties
methods of class System
.
The checkPropertiesAccess
method for class
SecurityManager
calls
checkPermission
with the
PropertyPermission("*", "read,write")
permission.
public void checkPropertyAccess(String key)
SecurityException
if the
calling thread is not allowed to access the system property with
the specified key
name.
This method is used by the getProperty
method of
class System
.
The checkPropertyAccess
method for class
SecurityManager
calls
checkPermission
with the
PropertyPermission(key, "read")
permission.
key
- a system property key.
public boolean checkTopLevelWindow(Object window)
false
if the calling
thread is not trusted to bring up the top-level window indicated
by the window
argument. In this case, the caller can
still decide to show the window, but the window should include
some sort of visual warning. If the method returns
true
, then the window can be shown without any
special restrictions.
See class Window
for more information on trusted and
untrusted windows.
This method calls
checkPermission
with the
AWTPermission("topLevelWindow")
permission,
and returns true if an SecurityException is not thrown, otherwise
it returns false.
window
- the new window that is being created.
true
if the caller is trusted to put up
top-level windows; false
otherwise.public void checkPrintJobAccess()
checkPermission
with the
RuntimePermission("print.queueJob")
permission.
public void checkSystemClipboardAccess()
This method calls checkPermission
with the
AWTPermission("systemClipboard")
permission.
public void checkAwtEventQueueAccess()
This method calls checkPermission
with the
AWTPermission("eventQueue")
permission.
public void checkPackageAccess(String pkg)
SecurityException
if the
calling thread is not allowed to access the package specified by
the argument.
This method is used by the loadClass
method of class
loaders.
The checkPackageAccess
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("package.access."+pkg)
permission.
pkg
- the package name.
public void checkPackageDefinition(String pkg)
SecurityException
if the
calling thread is not allowed to define classes in the package
specified by the argument.
This method is used by the loadClass
method of some
class loaders.
The checkPackageDefinition
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("package.define."+pkg)
permission.
pkg
- the package name.
public void checkSetFactory()
SecurityException
if the
calling thread is not allowed to set the socket factory used by
ServerSocket
or Socket
, or the stream
handler factory used by URL
.
The checkSetFactory
method for class
SecurityManager
calls
checkPermission
with the
RuntimePermission("setFactory")
permission.
public void checkMemberAccess(Class clazz, int which)
checkPermission
with the RuntimePermission("reflect.declared."+clazz.getName())
permission.public void checkSecurityAccess(String action)
This method calls
checkPermission
with the
SecurityPermission(action)
permission.
action
- the security API action to check against.
public ThreadGroup getThreadGroup()
Contents | Package | Class | Tree | Deprecated | Index | Help | Java 1.2 Beta 3 | ||
PREV | NEXT | SHOW LISTS | HIDE LISTS |