Contents | Package | Class | Tree | Deprecated | Index | Help | Java 1.2 Beta 3 | ||
PREV | NEXT | SHOW LISTS | HIDE LISTS |
java.lang.Object | +----java.security.AccessController
The AccessController class is used for three purposes, each of which is described in further detail below:
There is only one instance of AccessController in each Java runtime.
The checkPermission method
determines whether the access request indicated by a specified
permission should be granted or denied. A sample call appears
below. In this example, checkPermission
will determine
whether or not to grant "read" access to the file named "testFile" in
the "/temp" directory.
FilePermission perm = new FilePermission("/temp/testFile", "read"); AccessController.checkPermission(perm);
If a requested access is allowed,
checkPermission
returns quietly. If denied, an
AccessControlException is
thrown. AccessControlException can also be thrown if the requested
permission is of an incorrect type or contains an invalid value.
Such information is given whenever possible.
Suppose the current thread traversed m callers, in the order of caller 1
to caller 2 to caller m. Then caller m invoked the
checkPermission
method.
The checkPermission
method determines whether access
is granted or denied based on the following algorithm:
i = m; while (i > 0) { if (caller i's domain does not have the permission) throw AccessControlException else if (caller i is marked as privileged) { if (a context was specified in the call to beginPrivileged) context.checkPermission(permission) else return; } i = i - 1; }; // Next, check the context inherited when // the thread was created. Whenever a new thread is created, the // AccessControlContext at that time is // stored and associated with the new thread, as the "inherited" // context. inheritedContext.checkPermission(permission);
A caller can be marked as being "privileged"
(see beginPrivileged and below).
When making access control decisions, the checkPermission
method stops checking if it reaches a caller that
was marked as "privileged" via a beginPrivileged
call without a context argument (see below for information about a
context argument). If that caller's domain has the
specified permission, no further checking is done and checkPermission
returns quietly, indicating that the requested access is allowed.
If that domain does not have the specified permission, an exception is thrown,
as usual.
The normal use of the "privileged" feature is as follows. Note the use of
the try/finally
block to ensure the privileged section is always
exited:
somemethod() { ...normal code here... try { AccessController.beginPrivileged(); // privileged code goes here, for example: System.loadLibrary("awt"); } finally { AccessController.endPrivileged(); } ...normal code here... }
Be *very* careful in your use of the "privileged" construct, and always remember to make the privileged code section as small as possible.
Note that checkPermission
always performs security checks
within the context of the currently executing thread.
Sometimes a security check that should be made within a given context
will actually need to be done from within a
different context (for example, from within a worker thread).
The getContext method and
AccessControlContext class are provided
for this situation. The getContext
method takes a "snapshot"
of the current calling context, and places
it in an AccessControlContext object, which it returns. A sample call is
the following:
AccessControlContext acc = AccessController.getContext()
AccessControlContext itself has a checkPermission
method
that makes access decisions based on the context it encapsulates,
rather than that of the current execution thread.
Code within a different context can thus call that method on the
previously-saved AccessControlContext object. A sample call is the
following:
acc.checkPermission(permission)
There are also times where you don't know a priori which permissions to check the context against. In these cases you can use the beginPrivileged method that takes a context:
somemethod() { ...normal code here... try { AccessController.beginPrivileged(acc); // Code goes here. Any permission checks from this // point forward require both the current context and // the snapshot's context to have the desired permission. } finally { AccessController.endPrivileged(); } ...normal code here...
Method Summary | |
static void | beginPrivileged()
|
static void | beginPrivileged(AccessControlContext context)
|
static void | checkPermission(Permission perm)
|
static void | endPrivileged()
|
static AccessControlContext | getContext()
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
public static void beginPrivileged()
public static void beginPrivileged(AccessControlContext context)
public static void endPrivileged()
beginPrivileged
call.public static AccessControlContext getContext()
public static void checkPermission(Permission perm) throws AccessControlException
perm
- the requested permission.
Contents | Package | Class | Tree | Deprecated | Index | Help | Java 1.2 Beta 3 | ||
PREV | NEXT | SHOW LISTS | HIDE LISTS |