|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjava.lang.SecurityManager
public class SecurityManager
SecurityManager is a class you can extend to create your own Java
security policy. By default, there is no SecurityManager installed in
1.1, which means that all things are permitted to all people. The security
manager, if set, is consulted before doing anything with potentially
dangerous results, and throws a SecurityException
if the
action is forbidden.
A typical check is as follows, just before the dangerous operation:
SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkABC(argument, ...);Note that this is thread-safe, by caching the security manager in a local variable rather than risking a NullPointerException if the mangager is changed between the check for null and before the permission check.
The special method checkPermission
is a catchall, and
the default implementation calls
AccessController.checkPermission
. In fact, all the other
methods default to calling checkPermission.
Sometimes, the security check needs to happen from a different context,
such as when called from a worker thread. In such cases, use
getSecurityContext
to take a snapshot that can be passed
to the worker thread:
Object context = null; SecurityManager sm = System.getSecurityManager(); if (sm != null) context = sm.getSecurityContext(); // defaults to an AccessControlContext // now, in worker thread if (sm != null) sm.checkPermission(permission, context);
Permissions fall into these categories: File, Socket, Net, Security,
Runtime, Property, AWT, Reflect, and Serializable. Each of these
permissions have a property naming convention, that follows a hierarchical
naming convention, to make it easy to grant or deny several permissions
at once. Some permissions also take a list of permitted actions, such
as "read" or "write", to fine-tune control even more. The permission
java.security.AllPermission
grants all permissions.
The default methods in this class deny all things to all people. You must explicitly grant permission for anything you want to be legal when subclassing this class.
ClassLoader
,
SecurityException
,
checkTopLevelWindow(Object)
,
System.getSecurityManager()
,
System.setSecurityManager(SecurityManager)
,
AccessController
,
AccessControlContext
,
AccessControlException
,
Permission
,
BasicPermission
,
FilePermission
,
SocketPermission
,
PropertyPermission
,
RuntimePermission
,
AWTPermission
,
Policy
,
SecurityPermission
,
ProtectionDomain
Field Summary | |
---|---|
protected boolean |
inCheck
Deprecated. Use checkPermission(Permission) instead. |
Constructor Summary | |
---|---|
SecurityManager()
Construct a new security manager. |
Method Summary | |
---|---|
void |
checkAccept(String host,
int port)
Check if the current thread is allowed to accept a connection from a particular host on a particular port. |
void |
checkAccess(Thread thread)
Check if the current thread is allowed to modify another Thread. |
void |
checkAccess(ThreadGroup g)
Check if the current thread is allowed to modify a ThreadGroup. |
void |
checkAwtEventQueueAccess()
Check if the current thread is allowed to use the AWT event queue. |
void |
checkConnect(String host,
int port)
Check if the current thread is allowed to connect to a given host on a given port. |
void |
checkConnect(String host,
int port,
Object context)
Check if the current thread is allowed to connect to a given host on a given port, using the given security context. |
void |
checkCreateClassLoader()
Check if the current thread is allowed to create a ClassLoader. |
void |
checkDelete(String filename)
Check if the current thread is allowed to delete the given file. |
void |
checkExec(String program)
Check if the current thread is allowed to execute the given program. |
void |
checkExit(int status)
Check if the current thread is allowed to exit the JVM with the given status. |
void |
checkLink(String filename)
Check if the current thread is allowed to link in the given native library. |
void |
checkListen(int port)
Check if the current thread is allowed to listen to a specific port for data. |
void |
checkMemberAccess(Class<?> c,
int memberType)
Check if the current thread is allowed to get certain types of Methods, Fields and Constructors from a Class object. |
void |
checkMulticast(InetAddress addr)
Check if the current thread is allowed to read and write multicast to a particular address. |
void |
checkMulticast(InetAddress addr,
byte ttl)
Deprecated. use checkPermission(Permission) instead |
void |
checkPackageAccess(String packageName)
Check if the current thread is allowed to access the specified package at all. |
void |
checkPackageDefinition(String packageName)
Check if the current thread is allowed to define a class into the specified package. |
void |
checkPermission(Permission perm)
Check if the current thread is allowed to perform an operation that requires the specified Permission . |
void |
checkPermission(Permission perm,
Object context)
Check if the current thread is allowed to perform an operation that requires the specified Permission . |
void |
checkPrintJobAccess()
Check if the current thread is allowed to create a print job. |
void |
checkPropertiesAccess()
Check if the current thread is allowed to read or write all the system properties at once. |
void |
checkPropertyAccess(String key)
Check if the current thread is allowed to read a particular system property (writes are checked directly via checkPermission). |
void |
checkRead(FileDescriptor desc)
Check if the current thread is allowed to read the given file using the FileDescriptor. |
void |
checkRead(String filename)
Check if the current thread is allowed to read the given file. |
void |
checkRead(String filename,
Object context)
Check if the current thread is allowed to read the given file. using the given security context. |
void |
checkSecurityAccess(String action)
Test whether a particular security action may be taken. |
void |
checkSetFactory()
Check if the current thread is allowed to set the current socket factory. |
void |
checkSystemClipboardAccess()
Check if the current thread is allowed to use the system clipboard. |
boolean |
checkTopLevelWindow(Object window)
Check if the current thread is allowed to create a top-level window. |
void |
checkWrite(FileDescriptor desc)
Check if the current thread is allowed to write the given file using the FileDescriptor. |
void |
checkWrite(String filename)
Check if the current thread is allowed to write the given file. |
protected int |
classDepth(String className)
Deprecated. use checkPermission(Permission) instead |
protected int |
classLoaderDepth()
Deprecated. use checkPermission(Permission) instead |
protected ClassLoader |
currentClassLoader()
Deprecated. use checkPermission(Permission) instead |
protected Class<?> |
currentLoadedClass()
Deprecated. use checkPermission(Permission) instead |
protected Class[] |
getClassContext()
Get a list of all the classes currently executing methods on the Java stack. |
boolean |
getInCheck()
Deprecated. use checkPermission(Permission) instead |
Object |
getSecurityContext()
Get an implementation-dependent Object that contains enough information about the current environment to be able to perform standard security checks later. |
ThreadGroup |
getThreadGroup()
Get the ThreadGroup that a new Thread should belong to by default. |
protected boolean |
inClass(String className)
Deprecated. use checkPermission(Permission) instead |
protected boolean |
inClassLoader()
Deprecated. use checkPermission(Permission) instead |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected boolean inCheck
checkPermission(Permission)
instead.
Constructor Detail |
---|
public SecurityManager()
RuntimePermission("createSecurityManager")
.
SecurityException
- if permission is deniedMethod Detail |
---|
public boolean getInCheck()
checkPermission(Permission)
instead
inCheck
protected Class[] getClassContext()
protected ClassLoader currentClassLoader()
checkPermission(Permission)
instead
ClassLoader.getSystemClassLoader()
or its ancestors. This
will return null in three cases:
AccessController.doPrivileged(PrivilegedAction)
,
are from system classesjava.security.AllPermission
succeeds.
protected Class<?> currentLoadedClass()
checkPermission(Permission)
instead
ClassLoader.getSystemClassLoader()
or its ancestors. This
will return null in three cases:
AccessController.doPrivileged(PrivilegedAction)
,
are from system classesjava.security.AllPermission
succeeds.
protected int classDepth(String className)
checkPermission(Permission)
instead
className
- the fully-qualified name to search for
protected int classLoaderDepth()
checkPermission(Permission)
instead
ClassLoader.getSystemClassLoader()
or its ancestors. This
will return -1 in three cases:
AccessController.doPrivileged(PrivilegedAction)
,
are from system classesjava.security.AllPermission
succeeds.
protected boolean inClass(String className)
checkPermission(Permission)
instead
className
- the fully-qualified name of the class to find
protected boolean inClassLoader()
checkPermission(Permission)
instead
public Object getSecurityContext()
Currently the only methods that use this are checkRead() and
checkConnect(). The default implementation returns an
AccessControlContext
.
checkConnect(String, int, Object)
,
checkRead(String, Object)
,
AccessControlContext
,
AccessController.getContext()
public void checkPermission(Permission perm)
Permission
. This defaults to
AccessController.checkPermission
.
perm
- the Permission
required
SecurityException
- if permission is denied
NullPointerException
- if perm is nullpublic void checkPermission(Permission perm, Object context)
Permission
. This is done in a
context previously returned by getSecurityContext()
. The
default implementation expects context to be an AccessControlContext,
and it calls AccessControlContext.checkPermission(perm)
.
perm
- the Permission
requiredcontext
- a security context
SecurityException
- if permission is denied, or if context is
not an AccessControlContext
NullPointerException
- if perm is nullgetSecurityContext()
,
AccessControlContext.checkPermission(Permission)
public void checkCreateClassLoader()
RuntimePermission("createClassLoader")
. If you override
this, you should call super.checkCreateClassLoader()
rather
than throwing an exception.
SecurityException
- if permission is deniedClassLoader.ClassLoader()
public void checkAccess(Thread thread)
RuntimePermission("modifyThread")
on system threads
(ie. threads in ThreadGroup with a null parent), and returns silently on
other threads.
If you override this, you must do two things. First, call
super.checkAccess(t)
, to make sure you are not relaxing
requirements. Second, if the calling thread has
RuntimePermission("modifyThread")
, return silently, so that
core classes (the Classpath library!) can modify any thread.
thread
- the other Thread to check
SecurityException
- if permission is denied
NullPointerException
- if thread is nullThread.stop()
,
Thread.suspend()
,
Thread.resume()
,
Thread.setPriority(int)
,
Thread.setName(String)
,
Thread.setDaemon(boolean)
public void checkAccess(ThreadGroup g)
RuntimePermission("modifyThread")
on the system group
(ie. the one with a null parent), and returns silently on other groups.
If you override this, you must do two things. First, call
super.checkAccess(t)
, to make sure you are not relaxing
requirements. Second, if the calling thread has
RuntimePermission("modifyThreadGroup")
, return silently,
so that core classes (the Classpath library!) can modify any thread.
g
- the ThreadGroup to check
SecurityException
- if permission is denied
NullPointerException
- if g is nullThread.Thread()
,
ThreadGroup.ThreadGroup(String)
,
ThreadGroup.stop()
,
ThreadGroup.suspend()
,
ThreadGroup.resume()
,
ThreadGroup.interrupt()
,
ThreadGroup.setDaemon(boolean)
,
ThreadGroup.setMaxPriority(int)
public void checkExit(int status)
RuntimePermission("exitVM")
. If you override this, call
super.checkExit
rather than throwing an exception.
status
- the status to exit with
SecurityException
- if permission is deniedRuntime.exit(int)
,
Runtime.halt(int)
public void checkExec(String program)
FilePermission(program, "execute")
, otherwise it checks
FilePermission("<<ALL FILES>>", "execute")
. If
you override this, call super.checkExec
rather than
throwing an exception.
program
- the name of the program to exec
SecurityException
- if permission is denied
NullPointerException
- if program is nullRuntime.exec(String[], String[], File)
public void checkLink(String filename)
RuntimePermission("loadLibrary." + filename)
. If you
override this, call super.checkLink
rather than throwing
an exception.
filename
- the full name of the library to load
SecurityException
- if permission is denied
NullPointerException
- if filename is nullRuntime.load(String)
public void checkRead(FileDescriptor desc)
RuntimePermission("readFileDescriptor")
. If you override
this, call super.checkRead
rather than throwing an
exception.
desc
- the FileDescriptor representing the file to access
SecurityException
- if permission is denied
NullPointerException
- if desc is nullFileInputStream.FileInputStream(FileDescriptor)
public void checkRead(String filename)
FilePermission(filename, "read")
. If
you override this, call super.checkRead
rather than
throwing an exception.
filename
- the full name of the file to access
SecurityException
- if permission is denied
NullPointerException
- if filename is nullFile
,
FileInputStream.FileInputStream(String)
,
RandomAccessFile.RandomAccessFile(String, String)
public void checkRead(String filename, Object context)
getSecurityContext()
. The default implementation checks
AccessControlContext.checkPermission(new FilePermission(filename,
"read"))
. If you override this, call super.checkRead
rather than throwing an exception.
filename
- the full name of the file to accesscontext
- the context to determine access for
SecurityException
- if permission is denied, or if context is
not an AccessControlContext
NullPointerException
- if filename is nullgetSecurityContext()
,
AccessControlContext.checkPermission(Permission)
public void checkWrite(FileDescriptor desc)
RuntimePermission("writeFileDescriptor")
. If you override
this, call super.checkWrite
rather than throwing an
exception.
desc
- the FileDescriptor representing the file to access
SecurityException
- if permission is denied
NullPointerException
- if desc is nullFileOutputStream.FileOutputStream(FileDescriptor)
public void checkWrite(String filename)
FilePermission(filename, "write")
. If you override this,
call super.checkWrite
rather than throwing an exception.
filename
- the full name of the file to access
SecurityException
- if permission is denied
NullPointerException
- if filename is nullFile
,
File.canWrite()
,
File.mkdir()
,
File.renameTo(File)
,
FileOutputStream.FileOutputStream(String)
,
RandomAccessFile.RandomAccessFile(String, String)
public void checkDelete(String filename)
FilePermission(filename, "delete")
. If you override this,
call super.checkDelete
rather than throwing an exception.
filename
- the full name of the file to delete
SecurityException
- if permission is denied
NullPointerException
- if filename is nullFile.delete()
public void checkConnect(String host, int port)
SocketPermission(host, "resolve")
. Otherwise, the default
implementation checks
SocketPermission(host + ":" + port, "connect")
. If you
override this, call super.checkConnect
rather than throwing
an exception.
host
- the host to connect toport
- the port to connect on
SecurityException
- if permission is denied
NullPointerException
- if host is nullSocket.Socket()
public void checkConnect(String host, int port, Object context)
getSecurityContext
. A port
number of -1 indicates the caller is attempting to determine an IP
address, so the default implementation checks
AccessControlContext.checkPermission(new SocketPermission(host,
"resolve"))
. Otherwise, the default implementation checks
AccessControlContext.checkPermission(new SocketPermission(host
+ ":" + port, "connect"))
. If you override this, call
super.checkConnect
rather than throwing an exception.
host
- the host to connect toport
- the port to connect oncontext
- the context to determine access for
SecurityException
- if permission is denied, or if context is
not an AccessControlContext
NullPointerException
- if host is nullgetSecurityContext()
,
AccessControlContext.checkPermission(Permission)
public void checkListen(int port)
SocketPermission("localhost:" + (port == 0 ? "1024-" : "" + port),
"listen")
. If you override this, call
super.checkListen
rather than throwing an exception.
port
- the port to listen on
SecurityException
- if permission is deniedServerSocket.ServerSocket(int)
public void checkAccept(String host, int port)
SocketPermission(host + ":" + port, "accept")
. If you
override this, call super.checkAccept
rather than throwing
an exception.
host
- the host which wishes to connectport
- the port the connection will be on
SecurityException
- if permission is denied
NullPointerException
- if host is nullServerSocket.accept()
public void checkMulticast(InetAddress addr)
SocketPermission(addr.getHostAddress(), "accept,connect")
.
If you override this, call super.checkMulticast
rather than
throwing an exception.
addr
- the address to multicast to
SecurityException
- if permission is denied
NullPointerException
- if host is nullpublic void checkMulticast(InetAddress addr, byte ttl)
checkPermission(Permission)
instead
SocketPermission(addr.getHostAddress(), "accept,connect")
.
If you override this, call super.checkMulticast
rather than
throwing an exception.
addr
- the address to multicast tottl
- value in use for multicast send
SecurityException
- if permission is denied
NullPointerException
- if host is nullpublic void checkPropertiesAccess()
PropertyPermission("*", "read,write")
. If you override
this, call super.checkPropertiesAccess
rather than
throwing an exception.
SecurityException
- if permission is deniedSystem.getProperties()
,
System.setProperties(Properties)
public void checkPropertyAccess(String key)
PropertyPermission(key, "read")
. If
you override this, call super.checkPropertyAccess
rather
than throwing an exception.
key
- the key of the property to check
SecurityException
- if permission is denied
NullPointerException
- if key is null
IllegalArgumentException
- if key is ""System.getProperty(String)
public boolean checkTopLevelWindow(Object window)
AWTPermission("showWindowWithoutWarningBanner")
, and returns
true if no exception was thrown. If you override this, use
return super.checkTopLevelWindow
rather than returning
false.
window
- the window to create
NullPointerException
- if window is nullWindow.Window(java.awt.Frame)
public void checkPrintJobAccess()
RuntimePermission("queuePrintJob")
. If you override
this, call super.checkPrintJobAccess
rather than throwing
an exception.
SecurityException
- if permission is deniedToolkit.getPrintJob(java.awt.Frame, String, Properties)
public void checkSystemClipboardAccess()
AWTPermission("accessClipboard")
. If
you override this, call super.checkSystemClipboardAccess
rather than throwing an exception.
SecurityException
- if permission is deniedToolkit.getSystemClipboard()
public void checkAwtEventQueueAccess()
AWTPermission("accessEventQueue")
.
you override this, call super.checkAwtEventQueueAccess
rather than throwing an exception.
SecurityException
- if permission is deniedToolkit.getSystemEventQueue()
public void checkPackageAccess(String packageName)
Security.getProperty("package.access")
. Then,
if packageName starts with or equals any restricted package, it checks
RuntimePermission("accessClassInPackage." + packageName)
.
If you override this, you should call
super.checkPackageAccess
before doing anything else.
packageName
- the package name to check access to
SecurityException
- if permission is denied
NullPointerException
- if packageName is nullClassLoader.loadClass(String, boolean)
,
Security.getProperty(String)
public void checkPackageDefinition(String packageName)
Security.getProperty("package.definition")
. Then, if
packageName starts with or equals any restricted package, it checks
RuntimePermission("defineClassInPackage." + packageName)
.
If you override this, you should call
super.checkPackageDefinition
before doing anything else.
packageName
- the package name to check access to
SecurityException
- if permission is denied
NullPointerException
- if packageName is nullClassLoader.loadClass(String, boolean)
,
Security.getProperty(String)
public void checkSetFactory()
RuntimePermission("setFactory")
. If you override this, call
super.checkSetFactory
rather than throwing an exception.
SecurityException
- if permission is deniedSocket.setSocketImplFactory(SocketImplFactory)
,
ServerSocket.setSocketFactory(SocketImplFactory)
,
URL.setURLStreamHandlerFactory(URLStreamHandlerFactory)
public void checkMemberAccess(Class<?> c, int memberType)
RuntimePermission("accessDeclaredMembers")
. If you override
this, do not call super.checkMemberAccess
, as this would
mess up the stack depth check that determines the ClassLoader requesting
the access.
c
- the Class to checkmemberType
- either DECLARED or PUBLIC
SecurityException
- if permission is denied, including when
memberType is not DECLARED or PUBLIC
NullPointerException
- if c is nullClass
,
Member.DECLARED
,
Member.PUBLIC
public void checkSecurityAccess(String action)
SecurityPermission(action)
. If you
override this, call super.checkSecurityAccess
rather than
throwing an exception.
action
- the desired action to take
SecurityException
- if permission is denied
NullPointerException
- if action is null
IllegalArgumentException
- if action is ""public ThreadGroup getThreadGroup()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |