Prev Class | Next Class | Frames | No Frames |
Summary: Nested | Field | Method | Constr | Detail: Nested | Field | Method | Constr |
java.lang.Object
java.lang.SecurityManager
public class SecurityManager
extends Object
SecurityException
if the
action is forbidden.
A typical check is as follows, just before the dangerous operation:SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkABC(argument, ...);Note that this is thread-safe, by caching the security manager in a local variable rather than risking a NullPointerException if the mangager is changed between the check for null and before the permission check. The special method
checkPermission
is a catchall, and
the default implementation calls
AccessController.checkPermission
. In fact, all the other
methods default to calling checkPermission.
Sometimes, the security check needs to happen from a different context,
such as when called from a worker thread. In such cases, use
getSecurityContext
to take a snapshot that can be passed
to the worker thread:Object context = null; SecurityManager sm = System.getSecurityManager(); if (sm != null) context = sm.getSecurityContext(); // defaults to an AccessControlContext // now, in worker thread if (sm != null) sm.checkPermission(permission, context);Permissions fall into these categories: File, Socket, Net, Security, Runtime, Property, AWT, Reflect, and Serializable. Each of these permissions have a property naming convention, that follows a hierarchical naming convention, to make it easy to grant or deny several permissions at once. Some permissions also take a list of permitted actions, such as "read" or "write", to fine-tune control even more. The permission
java.security.AllPermission
grants all permissions.
The default methods in this class deny all things to all people. You
must explicitly grant permission for anything you want to be legal when
subclassing this class.
ClassLoader
, SecurityException
, checkTopLevelWindow(Object)
, System.getSecurityManager()
, System.setSecurityManager(SecurityManager)
, AccessController
, AccessControlContext
, AccessControlException
, Permission
, BasicPermission
, FilePermission
, SocketPermission
, PropertyPermission
, RuntimePermission
, AWTPermission
, Policy
, SecurityPermission
, ProtectionDomain
Field Summary | |
protected boolean |
|
Constructor Summary | |
|
Method Summary | |
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void | |
void |
|
void | |
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void | |
void | |
void |
|
void |
|
void |
|
boolean |
|
void |
|
void |
|
protected int |
|
protected int |
|
protected ClassLoader |
|
protected Class> |
|
protected Class<T>[] |
|
boolean |
|
Object |
|
ThreadGroup |
|
protected boolean |
|
protected boolean |
|
Methods inherited from class java.lang.Object | |
clone , equals , extends Object> getClass , finalize , hashCode , notify , notifyAll , toString , wait , wait , wait |
protected boolean inCheck
Deprecated. Use
checkPermission(Permission)
instead.Tells whether or not the SecurityManager is currently performing a security check.
public SecurityManager()
Construct a new security manager. There may be a security check, ofRuntimePermission("createSecurityManager")
.
- Throws:
SecurityException
- if permission is denied
public void checkAccept(String host, int port)
Check if the current thread is allowed to accept a connection from a particular host on a particular port. This method is called by ServerSocket.implAccept(). The default implementation checksSocketPermission(host + ":" + port, "accept")
. If you override this, callsuper.checkAccept
rather than throwing an exception.
- Parameters:
host
- the host which wishes to connectport
- the port the connection will be on
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if host is null
- See Also:
ServerSocket.accept()
public void checkAccess(Thread thread)
Check if the current thread is allowed to modify another Thread. This is called by Thread.stop(), suspend(), resume(), interrupt(), destroy(), setPriority(), setName(), and setDaemon(). The default implementation checksRuntimePermission("modifyThread")
on system threads (ie. threads in ThreadGroup with a null parent), and returns silently on other threads. If you override this, you must do two things. First, callsuper.checkAccess(t)
, to make sure you are not relaxing requirements. Second, if the calling thread hasRuntimePermission("modifyThread")
, return silently, so that core classes (the Classpath library!) can modify any thread.
- Parameters:
thread
- the other Thread to check
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if thread is null
public void checkAccess(ThreadGroup g)
Check if the current thread is allowed to modify a ThreadGroup. This is called by Thread.Thread() (to add a thread to the ThreadGroup), ThreadGroup.ThreadGroup() (to add this ThreadGroup to a parent), ThreadGroup.stop(), suspend(), resume(), interrupt(), destroy(), setDaemon(), and setMaxPriority(). The default implementation checksRuntimePermission("modifyThread")
on the system group (ie. the one with a null parent), and returns silently on other groups. If you override this, you must do two things. First, callsuper.checkAccess(t)
, to make sure you are not relaxing requirements. Second, if the calling thread hasRuntimePermission("modifyThreadGroup")
, return silently, so that core classes (the Classpath library!) can modify any thread.
- Parameters:
g
- the ThreadGroup to check
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if g is null
public void checkAwtEventQueueAccess()
Check if the current thread is allowed to use the AWT event queue. This method is called by Toolkit.getSystemEventQueue(). The default implementation checksAWTPermission("accessEventQueue")
. you override this, callsuper.checkAwtEventQueueAccess
rather than throwing an exception.
- Throws:
SecurityException
- if permission is denied
- Since:
- 1.1
- See Also:
Toolkit.getSystemEventQueue()
public void checkConnect(String host, int port)
Check if the current thread is allowed to connect to a given host on a given port. This method is called from Socket.Socket(). A port number of -1 indicates the caller is attempting to determine an IP address, so the default implementation checksSocketPermission(host, "resolve")
. Otherwise, the default implementation checksSocketPermission(host + ":" + port, "connect")
. If you override this, callsuper.checkConnect
rather than throwing an exception.
- Parameters:
host
- the host to connect toport
- the port to connect on
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if host is null
- See Also:
Socket.Socket()
public void checkConnect(String host, int port, Object context)
Check if the current thread is allowed to connect to a given host on a given port, using the given security context. The context must be a result of a previous call togetSecurityContext
. A port number of -1 indicates the caller is attempting to determine an IP address, so the default implementation checksAccessControlContext.checkPermission(new SocketPermission(host, "resolve"))
. Otherwise, the default implementation checksAccessControlContext.checkPermission(new SocketPermission(host + ":" + port, "connect"))
. If you override this, callsuper.checkConnect
rather than throwing an exception.
- Parameters:
host
- the host to connect toport
- the port to connect oncontext
- the context to determine access for
- Throws:
SecurityException
- if permission is denied, or if context is not an AccessControlContextNullPointerException
- if host is null
public void checkCreateClassLoader()
Check if the current thread is allowed to create a ClassLoader. This method is called from ClassLoader.ClassLoader(), and checksRuntimePermission("createClassLoader")
. If you override this, you should callsuper.checkCreateClassLoader()
rather than throwing an exception.
- Throws:
SecurityException
- if permission is denied
- See Also:
ClassLoader.ClassLoader()
public void checkDelete(String filename)
Check if the current thread is allowed to delete the given file. This method is called from File.delete(). The default implementation checksFilePermission(filename, "delete")
. If you override this, callsuper.checkDelete
rather than throwing an exception.
- Parameters:
filename
- the full name of the file to delete
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if filename is null
- See Also:
File.delete()
public void checkExec(String program)
Check if the current thread is allowed to execute the given program. This method is called from Runtime.exec(). If the name is an absolute path, the default implementation checksFilePermission(program, "execute")
, otherwise it checksFilePermission("<<ALL FILES>>", "execute")
. If you override this, callsuper.checkExec
rather than throwing an exception.
- Parameters:
program
- the name of the program to exec
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if program is null
- See Also:
Runtime.exec(String[],String[],File)
public void checkExit(int status)
Check if the current thread is allowed to exit the JVM with the given status. This method is called from Runtime.exit() and Runtime.halt(). The default implementation checksRuntimePermission("exitVM")
. If you override this, callsuper.checkExit
rather than throwing an exception.
- Parameters:
status
- the status to exit with
- Throws:
SecurityException
- if permission is denied
- See Also:
Runtime.exit(int)
,Runtime.halt(int)
public void checkLink(String filename)
Check if the current thread is allowed to link in the given native library. This method is called from Runtime.load() (and hence, by loadLibrary() as well). The default implementation checksRuntimePermission("loadLibrary." + filename)
. If you override this, callsuper.checkLink
rather than throwing an exception.
- Parameters:
filename
- the full name of the library to load
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if filename is null
- See Also:
Runtime.load(String)
public void checkListen(int port)
Check if the current thread is allowed to listen to a specific port for data. This method is called by ServerSocket.ServerSocket(). The default implementation checksSocketPermission("localhost:" + (port == 0 ? "1024-" : "" + port), "listen")
. If you override this, callsuper.checkListen
rather than throwing an exception.
- Parameters:
port
- the port to listen on
- Throws:
SecurityException
- if permission is denied
- See Also:
ServerSocket.ServerSocket(int)
public void checkMemberAccess(Class> c, int memberType)
Check if the current thread is allowed to get certain types of Methods, Fields and Constructors from a Class object. This method is called by Class.getMethod[s](), Class.getField[s](), Class.getConstructor[s], Class.getDeclaredMethod[s](), Class.getDeclaredField[s](), and Class.getDeclaredConstructor[s](). The default implementation allows PUBLIC access, and access to classes defined by the same classloader as the code performing the reflection. Otherwise, it checksRuntimePermission("accessDeclaredMembers")
. If you override this, do not callsuper.checkMemberAccess
, as this would mess up the stack depth check that determines the ClassLoader requesting the access.
- Parameters:
c
- the Class to checkmemberType
- either DECLARED or PUBLIC
- Throws:
SecurityException
- if permission is denied, including when memberType is not DECLARED or PUBLICNullPointerException
- if c is null
- Since:
- 1.1
- See Also:
Class
,Member.DECLARED
,Member.PUBLIC
public void checkMulticast(InetAddress addr)
Check if the current thread is allowed to read and write multicast to a particular address. The default implementation checksSocketPermission(addr.getHostAddress(), "accept,connect")
. If you override this, callsuper.checkMulticast
rather than throwing an exception.
- Parameters:
addr
- the address to multicast to
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if host is null
- Since:
- 1.1
public void checkMulticast(InetAddress addr, byte ttl)
Deprecated. use
checkPermission(Permission)
insteadCheck if the current thread is allowed to read and write multicast to a particular address with a particular ttl (time-to-live) value. The default implementation ignores ttl, and checksSocketPermission(addr.getHostAddress(), "accept,connect")
. If you override this, callsuper.checkMulticast
rather than throwing an exception.
- Parameters:
addr
- the address to multicast tottl
- value in use for multicast send
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if host is null
- Since:
- 1.1
public void checkPackageAccess(String packageName)
Check if the current thread is allowed to access the specified package at all. This method is called by ClassLoader.loadClass() in user-created ClassLoaders. The default implementation gets a list of all restricted packages, viaSecurity.getProperty("package.access")
. Then, if packageName starts with or equals any restricted package, it checksRuntimePermission("accessClassInPackage." + packageName)
. If you override this, you should callsuper.checkPackageAccess
before doing anything else.
- Parameters:
packageName
- the package name to check access to
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if packageName is null
public void checkPackageDefinition(String packageName)
Check if the current thread is allowed to define a class into the specified package. This method is called by ClassLoader.loadClass() in user-created ClassLoaders. The default implementation gets a list of all restricted packages, viaSecurity.getProperty("package.definition")
. Then, if packageName starts with or equals any restricted package, it checksRuntimePermission("defineClassInPackage." + packageName)
. If you override this, you should callsuper.checkPackageDefinition
before doing anything else.
- Parameters:
packageName
- the package name to check access to
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if packageName is null
public void checkPermission(Permission perm)
Check if the current thread is allowed to perform an operation that requires the specifiedPermission
. This defaults toAccessController.checkPermission
.
- Parameters:
perm
- thePermission
required
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if perm is null
- Since:
- 1.2
public void checkPermission(Permission perm, Object context)
Check if the current thread is allowed to perform an operation that requires the specifiedPermission
. This is done in a context previously returned bygetSecurityContext()
. The default implementation expects context to be an AccessControlContext, and it callsAccessControlContext.checkPermission(perm)
.
- Parameters:
perm
- thePermission
requiredcontext
- a security context
- Throws:
SecurityException
- if permission is denied, or if context is not an AccessControlContextNullPointerException
- if perm is null
- Since:
- 1.2
public void checkPrintJobAccess()
Check if the current thread is allowed to create a print job. This method is called by Toolkit.getPrintJob(). The default implementation checksRuntimePermission("queuePrintJob")
. If you override this, callsuper.checkPrintJobAccess
rather than throwing an exception.
- Throws:
SecurityException
- if permission is denied
- Since:
- 1.1
public void checkPropertiesAccess()
Check if the current thread is allowed to read or write all the system properties at once. This method is called by System.getProperties() and setProperties(). The default implementation checksPropertyPermission("*", "read,write")
. If you override this, callsuper.checkPropertiesAccess
rather than throwing an exception.
- Throws:
SecurityException
- if permission is denied
public void checkPropertyAccess(String key)
Check if the current thread is allowed to read a particular system property (writes are checked directly via checkPermission). This method is called by System.getProperty() and setProperty(). The default implementation checksPropertyPermission(key, "read")
. If you override this, callsuper.checkPropertyAccess
rather than throwing an exception.
- Parameters:
key
- the key of the property to check
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if key is nullIllegalArgumentException
- if key is ""
- See Also:
System.getProperty(String)
public void checkRead(FileDescriptor desc)
Check if the current thread is allowed to read the given file using the FileDescriptor. This method is called from FileInputStream.FileInputStream(). The default implementation checksRuntimePermission("readFileDescriptor")
. If you override this, callsuper.checkRead
rather than throwing an exception.
- Parameters:
desc
- the FileDescriptor representing the file to access
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if desc is null
public void checkRead(String filename)
Check if the current thread is allowed to read the given file. This method is called from FileInputStream.FileInputStream(), RandomAccessFile.RandomAccessFile(), File.exists(), canRead(), isFile(), isDirectory(), lastModified(), length() and list(). The default implementation checksFilePermission(filename, "read")
. If you override this, callsuper.checkRead
rather than throwing an exception.
- Parameters:
filename
- the full name of the file to access
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if filename is null
public void checkRead(String filename, Object context)
Check if the current thread is allowed to read the given file. using the given security context. The context must be a result of a previous call togetSecurityContext()
. The default implementation checksAccessControlContext.checkPermission(new FilePermission(filename, "read"))
. If you override this, callsuper.checkRead
rather than throwing an exception.
- Parameters:
filename
- the full name of the file to accesscontext
- the context to determine access for
- Throws:
SecurityException
- if permission is denied, or if context is not an AccessControlContextNullPointerException
- if filename is null
public void checkSecurityAccess(String action)
Test whether a particular security action may be taken. The default implementation checksSecurityPermission(action)
. If you override this, callsuper.checkSecurityAccess
rather than throwing an exception.
- Parameters:
action
- the desired action to take
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if action is nullIllegalArgumentException
- if action is ""
- Since:
- 1.1
public void checkSetFactory()
Check if the current thread is allowed to set the current socket factory. This method is called by Socket.setSocketImplFactory(), ServerSocket.setSocketFactory(), and URL.setURLStreamHandlerFactory(). The default implementation checksRuntimePermission("setFactory")
. If you override this, callsuper.checkSetFactory
rather than throwing an exception.
- Throws:
SecurityException
- if permission is denied
public void checkSystemClipboardAccess()
Check if the current thread is allowed to use the system clipboard. This method is called by Toolkit.getSystemClipboard(). The default implementation checksAWTPermission("accessClipboard")
. If you override this, callsuper.checkSystemClipboardAccess
rather than throwing an exception.
- Throws:
SecurityException
- if permission is denied
- Since:
- 1.1
- See Also:
Toolkit.getSystemClipboard()
public boolean checkTopLevelWindow(Object window)
Check if the current thread is allowed to create a top-level window. If it is not, the operation should still go through, but some sort of nonremovable warning should be placed on the window to show that it is untrusted. This method is called by Window.Window(). The default implementation checksAWTPermission("showWindowWithoutWarningBanner")
, and returns true if no exception was thrown. If you override this, usereturn super.checkTopLevelWindow
rather than returning false.
- Parameters:
window
- the window to create
- Returns:
- true if there is permission to show the window without warning
- Throws:
NullPointerException
- if window is null
- See Also:
Window.Window(Frame)
public void checkWrite(FileDescriptor desc)
Check if the current thread is allowed to write the given file using the FileDescriptor. This method is called from FileOutputStream.FileOutputStream(). The default implementation checksRuntimePermission("writeFileDescriptor")
. If you override this, callsuper.checkWrite
rather than throwing an exception.
- Parameters:
desc
- the FileDescriptor representing the file to access
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if desc is null
public void checkWrite(String filename)
Check if the current thread is allowed to write the given file. This method is called from FileOutputStream.FileOutputStream(), RandomAccessFile.RandomAccessFile(), File.canWrite(), mkdir(), and renameTo(). The default implementation checksFilePermission(filename, "write")
. If you override this, callsuper.checkWrite
rather than throwing an exception.
- Parameters:
filename
- the full name of the file to access
- Throws:
SecurityException
- if permission is deniedNullPointerException
- if filename is null
protected int classDepth(String className)
Deprecated. use
checkPermission(Permission)
insteadGet the depth of a particular class on the execution stack.
- Parameters:
className
- the fully-qualified name to search for
- Returns:
- the index of the class on the stack, or -1
protected int classLoaderDepth()
Deprecated. use
checkPermission(Permission)
insteadGet the depth on the execution stack of the most recent non-system class. A non-system class is one whose ClassLoader is not equal toClassLoader.getSystemClassLoader()
or its ancestors. This will return -1 in three cases:
- All methods on the stack are from system classes
- All methods on the stack up to the first "privileged" caller, as created by
AccessController.doPrivileged(PrivilegedAction)
, are from system classes- A check of
java.security.AllPermission
succeeds.
- Returns:
- the index of the most recent non-system Class on the stack
protected ClassLoader currentClassLoader()
Deprecated. use
checkPermission(Permission)
insteadFind the ClassLoader of the first non-system class on the execution stack. A non-system class is one whose ClassLoader is not equal toClassLoader.getSystemClassLoader()
or its ancestors. This will return null in three cases:
- All methods on the stack are from system classes
- All methods on the stack up to the first "privileged" caller, as created by
AccessController.doPrivileged(PrivilegedAction)
, are from system classes- A check of
java.security.AllPermission
succeeds.
- Returns:
- the most recent non-system ClassLoader on the execution stack
protected Class> currentLoadedClass()
Deprecated. use
checkPermission(Permission)
insteadFind the first non-system class on the execution stack. A non-system class is one whose ClassLoader is not equal toClassLoader.getSystemClassLoader()
or its ancestors. This will return null in three cases:
- All methods on the stack are from system classes
- All methods on the stack up to the first "privileged" caller, as created by
AccessController.doPrivileged(PrivilegedAction)
, are from system classes- A check of
java.security.AllPermission
succeeds.
- Returns:
- the most recent non-system Class on the execution stack
protected Class<T>[] getClassContext()
Get a list of all the classes currently executing methods on the Java stack. getClassContext()[0] is the currently executing method (ie. the class that CALLED getClassContext, not SecurityManager).
- Returns:
- an array of classes on the Java execution stack
public boolean getInCheck()
Deprecated. use
checkPermission(Permission)
insteadTells whether or not the SecurityManager is currently performing a security check.
- Returns:
- true if the SecurityManager is in a security check
- See Also:
inCheck
public Object getSecurityContext()
Get an implementation-dependent Object that contains enough information about the current environment to be able to perform standard security checks later. This is used by trusted methods that need to verify that their callers have sufficient access to perform certain operations. Currently the only methods that use this are checkRead() and checkConnect(). The default implementation returns anAccessControlContext
.
- Returns:
- a security context
public ThreadGroup getThreadGroup()
Get the ThreadGroup that a new Thread should belong to by default. Called by Thread.Thread(). The default implementation returns the current ThreadGroup of the current Thread. Spec Note: it is not clear whether the new Thread is guaranteed to pass the checkAccessThreadGroup() test when using this ThreadGroup, but I presume so.
- Returns:
- the ThreadGroup to put the new Thread into
- Since:
- 1.1
protected boolean inClass(String className)
Deprecated. use
checkPermission(Permission)
insteadTell whether the specified class is on the execution stack.
- Parameters:
className
- the fully-qualified name of the class to find
- Returns:
- whether the specified class is on the execution stack
protected boolean inClassLoader()
Deprecated. use
checkPermission(Permission)
insteadTell whether there is a class loaded with an explicit ClassLoader on the stack.
- Returns:
- whether a class with an explicit ClassLoader is on the stack