java.lang
public class SecurityManager extends Object
SecurityException
if the
action is forbidden.
A typical check is as follows, just before the dangerous operation:
SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkABC(argument, ...);Note that this is thread-safe, by caching the security manager in a local variable rather than risking a NullPointerException if the mangager is changed between the check for null and before the permission check.
The special method checkPermission
is a catchall, and
the default implementation calls
AccessController.checkPermission
. In fact, all the other
methods default to calling checkPermission.
Sometimes, the security check needs to happen from a different context,
such as when called from a worker thread. In such cases, use
getSecurityContext
to take a snapshot that can be passed
to the worker thread:
Object context = null; SecurityManager sm = System.getSecurityManager(); if (sm != null) context = sm.getSecurityContext(); // defaults to an AccessControlContext // now, in worker thread if (sm != null) sm.checkPermission(permission, context);
Permissions fall into these categories: File, Socket, Net, Security,
Runtime, Property, AWT, Reflect, and Serializable. Each of these
permissions have a property naming convention, that follows a hierarchical
naming convention, to make it easy to grant or deny several permissions
at once. Some permissions also take a list of permitted actions, such
as "read" or "write", to fine-tune control even more. The permission
java.security.AllPermission
grants all permissions.
The default methods in this class deny all things to all people. You must explicitly grant permission for anything you want to be legal when subclassing this class.
ClassLoader
,
SecurityException
,
checkTopLevelWindow(Object)
,
System.getSecurityManager()
,
System.setSecurityManager(SecurityManager)
,
AccessController
,
AccessControlContext
,
AccessControlException
,
Permission
,
BasicPermission
,
FilePermission
,
SocketPermission
,
PropertyPermission
,
RuntimePermission
,
AWTPermission
,
Policy
,
SecurityPermission
,
ProtectionDomain
Modifier and Type | Field and Description |
---|---|
protected boolean |
inCheck
Deprecated.
Use
checkPermission(Permission) instead. |
Constructor and Description |
---|
SecurityManager()
Construct a new security manager.
|
Modifier and Type | Method and Description |
---|---|
void |
checkAccept(String host,
int port)
Check if the current thread is allowed to accept a connection from a
particular host on a particular port.
|
void |
checkAccess(Thread thread)
Check if the current thread is allowed to modify another Thread.
|
void |
checkAccess(ThreadGroup g)
Check if the current thread is allowed to modify a ThreadGroup.
|
void |
checkAwtEventQueueAccess()
Check if the current thread is allowed to use the AWT event queue.
|
void |
checkConnect(String host,
int port)
Check if the current thread is allowed to connect to a given host on a
given port.
|
void |
checkConnect(String host,
int port,
Object context)
Check if the current thread is allowed to connect to a given host on a
given port, using the given security context.
|
void |
checkCreateClassLoader()
Check if the current thread is allowed to create a ClassLoader.
|
void |
checkDelete(String filename)
Check if the current thread is allowed to delete the given file.
|
void |
checkExec(String program)
Check if the current thread is allowed to execute the given program.
|
void |
checkExit(int status)
Check if the current thread is allowed to exit the JVM with the given
status.
|
void |
checkLink(String filename)
Check if the current thread is allowed to link in the given native
library.
|
void |
checkListen(int port)
Check if the current thread is allowed to listen to a specific port for
data.
|
void |
checkMemberAccess(Class<?> c,
int memberType)
Check if the current thread is allowed to get certain types of Methods,
Fields and Constructors from a Class object.
|
void |
checkMulticast(InetAddress addr)
Check if the current thread is allowed to read and write multicast to
a particular address.
|
void |
checkMulticast(InetAddress addr,
byte ttl)
Deprecated.
use
checkPermission(Permission) instead |
void |
checkPackageAccess(String packageName)
Check if the current thread is allowed to access the specified package
at all.
|
void |
checkPackageDefinition(String packageName)
Check if the current thread is allowed to define a class into the
specified package.
|
void |
checkPermission(Permission perm)
Check if the current thread is allowed to perform an operation that
requires the specified
Permission . |
void |
checkPermission(Permission perm,
Object context)
Check if the current thread is allowed to perform an operation that
requires the specified
Permission . |
void |
checkPrintJobAccess()
Check if the current thread is allowed to create a print job.
|
void |
checkPropertiesAccess()
Check if the current thread is allowed to read or write all the system
properties at once.
|
void |
checkPropertyAccess(String key)
Check if the current thread is allowed to read a particular system
property (writes are checked directly via checkPermission).
|
void |
checkRead(FileDescriptor desc)
Check if the current thread is allowed to read the given file using the
FileDescriptor.
|
void |
checkRead(String filename)
Check if the current thread is allowed to read the given file.
|
void |
checkRead(String filename,
Object context)
Check if the current thread is allowed to read the given file. using the
given security context.
|
void |
checkSecurityAccess(String action)
Test whether a particular security action may be taken.
|
void |
checkSetFactory()
Check if the current thread is allowed to set the current socket factory.
|
void |
checkSystemClipboardAccess()
Check if the current thread is allowed to use the system clipboard.
|
boolean |
checkTopLevelWindow(Object window)
Check if the current thread is allowed to create a top-level window.
|
void |
checkWrite(FileDescriptor desc)
Check if the current thread is allowed to write the given file using the
FileDescriptor.
|
void |
checkWrite(String filename)
Check if the current thread is allowed to write the given file.
|
protected int |
classDepth(String className)
Deprecated.
use
checkPermission(Permission) instead |
protected int |
classLoaderDepth()
Deprecated.
use
checkPermission(Permission) instead |
protected ClassLoader |
currentClassLoader()
Deprecated.
use
checkPermission(Permission) instead |
protected Class<?> |
currentLoadedClass()
Deprecated.
use
checkPermission(Permission) instead |
protected Class[] |
getClassContext()
Get a list of all the classes currently executing methods on the Java
stack.
|
boolean |
getInCheck()
Deprecated.
use
checkPermission(Permission) instead |
Object |
getSecurityContext()
Get an implementation-dependent Object that contains enough information
about the current environment to be able to perform standard security
checks later.
|
ThreadGroup |
getThreadGroup()
Get the ThreadGroup that a new Thread should belong to by default.
|
protected boolean |
inClass(String className)
Deprecated.
use
checkPermission(Permission) instead |
protected boolean |
inClassLoader()
Deprecated.
use
checkPermission(Permission) instead |
protected boolean inCheck
checkPermission(Permission)
instead.public SecurityManager()
RuntimePermission("createSecurityManager")
.SecurityException
- if permission is deniedpublic boolean getInCheck()
checkPermission(Permission)
insteadinCheck
protected Class[] getClassContext()
protected ClassLoader currentClassLoader()
checkPermission(Permission)
insteadClassLoader.getSystemClassLoader()
or its ancestors. This
will return null in three cases:
AccessController.doPrivileged(PrivilegedAction)
,
are from system classesjava.security.AllPermission
succeeds.protected Class<?> currentLoadedClass()
checkPermission(Permission)
insteadClassLoader.getSystemClassLoader()
or its ancestors. This
will return null in three cases:
AccessController.doPrivileged(PrivilegedAction)
,
are from system classesjava.security.AllPermission
succeeds.protected int classDepth(String className)
checkPermission(Permission)
insteadclassName
- the fully-qualified name to search forprotected int classLoaderDepth()
checkPermission(Permission)
insteadClassLoader.getSystemClassLoader()
or its ancestors. This
will return -1 in three cases:
AccessController.doPrivileged(PrivilegedAction)
,
are from system classesjava.security.AllPermission
succeeds.protected boolean inClass(String className)
checkPermission(Permission)
insteadclassName
- the fully-qualified name of the class to findprotected boolean inClassLoader()
checkPermission(Permission)
insteadpublic Object getSecurityContext()
Currently the only methods that use this are checkRead() and
checkConnect(). The default implementation returns an
AccessControlContext
.
checkConnect(String, int, Object)
,
checkRead(String, Object)
,
AccessControlContext
,
AccessController.getContext()
public void checkPermission(Permission perm)
Permission
. This defaults to
AccessController.checkPermission
.perm
- the Permission
requiredSecurityException
- if permission is deniedNullPointerException
- if perm is nullpublic void checkPermission(Permission perm, Object context)
Permission
. This is done in a
context previously returned by getSecurityContext()
. The
default implementation expects context to be an AccessControlContext,
and it calls AccessControlContext.checkPermission(perm)
.perm
- the Permission
requiredcontext
- a security contextSecurityException
- if permission is denied, or if context is
not an AccessControlContextNullPointerException
- if perm is nullgetSecurityContext()
,
AccessControlContext.checkPermission(Permission)
public void checkCreateClassLoader()
RuntimePermission("createClassLoader")
. If you override
this, you should call super.checkCreateClassLoader()
rather
than throwing an exception.SecurityException
- if permission is deniedClassLoader.ClassLoader()
public void checkAccess(Thread thread)
RuntimePermission("modifyThread")
on system threads
(ie. threads in ThreadGroup with a null parent), and returns silently on
other threads.
If you override this, you must do two things. First, call
super.checkAccess(t)
, to make sure you are not relaxing
requirements. Second, if the calling thread has
RuntimePermission("modifyThread")
, return silently, so that
core classes (the Classpath library!) can modify any thread.
thread
- the other Thread to checkSecurityException
- if permission is deniedNullPointerException
- if thread is nullThread.stop()
,
Thread.suspend()
,
Thread.resume()
,
Thread.setPriority(int)
,
Thread.setName(String)
,
Thread.setDaemon(boolean)
public void checkAccess(ThreadGroup g)
RuntimePermission("modifyThread")
on the system group
(ie. the one with a null parent), and returns silently on other groups.
If you override this, you must do two things. First, call
super.checkAccess(t)
, to make sure you are not relaxing
requirements. Second, if the calling thread has
RuntimePermission("modifyThreadGroup")
, return silently,
so that core classes (the Classpath library!) can modify any thread.
g
- the ThreadGroup to checkSecurityException
- if permission is deniedNullPointerException
- if g is nullThread.Thread()
,
ThreadGroup.ThreadGroup(String)
,
ThreadGroup.stop()
,
ThreadGroup.suspend()
,
ThreadGroup.resume()
,
ThreadGroup.interrupt()
,
ThreadGroup.setDaemon(boolean)
,
ThreadGroup.setMaxPriority(int)
public void checkExit(int status)
RuntimePermission("exitVM")
. If you override this, call
super.checkExit
rather than throwing an exception.status
- the status to exit withSecurityException
- if permission is deniedRuntime.exit(int)
,
Runtime.halt(int)
public void checkExec(String program)
FilePermission(program, "execute")
, otherwise it checks
FilePermission("<<ALL FILES>>", "execute")
. If
you override this, call super.checkExec
rather than
throwing an exception.program
- the name of the program to execSecurityException
- if permission is deniedNullPointerException
- if program is nullRuntime.exec(String[], String[], File)
public void checkLink(String filename)
RuntimePermission("loadLibrary." + filename)
. If you
override this, call super.checkLink
rather than throwing
an exception.filename
- the full name of the library to loadSecurityException
- if permission is deniedNullPointerException
- if filename is nullRuntime.load(String)
public void checkRead(FileDescriptor desc)
RuntimePermission("readFileDescriptor")
. If you override
this, call super.checkRead
rather than throwing an
exception.desc
- the FileDescriptor representing the file to accessSecurityException
- if permission is deniedNullPointerException
- if desc is nullFileInputStream.FileInputStream(FileDescriptor)
public void checkRead(String filename)
FilePermission(filename, "read")
. If
you override this, call super.checkRead
rather than
throwing an exception.filename
- the full name of the file to accessSecurityException
- if permission is deniedNullPointerException
- if filename is nullFile
,
FileInputStream.FileInputStream(String)
,
RandomAccessFile.RandomAccessFile(String, String)
public void checkRead(String filename, Object context)
getSecurityContext()
. The default implementation checks
AccessControlContext.checkPermission(new FilePermission(filename,
"read"))
. If you override this, call super.checkRead
rather than throwing an exception.filename
- the full name of the file to accesscontext
- the context to determine access forSecurityException
- if permission is denied, or if context is
not an AccessControlContextNullPointerException
- if filename is nullgetSecurityContext()
,
AccessControlContext.checkPermission(Permission)
public void checkWrite(FileDescriptor desc)
RuntimePermission("writeFileDescriptor")
. If you override
this, call super.checkWrite
rather than throwing an
exception.desc
- the FileDescriptor representing the file to accessSecurityException
- if permission is deniedNullPointerException
- if desc is nullFileOutputStream.FileOutputStream(FileDescriptor)
public void checkWrite(String filename)
FilePermission(filename, "write")
. If you override this,
call super.checkWrite
rather than throwing an exception.filename
- the full name of the file to accessSecurityException
- if permission is deniedNullPointerException
- if filename is nullFile
,
File.canWrite()
,
File.mkdir()
,
File.renameTo(File)
,
FileOutputStream.FileOutputStream(String)
,
RandomAccessFile.RandomAccessFile(String, String)
public void checkDelete(String filename)
FilePermission(filename, "delete")
. If you override this,
call super.checkDelete
rather than throwing an exception.filename
- the full name of the file to deleteSecurityException
- if permission is deniedNullPointerException
- if filename is nullFile.delete()
public void checkConnect(String host, int port)
SocketPermission(host, "resolve")
. Otherwise, the default
implementation checks
SocketPermission(host + ":" + port, "connect")
. If you
override this, call super.checkConnect
rather than throwing
an exception.host
- the host to connect toport
- the port to connect onSecurityException
- if permission is deniedNullPointerException
- if host is nullSocket.Socket()
public void checkConnect(String host, int port, Object context)
getSecurityContext
. A port
number of -1 indicates the caller is attempting to determine an IP
address, so the default implementation checks
AccessControlContext.checkPermission(new SocketPermission(host,
"resolve"))
. Otherwise, the default implementation checks
AccessControlContext.checkPermission(new SocketPermission(host
+ ":" + port, "connect"))
. If you override this, call
super.checkConnect
rather than throwing an exception.host
- the host to connect toport
- the port to connect oncontext
- the context to determine access forSecurityException
- if permission is denied, or if context is
not an AccessControlContextNullPointerException
- if host is nullgetSecurityContext()
,
AccessControlContext.checkPermission(Permission)
public void checkListen(int port)
SocketPermission("localhost:" + (port == 0 ? "1024-" : "" + port),
"listen")
. If you override this, call
super.checkListen
rather than throwing an exception.port
- the port to listen onSecurityException
- if permission is deniedServerSocket.ServerSocket(int)
public void checkAccept(String host, int port)
SocketPermission(host + ":" + port, "accept")
. If you
override this, call super.checkAccept
rather than throwing
an exception.host
- the host which wishes to connectport
- the port the connection will be onSecurityException
- if permission is deniedNullPointerException
- if host is nullServerSocket.accept()
public void checkMulticast(InetAddress addr)
SocketPermission(addr.getHostAddress(), "accept,connect")
.
If you override this, call super.checkMulticast
rather than
throwing an exception.addr
- the address to multicast toSecurityException
- if permission is deniedNullPointerException
- if host is nullpublic void checkMulticast(InetAddress addr, byte ttl)
checkPermission(Permission)
insteadSocketPermission(addr.getHostAddress(), "accept,connect")
.
If you override this, call super.checkMulticast
rather than
throwing an exception.addr
- the address to multicast tottl
- value in use for multicast sendSecurityException
- if permission is deniedNullPointerException
- if host is nullpublic void checkPropertiesAccess()
PropertyPermission("*", "read,write")
. If you override
this, call super.checkPropertiesAccess
rather than
throwing an exception.SecurityException
- if permission is deniedSystem.getProperties()
,
System.setProperties(Properties)
public void checkPropertyAccess(String key)
PropertyPermission(key, "read")
. If
you override this, call super.checkPropertyAccess
rather
than throwing an exception.key
- the key of the property to checkSecurityException
- if permission is deniedNullPointerException
- if key is nullIllegalArgumentException
- if key is ""System.getProperty(String)
public boolean checkTopLevelWindow(Object window)
AWTPermission("showWindowWithoutWarningBanner")
, and returns
true if no exception was thrown. If you override this, use
return super.checkTopLevelWindow
rather than returning
false.window
- the window to createNullPointerException
- if window is nullWindow.Window(java.awt.Frame)
public void checkPrintJobAccess()
RuntimePermission("queuePrintJob")
. If you override
this, call super.checkPrintJobAccess
rather than throwing
an exception.SecurityException
- if permission is deniedToolkit.getPrintJob(java.awt.Frame, String, Properties)
public void checkSystemClipboardAccess()
AWTPermission("accessClipboard")
. If
you override this, call super.checkSystemClipboardAccess
rather than throwing an exception.SecurityException
- if permission is deniedToolkit.getSystemClipboard()
public void checkAwtEventQueueAccess()
AWTPermission("accessEventQueue")
.
you override this, call super.checkAwtEventQueueAccess
rather than throwing an exception.SecurityException
- if permission is deniedToolkit.getSystemEventQueue()
public void checkPackageAccess(String packageName)
Security.getProperty("package.access")
. Then,
if packageName starts with or equals any restricted package, it checks
RuntimePermission("accessClassInPackage." + packageName)
.
If you override this, you should call
super.checkPackageAccess
before doing anything else.packageName
- the package name to check access toSecurityException
- if permission is deniedNullPointerException
- if packageName is nullClassLoader.loadClass(String, boolean)
,
Security.getProperty(String)
public void checkPackageDefinition(String packageName)
Security.getProperty("package.definition")
. Then, if
packageName starts with or equals any restricted package, it checks
RuntimePermission("defineClassInPackage." + packageName)
.
If you override this, you should call
super.checkPackageDefinition
before doing anything else.packageName
- the package name to check access toSecurityException
- if permission is deniedNullPointerException
- if packageName is nullClassLoader.loadClass(String, boolean)
,
Security.getProperty(String)
public void checkSetFactory()
RuntimePermission("setFactory")
. If you override this, call
super.checkSetFactory
rather than throwing an exception.SecurityException
- if permission is deniedSocket.setSocketImplFactory(SocketImplFactory)
,
ServerSocket.setSocketFactory(SocketImplFactory)
,
URL.setURLStreamHandlerFactory(URLStreamHandlerFactory)
public void checkMemberAccess(Class<?> c, int memberType)
RuntimePermission("accessDeclaredMembers")
. If you override
this, do not call super.checkMemberAccess
, as this would
mess up the stack depth check that determines the ClassLoader requesting
the access.c
- the Class to checkmemberType
- either DECLARED or PUBLICSecurityException
- if permission is denied, including when
memberType is not DECLARED or PUBLICNullPointerException
- if c is nullClass
,
Member.DECLARED
,
Member.PUBLIC
public void checkSecurityAccess(String action)
SecurityPermission(action)
. If you
override this, call super.checkSecurityAccess
rather than
throwing an exception.action
- the desired action to takeSecurityException
- if permission is deniedNullPointerException
- if action is nullIllegalArgumentException
- if action is ""public ThreadGroup getThreadGroup()