public class SecurityManager extends Object
The SecurityManager
class contains many methods with
names that begin with the word check
. These methods
are called by various methods in the Java libraries before those
methods perform certain potentially sensitive operations. The
invocation of such a check
method typically looks like this:
SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkXXX(argument, . . . ); }
The security manager is thereby given an opportunity to prevent
completion of the operation by throwing an exception. A security
manager routine simply returns if the operation is permitted, but
throws a SecurityException
if the operation is not
permitted.
The current security manager is obtained
by the getSecurityManager
method.
The special method
checkPermission(java.security.Permission)
determines whether an access request indicated by a specified
permission should be granted or denied. The
default implementation calls
AccessController.checkPermission(perm);
If a requested access is allowed,
checkPermission
returns quietly. If denied, a
SecurityException
is thrown.
As of Java 2 SDK v1.2, the default implementation of each of the other
check
methods in SecurityManager
is to
call the SecurityManager checkPermission
method
to determine if the calling thread has permission to perform the requested
operation.
Note that the checkPermission
method with
just a single permission argument always performs security checks
within the context of the currently executing thread.
Permissions fall into these categories: File, Socket, Net,
Security, Runtime, Property.
The classes managing these various
permission categories are java.io.FilePermission
,
java.lang.RuntimePermission
and
java.util.PropertyPermission
.
All but FilePermission are
subclasses of java.security.BasicPermission
, which itself
is an abstract subclass of the
top-level class for permissions, which is
java.security.Permission
. BasicPermission defines the
functionality needed for all permissions that contain a name
that follows the hierarchical property naming convention
(for example, "exitVM", "setFactory", "queuePrintJob", etc).
An asterisk
may appear at the end of the name, following a ".", or by itself, to
signify a wildcard match. For example: "a.*" or "*" is valid,
"*a" or "a*b" is not valid.
FilePermission is a subclass of the
top-level class for permissions
(java.security.Permission
). Classes like these
that have a more complicated name syntax than that used by
BasicPermission subclass directly from Permission rather than from
BasicPermission. For example,
for a java.io.FilePermission
object, the permission name is
the path name of a file (or directory).
Some of the permission classes have an "actions" list that tells
the actions that are permitted for the object. For example,
for a java.io.FilePermission
object, the actions list
(such as "read, write") specifies which actions are granted for the
specified file (or for files in the specified directory).
Other permission classes are for "named" permissions - ones that contain a name but no actions list; you either have the named permission or you don't.
SecurityException
,
getSecurityManager
,
AccessController
,
AccessControlException
,
Permission
,
BasicPermission
,
FilePermission
,
PropertyPermission
,
RuntimePermission
Constructor and Description |
---|
SecurityManager()
Constructs a new
SecurityManager . |
Modifier and Type | Method and Description |
---|---|
void |
checkAccept(String host,
int port)
Throws a
SecurityException if the
calling thread is not permitted to accept a socket connection from
the specified host and port number. |
void |
checkAccess(Thread t)
Throws a
SecurityException if the
calling thread is not allowed to modify the thread argument. |
void |
checkConnect(String host,
int port)
Throws a
SecurityException if the
calling thread is not allowed to open a socket connection to the
specified host and port number. |
void |
checkDelete(String file)
Throws a
SecurityException if the
calling thread is not allowed to delete the specified file. |
void |
checkExit(int status)
Throws a
SecurityException if the
calling thread is not allowed to cause the Java Virtual Machine to
halt with the specified status code. |
void |
checkListen(int port)
Throws a
SecurityException if the
calling thread is not allowed to wait for a connection request on
the specified local port number. |
void |
checkPermission(Permission perm)
Throws a
SecurityException if the requested
access, specified by the given permission, is not permitted based
on the security policy currently in effect. |
void |
checkPropertyAccess(String key)
Throws a
SecurityException if the
calling thread is not allowed to access the system property with
the specified key name. |
void |
checkRead(String file)
Throws a
SecurityException if the
calling thread is not allowed to read the file specified by the
string argument. |
void |
checkWrite(String file)
Throws a
SecurityException if the
calling thread is not allowed to write to the file specified by
the string argument. |
public SecurityManager()
SecurityManager
.
If there is a security manager already installed, this method first
calls the security manager's checkPermission
method
with the RuntimePermission("createSecurityManager")
permission to ensure the calling thread has permission to create a new
security manager.
This may result in throwing a SecurityException
.
SecurityException
- if a security manager already
exists and its checkPermission
method
doesn't allow creation of a new security manager.System.getSecurityManager()
,
checkPermission
,
RuntimePermission
public void checkAccept(String host, int port)
SecurityException
if the
calling thread is not permitted to accept a socket connection from
the specified host and port number.
If you override this method, then you should make a call to
super.checkAccept
at the point the overridden method would normally throw an
exception.
host
- the host name of the socket connection.port
- the port number of the socket connection.SecurityException
- if the calling thread does not have
permission to accept the connection.NullPointerException
- if the host
argument is
null
.checkPermission
public void checkAccess(Thread t)
SecurityException
if the
calling thread is not allowed to modify the thread argument.
This method is invoked for the current security manager by the
setPriority
and setName
methods of class Thread
.
Some CLDC implementations may designate threads not started or managed
by the application to be "system threads".
If the thread argument is a system thread then
this method calls checkPermission
with the
RuntimePermission("modifyThread")
permission.
If the thread argument is not a system thread,
this method just returns silently.
Applications that want a stricter policy should override this
method. If this method is overridden, the method that overrides
it should additionally check to see if the calling thread has the
RuntimePermission("modifyThread")
permission, and
if so, return silently. This is to ensure that code granted
that permission (such as the JDK itself) is allowed to
manipulate any thread.
If this method is overridden, then
super.checkAccess
should
be called by the first statement in the overridden method, or the
equivalent security check should be placed in the overridden method.
t
- the thread to be checked.SecurityException
- if the calling thread does not have
permission to modify the thread.NullPointerException
- if the thread argument is
null
.setName
,
setPriority
,
checkPermission
public void checkConnect(String host, int port)
SecurityException
if the
calling thread is not allowed to open a socket connection to the
specified host and port number.
A port number of -1
indicates that the calling
method is attempting to determine the IP address of the specified
host name.
If you override this method, then you should make a call to
super.checkConnect
at the point the overridden method would normally throw an
exception.
host
- the host name port to connect to.port
- the protocol port to connect to.SecurityException
- if the calling thread does not have
permission to open a socket connection to the specified
host
and port
.NullPointerException
- if the host
argument is
null
.checkPermission
public void checkDelete(String file)
SecurityException
if the
calling thread is not allowed to delete the specified file.
This method calls checkPermission
with the
FilePermission(file,"delete")
permission.
If you override this method, then you should make a call to
super.checkDelete
at the point the overridden method would normally throw an
exception.
file
- the system-dependent filename.SecurityException
- if the calling thread does not
have permission to delete the file.NullPointerException
- if the file
argument is
null
.checkPermission
public void checkExit(int status)
SecurityException
if the
calling thread is not allowed to cause the Java Virtual Machine to
halt with the specified status code.
This method is invoked for the current security manager by the
exit
method of class Runtime
. A status
of 0
indicates success; other values indicate various
errors.
This method calls checkPermission
with the
RuntimePermission("exitVM."+status)
permission.
If you override this method, then you should make a call to
super.checkExit
at the point the overridden method would normally throw an
exception.
status
- the exit status.SecurityException
- if the calling thread does not have
permission to halt the Java Virtual Machine with
the specified status.exit
,
checkPermission
public void checkListen(int port)
SecurityException
if the
calling thread is not allowed to wait for a connection request on
the specified local port number.
If you override this method, then you should make a call to
super.checkListen
at the point the overridden method would normally throw an
exception.
port
- the local port.SecurityException
- if the calling thread does not have
permission to listen on the specified port.checkPermission
public void checkPermission(Permission perm)
SecurityException
if the requested
access, specified by the given permission, is not permitted based
on the security policy currently in effect.
This method calls AccessController.checkPermission
with the given permission.
perm
- the requested permission.SecurityException
- if access is not permitted based on
the current security policy.NullPointerException
- if the permission argument is
null
.public void checkPropertyAccess(String key)
SecurityException
if the
calling thread is not allowed to access the system property with
the specified key
name.
This method is used by the getProperty
method of
class System
.
This method calls checkPermission
with the
PropertyPermission(key, "read")
permission.
If you override this method, then you should make a call to
super.checkPropertyAccess
at the point the overridden method would normally throw an
exception.
key
- a system property key.SecurityException
- if the calling thread does not have
permission to access the specified system property.NullPointerException
- if the key
argument is
null
.IllegalArgumentException
- if key
is empty.System.getProperty(java.lang.String)
,
checkPermission
public void checkRead(String file)
SecurityException
if the
calling thread is not allowed to read the file specified by the
string argument.
This method calls checkPermission
with the
FilePermission(file,"read")
permission.
If you override this method, then you should make a call to
super.checkRead
at the point the overridden method would normally throw an
exception.
file
- the system-dependent file name.SecurityException
- if the calling thread does not have
permission to access the specified file.NullPointerException
- if the file
argument is
null
.checkPermission
public void checkWrite(String file)
SecurityException
if the
calling thread is not allowed to write to the file specified by
the string argument.
This method calls checkPermission
with the
FilePermission(file,"write")
permission.
If you override this method, then you should make a call to
super.checkWrite
at the point the overridden method would normally throw an
exception.
file
- the system-dependent filename.SecurityException
- if the calling thread does not
have permission to access the specified file.NullPointerException
- if the file
argument is
null
.checkPermission
Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. Use of this specification is subject to license terms.