public class SecurityManager extends Object
The SecurityManager class contains many methods with names that begin with the word
check. These methods are called by various methods in the Java libraries before
those methods perform certain potentially sensitive operations. The invocation of such a
check method typically looks like this:
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkXXX(argument, . . . );
}
The security manager is thereby given an opportunity to prevent completion of the operation by
throwing an exception. A security manager routine simply returns if the operation is permitted,
but throws a SecurityException if the operation is not permitted. The only exception
to this convention is checkTopLevelWindow, which returns a boolean
value.
The current security manager is set by the setSecurityManager method in class
System. The current security manager is obtained by the
getSecurityManager method.
The special method checkPermission(java.security.Permission) determines
whether an access request indicated by a specified permission should be granted or denied.
If a requested access is allowed, checkPermission returns quietly. If denied, a
SecurityException is thrown.
As of Java 2 SDK v1.2, the default implementation of each of the other check methods
in SecurityManager is to call the SecurityManager checkPermission
method to determine if the calling thread has permission to perform the requested operation.
Note that the checkPermission method with just a single permission argument always
performs security checks within the context of the currently executing thread.
Permissions fall into these categories: Runtime and Property. The classes managing these various
permission categories are java.lang.RuntimePermission,
java.util.PropertyPermission,
Some of the permission classes have an "actions" list that tells the actions that are permitted for the object.
Other permission classes are for "named" permissions - ones that contain a name but no actions list; you either have the named permission or you don't.
See Permissions in the JDK
for permission-related information. This document includes, for example, a table listing the
various SecurityManager check methods and the permission(s) the default
implementation of each such method requires. It also contains a table of all the version 1.2
methods that require permissions, and for each such method tells which permission it requires.
For more information about SecurityManager changes made in the JDK and advice
regarding porting of 1.1-style security managers, see the
security documentation.
| Constructor and Description |
|---|
SecurityManager()
Constructs a new
SecurityManager. |
| Modifier and Type | Method and Description |
|---|---|
void |
checkAccess(Thread t)
Throws a
SecurityException if the calling thread is not allowed to modify the thread
argument. |
void |
checkPermission(Permission perm)
Throws a
SecurityException if the requested access, specified by the given
permission, is not permitted based on the security policy currently in effect. |
public SecurityManager()
SecurityManager.
If there is a security manager already installed, this method first calls the security manager's
checkPermission method with the
RuntimePermission("createSecurityManager") permission to ensure the calling thread
has permission to create a new security manager. This may result in throwing a
SecurityException.
SecurityException - if a security manager already exists and its checkPermission method
doesn't allow creation of a new security manager.System.getSecurityManager(),
checkPermission,
RuntimePermissionpublic void checkAccess(Thread t)
SecurityException if the calling thread is not allowed to modify the thread
argument.
This method is invoked for the current security manager by the setPriority and
setName methods of class Thread.
If the thread argument is a system thread then this method calls checkPermission
with the RuntimePermission("modifyThread") permission. If the thread argument is
not a system thread, this method just returns silently.
Applications that want a stricter policy should override this method. If this method is
overridden, the method that overrides it should additionally check to see if the calling thread
has the RuntimePermission("modifyThread") permission, and if so, return silently.
This is to ensure that code granted that permission is allowed to manipulate any thread.
If this method is overridden, then super.checkAccess should be called by the first
statement in the overridden method, or the equivalent security check should be placed in the
overridden method.
t - the thread to be checked.SecurityException - if the calling thread does not have permission to modify the thread.NullPointerException - if the thread argument is null.setName,
setPriority,
checkPermissionpublic void checkPermission(Permission perm)
SecurityException if the requested access, specified by the given
permission, is not permitted based on the security policy currently in effect.
perm - the requested permission.SecurityException - if access is not permitted based on the current security policy.NullPointerException - if the permission argument is null.