58 * sensitive operation, what the operation is and whether |
58 * sensitive operation, what the operation is and whether |
59 * it is being attempted in a security context that allows the |
59 * it is being attempted in a security context that allows the |
60 * operation to be performed. The |
60 * operation to be performed. The |
61 * application can allow or disallow the operation. |
61 * application can allow or disallow the operation. |
62 * <p> |
62 * <p> |
63 * The <code>SecurityManager</code> class contains many methods with |
63 * The {@code SecurityManager} class contains many methods with |
64 * names that begin with the word <code>check</code>. These methods |
64 * names that begin with the word {@code check}. These methods |
65 * are called by various methods in the Java libraries before those |
65 * are called by various methods in the Java libraries before those |
66 * methods perform certain potentially sensitive operations. The |
66 * methods perform certain potentially sensitive operations. The |
67 * invocation of such a <code>check</code> method typically looks like this: |
67 * invocation of such a {@code check} method typically looks like this: |
68 * <blockquote><pre> |
68 * <blockquote><pre> |
69 * SecurityManager security = System.getSecurityManager(); |
69 * SecurityManager security = System.getSecurityManager(); |
70 * if (security != null) { |
70 * if (security != null) { |
71 * security.check<i>XXX</i>(argument, . . . ); |
71 * security.check<i>XXX</i>(argument, . . . ); |
72 * } |
72 * } |
73 * </pre></blockquote> |
73 * </pre></blockquote> |
74 * <p> |
74 * <p> |
75 * The security manager is thereby given an opportunity to prevent |
75 * The security manager is thereby given an opportunity to prevent |
76 * completion of the operation by throwing an exception. A security |
76 * completion of the operation by throwing an exception. A security |
77 * manager routine simply returns if the operation is permitted, but |
77 * manager routine simply returns if the operation is permitted, but |
78 * throws a <code>SecurityException</code> if the operation is not |
78 * throws a {@code SecurityException} if the operation is not |
79 * permitted. |
79 * permitted. |
80 * <p> |
80 * <p> |
81 * Environments using a security manager will typically set the security |
81 * Environments using a security manager will typically set the security |
82 * manager at startup. In the JDK implementation, this is done by setting |
82 * manager at startup. In the JDK implementation, this is done by setting |
83 * the system property {@code java.security.manager} on the command line to |
83 * the system property {@code java.security.manager} on the command line to |
183 * AccessController.checkPermission(perm); |
183 * AccessController.checkPermission(perm); |
184 * </pre> |
184 * </pre> |
185 * |
185 * |
186 * <p> |
186 * <p> |
187 * If a requested access is allowed, |
187 * If a requested access is allowed, |
188 * <code>checkPermission</code> returns quietly. If denied, a |
188 * {@code checkPermission} returns quietly. If denied, a |
189 * <code>SecurityException</code> is thrown. |
189 * {@code SecurityException} is thrown. |
190 * <p> |
190 * <p> |
191 * The default implementation of each of the other |
191 * The default implementation of each of the other |
192 * <code>check</code> methods in <code>SecurityManager</code> is to |
192 * {@code check} methods in {@code SecurityManager} is to |
193 * call the <code>SecurityManager checkPermission</code> method |
193 * call the {@code SecurityManager checkPermission} method |
194 * to determine if the calling thread has permission to perform the requested |
194 * to determine if the calling thread has permission to perform the requested |
195 * operation. |
195 * operation. |
196 * <p> |
196 * <p> |
197 * Note that the <code>checkPermission</code> method with |
197 * Note that the {@code checkPermission} method with |
198 * just a single permission argument always performs security checks |
198 * just a single permission argument always performs security checks |
199 * within the context of the currently executing thread. |
199 * within the context of the currently executing thread. |
200 * Sometimes a security check that should be made within a given context |
200 * Sometimes a security check that should be made within a given context |
201 * will actually need to be done from within a |
201 * will actually need to be done from within a |
202 * <i>different</i> context (for example, from within a worker thread). |
202 * <i>different</i> context (for example, from within a worker thread). |
203 * The {@link SecurityManager#getSecurityContext getSecurityContext} method |
203 * The {@link SecurityManager#getSecurityContext getSecurityContext} method |
204 * and the {@link SecurityManager#checkPermission(java.security.Permission, |
204 * and the {@link SecurityManager#checkPermission(java.security.Permission, |
205 * java.lang.Object) checkPermission} |
205 * java.lang.Object) checkPermission} |
206 * method that includes a context argument are provided |
206 * method that includes a context argument are provided |
207 * for this situation. The |
207 * for this situation. The |
208 * <code>getSecurityContext</code> method returns a "snapshot" |
208 * {@code getSecurityContext} method returns a "snapshot" |
209 * of the current calling context. (The default implementation |
209 * of the current calling context. (The default implementation |
210 * returns an AccessControlContext object.) A sample call is |
210 * returns an AccessControlContext object.) A sample call is |
211 * the following: |
211 * the following: |
212 * |
212 * |
213 * <pre> |
213 * <pre> |
215 * SecurityManager sm = System.getSecurityManager(); |
215 * SecurityManager sm = System.getSecurityManager(); |
216 * if (sm != null) context = sm.getSecurityContext(); |
216 * if (sm != null) context = sm.getSecurityContext(); |
217 * </pre> |
217 * </pre> |
218 * |
218 * |
219 * <p> |
219 * <p> |
220 * The <code>checkPermission</code> method |
220 * The {@code checkPermission} method |
221 * that takes a context object in addition to a permission |
221 * that takes a context object in addition to a permission |
222 * makes access decisions based on that context, |
222 * makes access decisions based on that context, |
223 * rather than on that of the current execution thread. |
223 * rather than on that of the current execution thread. |
224 * Code within a different context can thus call that method, |
224 * Code within a different context can thus call that method, |
225 * passing the permission and the |
225 * passing the permission and the |
226 * previously-saved context object. A sample call, using the |
226 * previously-saved context object. A sample call, using the |
227 * SecurityManager <code>sm</code> obtained as in the previous example, |
227 * SecurityManager {@code sm} obtained as in the previous example, |
228 * is the following: |
228 * is the following: |
229 * |
229 * |
230 * <pre> |
230 * <pre> |
231 * if (sm != null) sm.checkPermission(permission, context); |
231 * if (sm != null) sm.checkPermission(permission, context); |
232 * </pre> |
232 * </pre> |
233 * |
233 * |
234 * <p>Permissions fall into these categories: File, Socket, Net, |
234 * <p>Permissions fall into these categories: File, Socket, Net, |
235 * Security, Runtime, Property, AWT, Reflect, and Serializable. |
235 * Security, Runtime, Property, AWT, Reflect, and Serializable. |
236 * The classes managing these various |
236 * The classes managing these various |
237 * permission categories are <code>java.io.FilePermission</code>, |
237 * permission categories are {@code java.io.FilePermission}, |
238 * <code>java.net.SocketPermission</code>, |
238 * {@code java.net.SocketPermission}, |
239 * <code>java.net.NetPermission</code>, |
239 * {@code java.net.NetPermission}, |
240 * <code>java.security.SecurityPermission</code>, |
240 * {@code java.security.SecurityPermission}, |
241 * <code>java.lang.RuntimePermission</code>, |
241 * {@code java.lang.RuntimePermission}, |
242 * <code>java.util.PropertyPermission</code>, |
242 * {@code java.util.PropertyPermission}, |
243 * <code>java.awt.AWTPermission</code>, |
243 * {@code java.awt.AWTPermission}, |
244 * <code>java.lang.reflect.ReflectPermission</code>, and |
244 * {@code java.lang.reflect.ReflectPermission}, and |
245 * <code>java.io.SerializablePermission</code>. |
245 * {@code java.io.SerializablePermission}. |
246 * |
246 * |
247 * <p>All but the first two (FilePermission and SocketPermission) are |
247 * <p>All but the first two (FilePermission and SocketPermission) are |
248 * subclasses of <code>java.security.BasicPermission</code>, which itself |
248 * subclasses of {@code java.security.BasicPermission}, which itself |
249 * is an abstract subclass of the |
249 * is an abstract subclass of the |
250 * top-level class for permissions, which is |
250 * top-level class for permissions, which is |
251 * <code>java.security.Permission</code>. BasicPermission defines the |
251 * {@code java.security.Permission}. BasicPermission defines the |
252 * functionality needed for all permissions that contain a name |
252 * functionality needed for all permissions that contain a name |
253 * that follows the hierarchical property naming convention |
253 * that follows the hierarchical property naming convention |
254 * (for example, "exitVM", "setFactory", "queuePrintJob", etc). |
254 * (for example, "exitVM", "setFactory", "queuePrintJob", etc). |
255 * An asterisk |
255 * An asterisk |
256 * may appear at the end of the name, following a ".", or by itself, to |
256 * may appear at the end of the name, following a ".", or by itself, to |
257 * signify a wildcard match. For example: "a.*" or "*" is valid, |
257 * signify a wildcard match. For example: "a.*" or "*" is valid, |
258 * "*a" or "a*b" is not valid. |
258 * "*a" or "a*b" is not valid. |
259 * |
259 * |
260 * <p>FilePermission and SocketPermission are subclasses of the |
260 * <p>FilePermission and SocketPermission are subclasses of the |
261 * top-level class for permissions |
261 * top-level class for permissions |
262 * (<code>java.security.Permission</code>). Classes like these |
262 * ({@code java.security.Permission}). Classes like these |
263 * that have a more complicated name syntax than that used by |
263 * that have a more complicated name syntax than that used by |
264 * BasicPermission subclass directly from Permission rather than from |
264 * BasicPermission subclass directly from Permission rather than from |
265 * BasicPermission. For example, |
265 * BasicPermission. For example, |
266 * for a <code>java.io.FilePermission</code> object, the permission name is |
266 * for a {@code java.io.FilePermission} object, the permission name is |
267 * the path name of a file (or directory). |
267 * the path name of a file (or directory). |
268 * |
268 * |
269 * <p>Some of the permission classes have an "actions" list that tells |
269 * <p>Some of the permission classes have an "actions" list that tells |
270 * the actions that are permitted for the object. For example, |
270 * the actions that are permitted for the object. For example, |
271 * for a <code>java.io.FilePermission</code> object, the actions list |
271 * for a {@code java.io.FilePermission} object, the actions list |
272 * (such as "read, write") specifies which actions are granted for the |
272 * (such as "read, write") specifies which actions are granted for the |
273 * specified file (or for files in the specified directory). |
273 * specified file (or for files in the specified directory). |
274 * |
274 * |
275 * <p>Other permission classes are for "named" permissions - |
275 * <p>Other permission classes are for "named" permissions - |
276 * ones that contain a name but no actions list; you either have the |
276 * ones that contain a name but no actions list; you either have the |
277 * named permission or you don't. |
277 * named permission or you don't. |
278 * |
278 * |
279 * <p>Note: There is also a <code>java.security.AllPermission</code> |
279 * <p>Note: There is also a {@code java.security.AllPermission} |
280 * permission that implies all permissions. It exists to simplify the work |
280 * permission that implies all permissions. It exists to simplify the work |
281 * of system administrators who might need to perform multiple |
281 * of system administrators who might need to perform multiple |
282 * tasks that require all (or numerous) permissions. |
282 * tasks that require all (or numerous) permissions. |
283 * <p> |
283 * <p> |
284 * See {@extLink security_guide_permissions |
284 * See {@extLink security_guide_permissions |
285 * Permissions in the Java Development Kit (JDK)} |
285 * Permissions in the Java Development Kit (JDK)} |
286 * for permission-related information. |
286 * for permission-related information. |
287 * This document includes a table listing the various SecurityManager |
287 * This document includes a table listing the various SecurityManager |
288 * <code>check</code> methods and the permission(s) the default |
288 * {@code check} methods and the permission(s) the default |
289 * implementation of each such method requires. |
289 * implementation of each such method requires. |
290 * It also contains a table of the methods |
290 * It also contains a table of the methods |
291 * that require permissions, and for each such method tells |
291 * that require permissions, and for each such method tells |
292 * which permission it requires. |
292 * which permission it requires. |
293 * |
293 * |
353 |
353 |
354 /** |
354 /** |
355 * Returns the current execution stack as an array of classes. |
355 * Returns the current execution stack as an array of classes. |
356 * <p> |
356 * <p> |
357 * The length of the array is the number of methods on the execution |
357 * The length of the array is the number of methods on the execution |
358 * stack. The element at index <code>0</code> is the class of the |
358 * stack. The element at index {@code 0} is the class of the |
359 * currently executing method, the element at index <code>1</code> is |
359 * currently executing method, the element at index {@code 1} is |
360 * the class of that method's caller, and so on. |
360 * the class of that method's caller, and so on. |
361 * |
361 * |
362 * @return the execution stack. |
362 * @return the execution stack. |
363 */ |
363 */ |
364 protected native Class<?>[] getClassContext(); |
364 protected native Class<?>[] getClassContext(); |
365 |
365 |
366 /** |
366 /** |
367 * Creates an object that encapsulates the current execution |
367 * Creates an object that encapsulates the current execution |
368 * environment. The result of this method is used, for example, by the |
368 * environment. The result of this method is used, for example, by the |
369 * three-argument <code>checkConnect</code> method and by the |
369 * three-argument {@code checkConnect} method and by the |
370 * two-argument <code>checkRead</code> method. |
370 * two-argument {@code checkRead} method. |
371 * These methods are needed because a trusted method may be called |
371 * These methods are needed because a trusted method may be called |
372 * on to read a file or open a socket on behalf of another method. |
372 * on to read a file or open a socket on behalf of another method. |
373 * The trusted method needs to determine if the other (possibly |
373 * The trusted method needs to determine if the other (possibly |
374 * untrusted) method would be allowed to perform the operation on its |
374 * untrusted) method would be allowed to perform the operation on its |
375 * own. |
375 * own. |
376 * <p> The default implementation of this method is to return |
376 * <p> The default implementation of this method is to return |
377 * an <code>AccessControlContext</code> object. |
377 * an {@code AccessControlContext} object. |
378 * |
378 * |
379 * @return an implementation-dependent object that encapsulates |
379 * @return an implementation-dependent object that encapsulates |
380 * sufficient information about the current execution environment |
380 * sufficient information about the current execution environment |
381 * to perform some security checks later. |
381 * to perform some security checks later. |
382 * @see java.lang.SecurityManager#checkConnect(java.lang.String, int, |
382 * @see java.lang.SecurityManager#checkConnect(java.lang.String, int, |
388 public Object getSecurityContext() { |
388 public Object getSecurityContext() { |
389 return AccessController.getContext(); |
389 return AccessController.getContext(); |
390 } |
390 } |
391 |
391 |
392 /** |
392 /** |
393 * Throws a <code>SecurityException</code> if the requested |
393 * Throws a {@code SecurityException} if the requested |
394 * access, specified by the given permission, is not permitted based |
394 * access, specified by the given permission, is not permitted based |
395 * on the security policy currently in effect. |
395 * on the security policy currently in effect. |
396 * <p> |
396 * <p> |
397 * This method calls <code>AccessController.checkPermission</code> |
397 * This method calls {@code AccessController.checkPermission} |
398 * with the given permission. |
398 * with the given permission. |
399 * |
399 * |
400 * @param perm the requested permission. |
400 * @param perm the requested permission. |
401 * @exception SecurityException if access is not permitted based on |
401 * @throws SecurityException if access is not permitted based on |
402 * the current security policy. |
402 * the current security policy. |
403 * @exception NullPointerException if the permission argument is |
403 * @throws NullPointerException if the permission argument is |
404 * <code>null</code>. |
404 * {@code null}. |
405 * @since 1.2 |
405 * @since 1.2 |
406 */ |
406 */ |
407 public void checkPermission(Permission perm) { |
407 public void checkPermission(Permission perm) { |
408 java.security.AccessController.checkPermission(perm); |
408 java.security.AccessController.checkPermission(perm); |
409 } |
409 } |
410 |
410 |
411 /** |
411 /** |
412 * Throws a <code>SecurityException</code> if the |
412 * Throws a {@code SecurityException} if the |
413 * specified security context is denied access to the resource |
413 * specified security context is denied access to the resource |
414 * specified by the given permission. |
414 * specified by the given permission. |
415 * The context must be a security |
415 * The context must be a security |
416 * context returned by a previous call to |
416 * context returned by a previous call to |
417 * <code>getSecurityContext</code> and the access control |
417 * {@code getSecurityContext} and the access control |
418 * decision is based upon the configured security policy for |
418 * decision is based upon the configured security policy for |
419 * that security context. |
419 * that security context. |
420 * <p> |
420 * <p> |
421 * If <code>context</code> is an instance of |
421 * If {@code context} is an instance of |
422 * <code>AccessControlContext</code> then the |
422 * {@code AccessControlContext} then the |
423 * <code>AccessControlContext.checkPermission</code> method is |
423 * {@code AccessControlContext.checkPermission} method is |
424 * invoked with the specified permission. |
424 * invoked with the specified permission. |
425 * <p> |
425 * <p> |
426 * If <code>context</code> is not an instance of |
426 * If {@code context} is not an instance of |
427 * <code>AccessControlContext</code> then a |
427 * {@code AccessControlContext} then a |
428 * <code>SecurityException</code> is thrown. |
428 * {@code SecurityException} is thrown. |
429 * |
429 * |
430 * @param perm the specified permission |
430 * @param perm the specified permission |
431 * @param context a system-dependent security context. |
431 * @param context a system-dependent security context. |
432 * @exception SecurityException if the specified security context |
432 * @throws SecurityException if the specified security context |
433 * is not an instance of <code>AccessControlContext</code> |
433 * is not an instance of {@code AccessControlContext} |
434 * (e.g., is <code>null</code>), or is denied access to the |
434 * (e.g., is {@code null}), or is denied access to the |
435 * resource specified by the given permission. |
435 * resource specified by the given permission. |
436 * @exception NullPointerException if the permission argument is |
436 * @throws NullPointerException if the permission argument is |
437 * <code>null</code>. |
437 * {@code null}. |
438 * @see java.lang.SecurityManager#getSecurityContext() |
438 * @see java.lang.SecurityManager#getSecurityContext() |
439 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
439 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
440 * @since 1.2 |
440 * @since 1.2 |
441 */ |
441 */ |
442 public void checkPermission(Permission perm, Object context) { |
442 public void checkPermission(Permission perm, Object context) { |
484 } |
484 } |
485 return root; |
485 return root; |
486 } |
486 } |
487 |
487 |
488 /** |
488 /** |
489 * Throws a <code>SecurityException</code> if the |
489 * Throws a {@code SecurityException} if the |
490 * calling thread is not allowed to modify the thread argument. |
490 * calling thread is not allowed to modify the thread argument. |
491 * <p> |
491 * <p> |
492 * This method is invoked for the current security manager by the |
492 * This method is invoked for the current security manager by the |
493 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, |
493 * {@code stop}, {@code suspend}, {@code resume}, |
494 * <code>setPriority</code>, <code>setName</code>, and |
494 * {@code setPriority}, {@code setName}, and |
495 * <code>setDaemon</code> methods of class <code>Thread</code>. |
495 * {@code setDaemon} methods of class {@code Thread}. |
496 * <p> |
496 * <p> |
497 * If the thread argument is a system thread (belongs to |
497 * If the thread argument is a system thread (belongs to |
498 * the thread group with a <code>null</code> parent) then |
498 * the thread group with a {@code null} parent) then |
499 * this method calls <code>checkPermission</code> with the |
499 * this method calls {@code checkPermission} with the |
500 * <code>RuntimePermission("modifyThread")</code> permission. |
500 * {@code RuntimePermission("modifyThread")} permission. |
501 * If the thread argument is <i>not</i> a system thread, |
501 * If the thread argument is <i>not</i> a system thread, |
502 * this method just returns silently. |
502 * this method just returns silently. |
503 * <p> |
503 * <p> |
504 * Applications that want a stricter policy should override this |
504 * Applications that want a stricter policy should override this |
505 * method. If this method is overridden, the method that overrides |
505 * method. If this method is overridden, the method that overrides |
506 * it should additionally check to see if the calling thread has the |
506 * it should additionally check to see if the calling thread has the |
507 * <code>RuntimePermission("modifyThread")</code> permission, and |
507 * {@code RuntimePermission("modifyThread")} permission, and |
508 * if so, return silently. This is to ensure that code granted |
508 * if so, return silently. This is to ensure that code granted |
509 * that permission (such as the JDK itself) is allowed to |
509 * that permission (such as the JDK itself) is allowed to |
510 * manipulate any thread. |
510 * manipulate any thread. |
511 * <p> |
511 * <p> |
512 * If this method is overridden, then |
512 * If this method is overridden, then |
513 * <code>super.checkAccess</code> should |
513 * {@code super.checkAccess} should |
514 * be called by the first statement in the overridden method, or the |
514 * be called by the first statement in the overridden method, or the |
515 * equivalent security check should be placed in the overridden method. |
515 * equivalent security check should be placed in the overridden method. |
516 * |
516 * |
517 * @param t the thread to be checked. |
517 * @param t the thread to be checked. |
518 * @exception SecurityException if the calling thread does not have |
518 * @throws SecurityException if the calling thread does not have |
519 * permission to modify the thread. |
519 * permission to modify the thread. |
520 * @exception NullPointerException if the thread argument is |
520 * @throws NullPointerException if the thread argument is |
521 * <code>null</code>. |
521 * {@code null}. |
522 * @see java.lang.Thread#resume() resume |
522 * @see java.lang.Thread#resume() resume |
523 * @see java.lang.Thread#setDaemon(boolean) setDaemon |
523 * @see java.lang.Thread#setDaemon(boolean) setDaemon |
524 * @see java.lang.Thread#setName(java.lang.String) setName |
524 * @see java.lang.Thread#setName(java.lang.String) setName |
525 * @see java.lang.Thread#setPriority(int) setPriority |
525 * @see java.lang.Thread#setPriority(int) setPriority |
526 * @see java.lang.Thread#stop() stop |
526 * @see java.lang.Thread#stop() stop |
536 } else { |
536 } else { |
537 // just return |
537 // just return |
538 } |
538 } |
539 } |
539 } |
540 /** |
540 /** |
541 * Throws a <code>SecurityException</code> if the |
541 * Throws a {@code SecurityException} if the |
542 * calling thread is not allowed to modify the thread group argument. |
542 * calling thread is not allowed to modify the thread group argument. |
543 * <p> |
543 * <p> |
544 * This method is invoked for the current security manager when a |
544 * This method is invoked for the current security manager when a |
545 * new child thread or child thread group is created, and by the |
545 * new child thread or child thread group is created, and by the |
546 * <code>setDaemon</code>, <code>setMaxPriority</code>, |
546 * {@code setDaemon}, {@code setMaxPriority}, |
547 * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and |
547 * {@code stop}, {@code suspend}, {@code resume}, and |
548 * <code>destroy</code> methods of class <code>ThreadGroup</code>. |
548 * {@code destroy} methods of class {@code ThreadGroup}. |
549 * <p> |
549 * <p> |
550 * If the thread group argument is the system thread group ( |
550 * If the thread group argument is the system thread group ( |
551 * has a <code>null</code> parent) then |
551 * has a {@code null} parent) then |
552 * this method calls <code>checkPermission</code> with the |
552 * this method calls {@code checkPermission} with the |
553 * <code>RuntimePermission("modifyThreadGroup")</code> permission. |
553 * {@code RuntimePermission("modifyThreadGroup")} permission. |
554 * If the thread group argument is <i>not</i> the system thread group, |
554 * If the thread group argument is <i>not</i> the system thread group, |
555 * this method just returns silently. |
555 * this method just returns silently. |
556 * <p> |
556 * <p> |
557 * Applications that want a stricter policy should override this |
557 * Applications that want a stricter policy should override this |
558 * method. If this method is overridden, the method that overrides |
558 * method. If this method is overridden, the method that overrides |
559 * it should additionally check to see if the calling thread has the |
559 * it should additionally check to see if the calling thread has the |
560 * <code>RuntimePermission("modifyThreadGroup")</code> permission, and |
560 * {@code RuntimePermission("modifyThreadGroup")} permission, and |
561 * if so, return silently. This is to ensure that code granted |
561 * if so, return silently. This is to ensure that code granted |
562 * that permission (such as the JDK itself) is allowed to |
562 * that permission (such as the JDK itself) is allowed to |
563 * manipulate any thread. |
563 * manipulate any thread. |
564 * <p> |
564 * <p> |
565 * If this method is overridden, then |
565 * If this method is overridden, then |
566 * <code>super.checkAccess</code> should |
566 * {@code super.checkAccess} should |
567 * be called by the first statement in the overridden method, or the |
567 * be called by the first statement in the overridden method, or the |
568 * equivalent security check should be placed in the overridden method. |
568 * equivalent security check should be placed in the overridden method. |
569 * |
569 * |
570 * @param g the thread group to be checked. |
570 * @param g the thread group to be checked. |
571 * @exception SecurityException if the calling thread does not have |
571 * @throws SecurityException if the calling thread does not have |
572 * permission to modify the thread group. |
572 * permission to modify the thread group. |
573 * @exception NullPointerException if the thread group argument is |
573 * @throws NullPointerException if the thread group argument is |
574 * <code>null</code>. |
574 * {@code null}. |
575 * @see java.lang.ThreadGroup#destroy() destroy |
575 * @see java.lang.ThreadGroup#destroy() destroy |
576 * @see java.lang.ThreadGroup#resume() resume |
576 * @see java.lang.ThreadGroup#resume() resume |
577 * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon |
577 * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon |
578 * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority |
578 * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority |
579 * @see java.lang.ThreadGroup#stop() stop |
579 * @see java.lang.ThreadGroup#stop() stop |
590 // just return |
590 // just return |
591 } |
591 } |
592 } |
592 } |
593 |
593 |
594 /** |
594 /** |
595 * Throws a <code>SecurityException</code> if the |
595 * Throws a {@code SecurityException} if the |
596 * calling thread is not allowed to cause the Java Virtual Machine to |
596 * calling thread is not allowed to cause the Java Virtual Machine to |
597 * halt with the specified status code. |
597 * halt with the specified status code. |
598 * <p> |
598 * <p> |
599 * This method is invoked for the current security manager by the |
599 * This method is invoked for the current security manager by the |
600 * <code>exit</code> method of class <code>Runtime</code>. A status |
600 * {@code exit} method of class {@code Runtime}. A status |
601 * of <code>0</code> indicates success; other values indicate various |
601 * of {@code 0} indicates success; other values indicate various |
602 * errors. |
602 * errors. |
603 * <p> |
603 * <p> |
604 * This method calls <code>checkPermission</code> with the |
604 * This method calls {@code checkPermission} with the |
605 * <code>RuntimePermission("exitVM."+status)</code> permission. |
605 * {@code RuntimePermission("exitVM."+status)} permission. |
606 * <p> |
606 * <p> |
607 * If you override this method, then you should make a call to |
607 * If you override this method, then you should make a call to |
608 * <code>super.checkExit</code> |
608 * {@code super.checkExit} |
609 * at the point the overridden method would normally throw an |
609 * at the point the overridden method would normally throw an |
610 * exception. |
610 * exception. |
611 * |
611 * |
612 * @param status the exit status. |
612 * @param status the exit status. |
613 * @exception SecurityException if the calling thread does not have |
613 * @throws SecurityException if the calling thread does not have |
614 * permission to halt the Java Virtual Machine with |
614 * permission to halt the Java Virtual Machine with |
615 * the specified status. |
615 * the specified status. |
616 * @see java.lang.Runtime#exit(int) exit |
616 * @see java.lang.Runtime#exit(int) exit |
617 * @see #checkPermission(java.security.Permission) checkPermission |
617 * @see #checkPermission(java.security.Permission) checkPermission |
618 */ |
618 */ |
619 public void checkExit(int status) { |
619 public void checkExit(int status) { |
620 checkPermission(new RuntimePermission("exitVM."+status)); |
620 checkPermission(new RuntimePermission("exitVM."+status)); |
621 } |
621 } |
622 |
622 |
623 /** |
623 /** |
624 * Throws a <code>SecurityException</code> if the |
624 * Throws a {@code SecurityException} if the |
625 * calling thread is not allowed to create a subprocess. |
625 * calling thread is not allowed to create a subprocess. |
626 * <p> |
626 * <p> |
627 * This method is invoked for the current security manager by the |
627 * This method is invoked for the current security manager by the |
628 * <code>exec</code> methods of class <code>Runtime</code>. |
628 * {@code exec} methods of class {@code Runtime}. |
629 * <p> |
629 * <p> |
630 * This method calls <code>checkPermission</code> with the |
630 * This method calls {@code checkPermission} with the |
631 * <code>FilePermission(cmd,"execute")</code> permission |
631 * {@code FilePermission(cmd,"execute")} permission |
632 * if cmd is an absolute path, otherwise it calls |
632 * if cmd is an absolute path, otherwise it calls |
633 * <code>checkPermission</code> with |
633 * {@code checkPermission} with |
634 * <code>FilePermission("<<ALL FILES>>","execute")</code>. |
634 * <code>FilePermission("<<ALL FILES>>","execute")</code>. |
635 * <p> |
635 * <p> |
636 * If you override this method, then you should make a call to |
636 * If you override this method, then you should make a call to |
637 * <code>super.checkExec</code> |
637 * {@code super.checkExec} |
638 * at the point the overridden method would normally throw an |
638 * at the point the overridden method would normally throw an |
639 * exception. |
639 * exception. |
640 * |
640 * |
641 * @param cmd the specified system command. |
641 * @param cmd the specified system command. |
642 * @exception SecurityException if the calling thread does not have |
642 * @throws SecurityException if the calling thread does not have |
643 * permission to create a subprocess. |
643 * permission to create a subprocess. |
644 * @exception NullPointerException if the <code>cmd</code> argument is |
644 * @throws NullPointerException if the {@code cmd} argument is |
645 * <code>null</code>. |
645 * {@code null}. |
646 * @see java.lang.Runtime#exec(java.lang.String) |
646 * @see java.lang.Runtime#exec(java.lang.String) |
647 * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[]) |
647 * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[]) |
648 * @see java.lang.Runtime#exec(java.lang.String[]) |
648 * @see java.lang.Runtime#exec(java.lang.String[]) |
649 * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[]) |
649 * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[]) |
650 * @see #checkPermission(java.security.Permission) checkPermission |
650 * @see #checkPermission(java.security.Permission) checkPermission |
659 SecurityConstants.FILE_EXECUTE_ACTION)); |
659 SecurityConstants.FILE_EXECUTE_ACTION)); |
660 } |
660 } |
661 } |
661 } |
662 |
662 |
663 /** |
663 /** |
664 * Throws a <code>SecurityException</code> if the |
664 * Throws a {@code SecurityException} if the |
665 * calling thread is not allowed to dynamic link the library code |
665 * calling thread is not allowed to dynamic link the library code |
666 * specified by the string argument file. The argument is either a |
666 * specified by the string argument file. The argument is either a |
667 * simple library name or a complete filename. |
667 * simple library name or a complete filename. |
668 * <p> |
668 * <p> |
669 * This method is invoked for the current security manager by |
669 * This method is invoked for the current security manager by |
670 * methods <code>load</code> and <code>loadLibrary</code> of class |
670 * methods {@code load} and {@code loadLibrary} of class |
671 * <code>Runtime</code>. |
671 * {@code Runtime}. |
672 * <p> |
672 * <p> |
673 * This method calls <code>checkPermission</code> with the |
673 * This method calls {@code checkPermission} with the |
674 * <code>RuntimePermission("loadLibrary."+lib)</code> permission. |
674 * {@code RuntimePermission("loadLibrary."+lib)} permission. |
675 * <p> |
675 * <p> |
676 * If you override this method, then you should make a call to |
676 * If you override this method, then you should make a call to |
677 * <code>super.checkLink</code> |
677 * {@code super.checkLink} |
678 * at the point the overridden method would normally throw an |
678 * at the point the overridden method would normally throw an |
679 * exception. |
679 * exception. |
680 * |
680 * |
681 * @param lib the name of the library. |
681 * @param lib the name of the library. |
682 * @exception SecurityException if the calling thread does not have |
682 * @throws SecurityException if the calling thread does not have |
683 * permission to dynamically link the library. |
683 * permission to dynamically link the library. |
684 * @exception NullPointerException if the <code>lib</code> argument is |
684 * @throws NullPointerException if the {@code lib} argument is |
685 * <code>null</code>. |
685 * {@code null}. |
686 * @see java.lang.Runtime#load(java.lang.String) |
686 * @see java.lang.Runtime#load(java.lang.String) |
687 * @see java.lang.Runtime#loadLibrary(java.lang.String) |
687 * @see java.lang.Runtime#loadLibrary(java.lang.String) |
688 * @see #checkPermission(java.security.Permission) checkPermission |
688 * @see #checkPermission(java.security.Permission) checkPermission |
689 */ |
689 */ |
690 public void checkLink(String lib) { |
690 public void checkLink(String lib) { |
722 } |
722 } |
723 checkPermission(new RuntimePermission("readFileDescriptor")); |
723 checkPermission(new RuntimePermission("readFileDescriptor")); |
724 } |
724 } |
725 |
725 |
726 /** |
726 /** |
727 * Throws a <code>SecurityException</code> if the |
727 * Throws a {@code SecurityException} if the |
728 * calling thread is not allowed to read the file specified by the |
728 * calling thread is not allowed to read the file specified by the |
729 * string argument. |
729 * string argument. |
730 * <p> |
730 * <p> |
731 * This method calls <code>checkPermission</code> with the |
731 * This method calls {@code checkPermission} with the |
732 * <code>FilePermission(file,"read")</code> permission. |
732 * {@code FilePermission(file,"read")} permission. |
733 * <p> |
733 * <p> |
734 * If you override this method, then you should make a call to |
734 * If you override this method, then you should make a call to |
735 * <code>super.checkRead</code> |
735 * {@code super.checkRead} |
736 * at the point the overridden method would normally throw an |
736 * at the point the overridden method would normally throw an |
737 * exception. |
737 * exception. |
738 * |
738 * |
739 * @param file the system-dependent file name. |
739 * @param file the system-dependent file name. |
740 * @exception SecurityException if the calling thread does not have |
740 * @throws SecurityException if the calling thread does not have |
741 * permission to access the specified file. |
741 * permission to access the specified file. |
742 * @exception NullPointerException if the <code>file</code> argument is |
742 * @throws NullPointerException if the {@code file} argument is |
743 * <code>null</code>. |
743 * {@code null}. |
744 * @see #checkPermission(java.security.Permission) checkPermission |
744 * @see #checkPermission(java.security.Permission) checkPermission |
745 */ |
745 */ |
746 public void checkRead(String file) { |
746 public void checkRead(String file) { |
747 checkPermission(new FilePermission(file, |
747 checkPermission(new FilePermission(file, |
748 SecurityConstants.FILE_READ_ACTION)); |
748 SecurityConstants.FILE_READ_ACTION)); |
749 } |
749 } |
750 |
750 |
751 /** |
751 /** |
752 * Throws a <code>SecurityException</code> if the |
752 * Throws a {@code SecurityException} if the |
753 * specified security context is not allowed to read the file |
753 * specified security context is not allowed to read the file |
754 * specified by the string argument. The context must be a security |
754 * specified by the string argument. The context must be a security |
755 * context returned by a previous call to |
755 * context returned by a previous call to |
756 * <code>getSecurityContext</code>. |
756 * {@code getSecurityContext}. |
757 * <p> If <code>context</code> is an instance of |
757 * <p> If {@code context} is an instance of |
758 * <code>AccessControlContext</code> then the |
758 * {@code AccessControlContext} then the |
759 * <code>AccessControlContext.checkPermission</code> method will |
759 * {@code AccessControlContext.checkPermission} method will |
760 * be invoked with the <code>FilePermission(file,"read")</code> permission. |
760 * be invoked with the {@code FilePermission(file,"read")} permission. |
761 * <p> If <code>context</code> is not an instance of |
761 * <p> If {@code context} is not an instance of |
762 * <code>AccessControlContext</code> then a |
762 * {@code AccessControlContext} then a |
763 * <code>SecurityException</code> is thrown. |
763 * {@code SecurityException} is thrown. |
764 * <p> |
764 * <p> |
765 * If you override this method, then you should make a call to |
765 * If you override this method, then you should make a call to |
766 * <code>super.checkRead</code> |
766 * {@code super.checkRead} |
767 * at the point the overridden method would normally throw an |
767 * at the point the overridden method would normally throw an |
768 * exception. |
768 * exception. |
769 * |
769 * |
770 * @param file the system-dependent filename. |
770 * @param file the system-dependent filename. |
771 * @param context a system-dependent security context. |
771 * @param context a system-dependent security context. |
772 * @exception SecurityException if the specified security context |
772 * @throws SecurityException if the specified security context |
773 * is not an instance of <code>AccessControlContext</code> |
773 * is not an instance of {@code AccessControlContext} |
774 * (e.g., is <code>null</code>), or does not have permission |
774 * (e.g., is {@code null}), or does not have permission |
775 * to read the specified file. |
775 * to read the specified file. |
776 * @exception NullPointerException if the <code>file</code> argument is |
776 * @throws NullPointerException if the {@code file} argument is |
777 * <code>null</code>. |
777 * {@code null}. |
778 * @see java.lang.SecurityManager#getSecurityContext() |
778 * @see java.lang.SecurityManager#getSecurityContext() |
779 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
779 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
780 */ |
780 */ |
781 public void checkRead(String file, Object context) { |
781 public void checkRead(String file, Object context) { |
782 checkPermission( |
782 checkPermission( |
783 new FilePermission(file, SecurityConstants.FILE_READ_ACTION), |
783 new FilePermission(file, SecurityConstants.FILE_READ_ACTION), |
784 context); |
784 context); |
785 } |
785 } |
786 |
786 |
787 /** |
787 /** |
788 * Throws a <code>SecurityException</code> if the |
788 * Throws a {@code SecurityException} if the |
789 * calling thread is not allowed to write to the specified file |
789 * calling thread is not allowed to write to the specified file |
790 * descriptor. |
790 * descriptor. |
791 * <p> |
791 * <p> |
792 * This method calls <code>checkPermission</code> with the |
792 * This method calls {@code checkPermission} with the |
793 * <code>RuntimePermission("writeFileDescriptor")</code> |
793 * {@code RuntimePermission("writeFileDescriptor")} |
794 * permission. |
794 * permission. |
795 * <p> |
795 * <p> |
796 * If you override this method, then you should make a call to |
796 * If you override this method, then you should make a call to |
797 * <code>super.checkWrite</code> |
797 * {@code super.checkWrite} |
798 * at the point the overridden method would normally throw an |
798 * at the point the overridden method would normally throw an |
799 * exception. |
799 * exception. |
800 * |
800 * |
801 * @param fd the system-dependent file descriptor. |
801 * @param fd the system-dependent file descriptor. |
802 * @exception SecurityException if the calling thread does not have |
802 * @throws SecurityException if the calling thread does not have |
803 * permission to access the specified file descriptor. |
803 * permission to access the specified file descriptor. |
804 * @exception NullPointerException if the file descriptor argument is |
804 * @throws NullPointerException if the file descriptor argument is |
805 * <code>null</code>. |
805 * {@code null}. |
806 * @see java.io.FileDescriptor |
806 * @see java.io.FileDescriptor |
807 * @see #checkPermission(java.security.Permission) checkPermission |
807 * @see #checkPermission(java.security.Permission) checkPermission |
808 */ |
808 */ |
809 public void checkWrite(FileDescriptor fd) { |
809 public void checkWrite(FileDescriptor fd) { |
810 if (fd == null) { |
810 if (fd == null) { |
813 checkPermission(new RuntimePermission("writeFileDescriptor")); |
813 checkPermission(new RuntimePermission("writeFileDescriptor")); |
814 |
814 |
815 } |
815 } |
816 |
816 |
817 /** |
817 /** |
818 * Throws a <code>SecurityException</code> if the |
818 * Throws a {@code SecurityException} if the |
819 * calling thread is not allowed to write to the file specified by |
819 * calling thread is not allowed to write to the file specified by |
820 * the string argument. |
820 * the string argument. |
821 * <p> |
821 * <p> |
822 * This method calls <code>checkPermission</code> with the |
822 * This method calls {@code checkPermission} with the |
823 * <code>FilePermission(file,"write")</code> permission. |
823 * {@code FilePermission(file,"write")} permission. |
824 * <p> |
824 * <p> |
825 * If you override this method, then you should make a call to |
825 * If you override this method, then you should make a call to |
826 * <code>super.checkWrite</code> |
826 * {@code super.checkWrite} |
827 * at the point the overridden method would normally throw an |
827 * at the point the overridden method would normally throw an |
828 * exception. |
828 * exception. |
829 * |
829 * |
830 * @param file the system-dependent filename. |
830 * @param file the system-dependent filename. |
831 * @exception SecurityException if the calling thread does not |
831 * @throws SecurityException if the calling thread does not |
832 * have permission to access the specified file. |
832 * have permission to access the specified file. |
833 * @exception NullPointerException if the <code>file</code> argument is |
833 * @throws NullPointerException if the {@code file} argument is |
834 * <code>null</code>. |
834 * {@code null}. |
835 * @see #checkPermission(java.security.Permission) checkPermission |
835 * @see #checkPermission(java.security.Permission) checkPermission |
836 */ |
836 */ |
837 public void checkWrite(String file) { |
837 public void checkWrite(String file) { |
838 checkPermission(new FilePermission(file, |
838 checkPermission(new FilePermission(file, |
839 SecurityConstants.FILE_WRITE_ACTION)); |
839 SecurityConstants.FILE_WRITE_ACTION)); |
840 } |
840 } |
841 |
841 |
842 /** |
842 /** |
843 * Throws a <code>SecurityException</code> if the |
843 * Throws a {@code SecurityException} if the |
844 * calling thread is not allowed to delete the specified file. |
844 * calling thread is not allowed to delete the specified file. |
845 * <p> |
845 * <p> |
846 * This method is invoked for the current security manager by the |
846 * This method is invoked for the current security manager by the |
847 * <code>delete</code> method of class <code>File</code>. |
847 * {@code delete} method of class {@code File}. |
848 * <p> |
848 * <p> |
849 * This method calls <code>checkPermission</code> with the |
849 * This method calls {@code checkPermission} with the |
850 * <code>FilePermission(file,"delete")</code> permission. |
850 * {@code FilePermission(file,"delete")} permission. |
851 * <p> |
851 * <p> |
852 * If you override this method, then you should make a call to |
852 * If you override this method, then you should make a call to |
853 * <code>super.checkDelete</code> |
853 * {@code super.checkDelete} |
854 * at the point the overridden method would normally throw an |
854 * at the point the overridden method would normally throw an |
855 * exception. |
855 * exception. |
856 * |
856 * |
857 * @param file the system-dependent filename. |
857 * @param file the system-dependent filename. |
858 * @exception SecurityException if the calling thread does not |
858 * @throws SecurityException if the calling thread does not |
859 * have permission to delete the file. |
859 * have permission to delete the file. |
860 * @exception NullPointerException if the <code>file</code> argument is |
860 * @throws NullPointerException if the {@code file} argument is |
861 * <code>null</code>. |
861 * {@code null}. |
862 * @see java.io.File#delete() |
862 * @see java.io.File#delete() |
863 * @see #checkPermission(java.security.Permission) checkPermission |
863 * @see #checkPermission(java.security.Permission) checkPermission |
864 */ |
864 */ |
865 public void checkDelete(String file) { |
865 public void checkDelete(String file) { |
866 checkPermission(new FilePermission(file, |
866 checkPermission(new FilePermission(file, |
867 SecurityConstants.FILE_DELETE_ACTION)); |
867 SecurityConstants.FILE_DELETE_ACTION)); |
868 } |
868 } |
869 |
869 |
870 /** |
870 /** |
871 * Throws a <code>SecurityException</code> if the |
871 * Throws a {@code SecurityException} if the |
872 * calling thread is not allowed to open a socket connection to the |
872 * calling thread is not allowed to open a socket connection to the |
873 * specified host and port number. |
873 * specified host and port number. |
874 * <p> |
874 * <p> |
875 * A port number of <code>-1</code> indicates that the calling |
875 * A port number of {@code -1} indicates that the calling |
876 * method is attempting to determine the IP address of the specified |
876 * method is attempting to determine the IP address of the specified |
877 * host name. |
877 * host name. |
878 * <p> |
878 * <p> |
879 * This method calls <code>checkPermission</code> with the |
879 * This method calls {@code checkPermission} with the |
880 * <code>SocketPermission(host+":"+port,"connect")</code> permission if |
880 * {@code SocketPermission(host+":"+port,"connect")} permission if |
881 * the port is not equal to -1. If the port is equal to -1, then |
881 * the port is not equal to -1. If the port is equal to -1, then |
882 * it calls <code>checkPermission</code> with the |
882 * it calls {@code checkPermission} with the |
883 * <code>SocketPermission(host,"resolve")</code> permission. |
883 * {@code SocketPermission(host,"resolve")} permission. |
884 * <p> |
884 * <p> |
885 * If you override this method, then you should make a call to |
885 * If you override this method, then you should make a call to |
886 * <code>super.checkConnect</code> |
886 * {@code super.checkConnect} |
887 * at the point the overridden method would normally throw an |
887 * at the point the overridden method would normally throw an |
888 * exception. |
888 * exception. |
889 * |
889 * |
890 * @param host the host name port to connect to. |
890 * @param host the host name port to connect to. |
891 * @param port the protocol port to connect to. |
891 * @param port the protocol port to connect to. |
892 * @exception SecurityException if the calling thread does not have |
892 * @throws SecurityException if the calling thread does not have |
893 * permission to open a socket connection to the specified |
893 * permission to open a socket connection to the specified |
894 * <code>host</code> and <code>port</code>. |
894 * {@code host} and {@code port}. |
895 * @exception NullPointerException if the <code>host</code> argument is |
895 * @throws NullPointerException if the {@code host} argument is |
896 * <code>null</code>. |
896 * {@code null}. |
897 * @see #checkPermission(java.security.Permission) checkPermission |
897 * @see #checkPermission(java.security.Permission) checkPermission |
898 */ |
898 */ |
899 public void checkConnect(String host, int port) { |
899 public void checkConnect(String host, int port) { |
900 if (host == null) { |
900 if (host == null) { |
901 throw new NullPointerException("host can't be null"); |
901 throw new NullPointerException("host can't be null"); |
911 SecurityConstants.SOCKET_CONNECT_ACTION)); |
911 SecurityConstants.SOCKET_CONNECT_ACTION)); |
912 } |
912 } |
913 } |
913 } |
914 |
914 |
915 /** |
915 /** |
916 * Throws a <code>SecurityException</code> if the |
916 * Throws a {@code SecurityException} if the |
917 * specified security context is not allowed to open a socket |
917 * specified security context is not allowed to open a socket |
918 * connection to the specified host and port number. |
918 * connection to the specified host and port number. |
919 * <p> |
919 * <p> |
920 * A port number of <code>-1</code> indicates that the calling |
920 * A port number of {@code -1} indicates that the calling |
921 * method is attempting to determine the IP address of the specified |
921 * method is attempting to determine the IP address of the specified |
922 * host name. |
922 * host name. |
923 * <p> If <code>context</code> is not an instance of |
923 * <p> If {@code context} is not an instance of |
924 * <code>AccessControlContext</code> then a |
924 * {@code AccessControlContext} then a |
925 * <code>SecurityException</code> is thrown. |
925 * {@code SecurityException} is thrown. |
926 * <p> |
926 * <p> |
927 * Otherwise, the port number is checked. If it is not equal |
927 * Otherwise, the port number is checked. If it is not equal |
928 * to -1, the <code>context</code>'s <code>checkPermission</code> |
928 * to -1, the {@code context}'s {@code checkPermission} |
929 * method is called with a |
929 * method is called with a |
930 * <code>SocketPermission(host+":"+port,"connect")</code> permission. |
930 * {@code SocketPermission(host+":"+port,"connect")} permission. |
931 * If the port is equal to -1, then |
931 * If the port is equal to -1, then |
932 * the <code>context</code>'s <code>checkPermission</code> method |
932 * the {@code context}'s {@code checkPermission} method |
933 * is called with a |
933 * is called with a |
934 * <code>SocketPermission(host,"resolve")</code> permission. |
934 * {@code SocketPermission(host,"resolve")} permission. |
935 * <p> |
935 * <p> |
936 * If you override this method, then you should make a call to |
936 * If you override this method, then you should make a call to |
937 * <code>super.checkConnect</code> |
937 * {@code super.checkConnect} |
938 * at the point the overridden method would normally throw an |
938 * at the point the overridden method would normally throw an |
939 * exception. |
939 * exception. |
940 * |
940 * |
941 * @param host the host name port to connect to. |
941 * @param host the host name port to connect to. |
942 * @param port the protocol port to connect to. |
942 * @param port the protocol port to connect to. |
943 * @param context a system-dependent security context. |
943 * @param context a system-dependent security context. |
944 * @exception SecurityException if the specified security context |
944 * @throws SecurityException if the specified security context |
945 * is not an instance of <code>AccessControlContext</code> |
945 * is not an instance of {@code AccessControlContext} |
946 * (e.g., is <code>null</code>), or does not have permission |
946 * (e.g., is {@code null}), or does not have permission |
947 * to open a socket connection to the specified |
947 * to open a socket connection to the specified |
948 * <code>host</code> and <code>port</code>. |
948 * {@code host} and {@code port}. |
949 * @exception NullPointerException if the <code>host</code> argument is |
949 * @throws NullPointerException if the {@code host} argument is |
950 * <code>null</code>. |
950 * {@code null}. |
951 * @see java.lang.SecurityManager#getSecurityContext() |
951 * @see java.lang.SecurityManager#getSecurityContext() |
952 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
952 * @see java.security.AccessControlContext#checkPermission(java.security.Permission) |
953 */ |
953 */ |
954 public void checkConnect(String host, int port, Object context) { |
954 public void checkConnect(String host, int port, Object context) { |
955 if (host == null) { |
955 if (host == null) { |
967 SecurityConstants.SOCKET_CONNECT_ACTION), |
967 SecurityConstants.SOCKET_CONNECT_ACTION), |
968 context); |
968 context); |
969 } |
969 } |
970 |
970 |
971 /** |
971 /** |
972 * Throws a <code>SecurityException</code> if the |
972 * Throws a {@code SecurityException} if the |
973 * calling thread is not allowed to wait for a connection request on |
973 * calling thread is not allowed to wait for a connection request on |
974 * the specified local port number. |
974 * the specified local port number. |
975 * <p> |
975 * <p> |
976 * This method calls <code>checkPermission</code> with the |
976 * This method calls {@code checkPermission} with the |
977 * <code>SocketPermission("localhost:"+port,"listen")</code>. |
977 * {@code SocketPermission("localhost:"+port,"listen")}. |
978 * <p> |
978 * <p> |
979 * If you override this method, then you should make a call to |
979 * If you override this method, then you should make a call to |
980 * <code>super.checkListen</code> |
980 * {@code super.checkListen} |
981 * at the point the overridden method would normally throw an |
981 * at the point the overridden method would normally throw an |
982 * exception. |
982 * exception. |
983 * |
983 * |
984 * @param port the local port. |
984 * @param port the local port. |
985 * @exception SecurityException if the calling thread does not have |
985 * @throws SecurityException if the calling thread does not have |
986 * permission to listen on the specified port. |
986 * permission to listen on the specified port. |
987 * @see #checkPermission(java.security.Permission) checkPermission |
987 * @see #checkPermission(java.security.Permission) checkPermission |
988 */ |
988 */ |
989 public void checkListen(int port) { |
989 public void checkListen(int port) { |
990 checkPermission(new SocketPermission("localhost:"+port, |
990 checkPermission(new SocketPermission("localhost:"+port, |
991 SecurityConstants.SOCKET_LISTEN_ACTION)); |
991 SecurityConstants.SOCKET_LISTEN_ACTION)); |
992 } |
992 } |
993 |
993 |
994 /** |
994 /** |
995 * Throws a <code>SecurityException</code> if the |
995 * Throws a {@code SecurityException} if the |
996 * calling thread is not permitted to accept a socket connection from |
996 * calling thread is not permitted to accept a socket connection from |
997 * the specified host and port number. |
997 * the specified host and port number. |
998 * <p> |
998 * <p> |
999 * This method is invoked for the current security manager by the |
999 * This method is invoked for the current security manager by the |
1000 * <code>accept</code> method of class <code>ServerSocket</code>. |
1000 * {@code accept} method of class {@code ServerSocket}. |
1001 * <p> |
1001 * <p> |
1002 * This method calls <code>checkPermission</code> with the |
1002 * This method calls {@code checkPermission} with the |
1003 * <code>SocketPermission(host+":"+port,"accept")</code> permission. |
1003 * {@code SocketPermission(host+":"+port,"accept")} permission. |
1004 * <p> |
1004 * <p> |
1005 * If you override this method, then you should make a call to |
1005 * If you override this method, then you should make a call to |
1006 * <code>super.checkAccept</code> |
1006 * {@code super.checkAccept} |
1007 * at the point the overridden method would normally throw an |
1007 * at the point the overridden method would normally throw an |
1008 * exception. |
1008 * exception. |
1009 * |
1009 * |
1010 * @param host the host name of the socket connection. |
1010 * @param host the host name of the socket connection. |
1011 * @param port the port number of the socket connection. |
1011 * @param port the port number of the socket connection. |
1012 * @exception SecurityException if the calling thread does not have |
1012 * @throws SecurityException if the calling thread does not have |
1013 * permission to accept the connection. |
1013 * permission to accept the connection. |
1014 * @exception NullPointerException if the <code>host</code> argument is |
1014 * @throws NullPointerException if the {@code host} argument is |
1015 * <code>null</code>. |
1015 * {@code null}. |
1016 * @see java.net.ServerSocket#accept() |
1016 * @see java.net.ServerSocket#accept() |
1017 * @see #checkPermission(java.security.Permission) checkPermission |
1017 * @see #checkPermission(java.security.Permission) checkPermission |
1018 */ |
1018 */ |
1019 public void checkAccept(String host, int port) { |
1019 public void checkAccept(String host, int port) { |
1020 if (host == null) { |
1020 if (host == null) { |
1026 checkPermission(new SocketPermission(host+":"+port, |
1026 checkPermission(new SocketPermission(host+":"+port, |
1027 SecurityConstants.SOCKET_ACCEPT_ACTION)); |
1027 SecurityConstants.SOCKET_ACCEPT_ACTION)); |
1028 } |
1028 } |
1029 |
1029 |
1030 /** |
1030 /** |
1031 * Throws a <code>SecurityException</code> if the |
1031 * Throws a {@code SecurityException} if the |
1032 * calling thread is not allowed to use |
1032 * calling thread is not allowed to use |
1033 * (join/leave/send/receive) IP multicast. |
1033 * (join/leave/send/receive) IP multicast. |
1034 * <p> |
1034 * <p> |
1035 * This method calls <code>checkPermission</code> with the |
1035 * This method calls {@code checkPermission} with the |
1036 * <code>java.net.SocketPermission(maddr.getHostAddress(), |
1036 * <code>java.net.SocketPermission(maddr.getHostAddress(), |
1037 * "accept,connect")</code> permission. |
1037 * "accept,connect")</code> permission. |
1038 * <p> |
1038 * <p> |
1039 * If you override this method, then you should make a call to |
1039 * If you override this method, then you should make a call to |
1040 * <code>super.checkMulticast</code> |
1040 * {@code super.checkMulticast} |
1041 * at the point the overridden method would normally throw an |
1041 * at the point the overridden method would normally throw an |
1042 * exception. |
1042 * exception. |
1043 * |
1043 * |
1044 * @param maddr Internet group address to be used. |
1044 * @param maddr Internet group address to be used. |
1045 * @exception SecurityException if the calling thread is not allowed to |
1045 * @throws SecurityException if the calling thread is not allowed to |
1046 * use (join/leave/send/receive) IP multicast. |
1046 * use (join/leave/send/receive) IP multicast. |
1047 * @exception NullPointerException if the address argument is |
1047 * @throws NullPointerException if the address argument is |
1048 * <code>null</code>. |
1048 * {@code null}. |
1049 * @since 1.1 |
1049 * @since 1.1 |
1050 * @see #checkPermission(java.security.Permission) checkPermission |
1050 * @see #checkPermission(java.security.Permission) checkPermission |
1051 */ |
1051 */ |
1052 public void checkMulticast(InetAddress maddr) { |
1052 public void checkMulticast(InetAddress maddr) { |
1053 String host = maddr.getHostAddress(); |
1053 String host = maddr.getHostAddress(); |
1057 checkPermission(new SocketPermission(host, |
1057 checkPermission(new SocketPermission(host, |
1058 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); |
1058 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); |
1059 } |
1059 } |
1060 |
1060 |
1061 /** |
1061 /** |
1062 * Throws a <code>SecurityException</code> if the |
1062 * Throws a {@code SecurityException} if the |
1063 * calling thread is not allowed to use |
1063 * calling thread is not allowed to use |
1064 * (join/leave/send/receive) IP multicast. |
1064 * (join/leave/send/receive) IP multicast. |
1065 * <p> |
1065 * <p> |
1066 * This method calls <code>checkPermission</code> with the |
1066 * This method calls {@code checkPermission} with the |
1067 * <code>java.net.SocketPermission(maddr.getHostAddress(), |
1067 * <code>java.net.SocketPermission(maddr.getHostAddress(), |
1068 * "accept,connect")</code> permission. |
1068 * "accept,connect")</code> permission. |
1069 * <p> |
1069 * <p> |
1070 * If you override this method, then you should make a call to |
1070 * If you override this method, then you should make a call to |
1071 * <code>super.checkMulticast</code> |
1071 * {@code super.checkMulticast} |
1072 * at the point the overridden method would normally throw an |
1072 * at the point the overridden method would normally throw an |
1073 * exception. |
1073 * exception. |
1074 * |
1074 * |
1075 * @param maddr Internet group address to be used. |
1075 * @param maddr Internet group address to be used. |
1076 * @param ttl value in use, if it is multicast send. |
1076 * @param ttl value in use, if it is multicast send. |
1077 * Note: this particular implementation does not use the ttl |
1077 * Note: this particular implementation does not use the ttl |
1078 * parameter. |
1078 * parameter. |
1079 * @exception SecurityException if the calling thread is not allowed to |
1079 * @throws SecurityException if the calling thread is not allowed to |
1080 * use (join/leave/send/receive) IP multicast. |
1080 * use (join/leave/send/receive) IP multicast. |
1081 * @exception NullPointerException if the address argument is |
1081 * @throws NullPointerException if the address argument is |
1082 * <code>null</code>. |
1082 * {@code null}. |
1083 * @since 1.1 |
1083 * @since 1.1 |
1084 * @deprecated Use #checkPermission(java.security.Permission) instead |
1084 * @deprecated Use #checkPermission(java.security.Permission) instead |
1085 * @see #checkPermission(java.security.Permission) checkPermission |
1085 * @see #checkPermission(java.security.Permission) checkPermission |
1086 */ |
1086 */ |
1087 @Deprecated(since="1.4") |
1087 @Deprecated(since="1.4") |
1093 checkPermission(new SocketPermission(host, |
1093 checkPermission(new SocketPermission(host, |
1094 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); |
1094 SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); |
1095 } |
1095 } |
1096 |
1096 |
1097 /** |
1097 /** |
1098 * Throws a <code>SecurityException</code> if the |
1098 * Throws a {@code SecurityException} if the |
1099 * calling thread is not allowed to access or modify the system |
1099 * calling thread is not allowed to access or modify the system |
1100 * properties. |
1100 * properties. |
1101 * <p> |
1101 * <p> |
1102 * This method is used by the <code>getProperties</code> and |
1102 * This method is used by the {@code getProperties} and |
1103 * <code>setProperties</code> methods of class <code>System</code>. |
1103 * {@code setProperties} methods of class {@code System}. |
1104 * <p> |
1104 * <p> |
1105 * This method calls <code>checkPermission</code> with the |
1105 * This method calls {@code checkPermission} with the |
1106 * <code>PropertyPermission("*", "read,write")</code> permission. |
1106 * {@code PropertyPermission("*", "read,write")} permission. |
1107 * <p> |
1107 * <p> |
1108 * If you override this method, then you should make a call to |
1108 * If you override this method, then you should make a call to |
1109 * <code>super.checkPropertiesAccess</code> |
1109 * {@code super.checkPropertiesAccess} |
1110 * at the point the overridden method would normally throw an |
1110 * at the point the overridden method would normally throw an |
1111 * exception. |
1111 * exception. |
1112 * |
1112 * |
1113 * @exception SecurityException if the calling thread does not have |
1113 * @throws SecurityException if the calling thread does not have |
1114 * permission to access or modify the system properties. |
1114 * permission to access or modify the system properties. |
1115 * @see java.lang.System#getProperties() |
1115 * @see java.lang.System#getProperties() |
1116 * @see java.lang.System#setProperties(java.util.Properties) |
1116 * @see java.lang.System#setProperties(java.util.Properties) |
1117 * @see #checkPermission(java.security.Permission) checkPermission |
1117 * @see #checkPermission(java.security.Permission) checkPermission |
1118 */ |
1118 */ |
1120 checkPermission(new PropertyPermission("*", |
1120 checkPermission(new PropertyPermission("*", |
1121 SecurityConstants.PROPERTY_RW_ACTION)); |
1121 SecurityConstants.PROPERTY_RW_ACTION)); |
1122 } |
1122 } |
1123 |
1123 |
1124 /** |
1124 /** |
1125 * Throws a <code>SecurityException</code> if the |
1125 * Throws a {@code SecurityException} if the |
1126 * calling thread is not allowed to access the system property with |
1126 * calling thread is not allowed to access the system property with |
1127 * the specified <code>key</code> name. |
1127 * the specified {@code key} name. |
1128 * <p> |
1128 * <p> |
1129 * This method is used by the <code>getProperty</code> method of |
1129 * This method is used by the {@code getProperty} method of |
1130 * class <code>System</code>. |
1130 * class {@code System}. |
1131 * <p> |
1131 * <p> |
1132 * This method calls <code>checkPermission</code> with the |
1132 * This method calls {@code checkPermission} with the |
1133 * <code>PropertyPermission(key, "read")</code> permission. |
1133 * {@code PropertyPermission(key, "read")} permission. |
1134 * <p> |
1134 * <p> |
1135 * If you override this method, then you should make a call to |
1135 * If you override this method, then you should make a call to |
1136 * <code>super.checkPropertyAccess</code> |
1136 * {@code super.checkPropertyAccess} |
1137 * at the point the overridden method would normally throw an |
1137 * at the point the overridden method would normally throw an |
1138 * exception. |
1138 * exception. |
1139 * |
1139 * |
1140 * @param key a system property key. |
1140 * @param key a system property key. |
1141 * |
1141 * |
1142 * @exception SecurityException if the calling thread does not have |
1142 * @throws SecurityException if the calling thread does not have |
1143 * permission to access the specified system property. |
1143 * permission to access the specified system property. |
1144 * @exception NullPointerException if the <code>key</code> argument is |
1144 * @throws NullPointerException if the {@code key} argument is |
1145 * <code>null</code>. |
1145 * {@code null}. |
1146 * @exception IllegalArgumentException if <code>key</code> is empty. |
1146 * @throws IllegalArgumentException if {@code key} is empty. |
1147 * |
1147 * |
1148 * @see java.lang.System#getProperty(java.lang.String) |
1148 * @see java.lang.System#getProperty(java.lang.String) |
1149 * @see #checkPermission(java.security.Permission) checkPermission |
1149 * @see #checkPermission(java.security.Permission) checkPermission |
1150 */ |
1150 */ |
1151 public void checkPropertyAccess(String key) { |
1151 public void checkPropertyAccess(String key) { |
1152 checkPermission(new PropertyPermission(key, |
1152 checkPermission(new PropertyPermission(key, |
1153 SecurityConstants.PROPERTY_READ_ACTION)); |
1153 SecurityConstants.PROPERTY_READ_ACTION)); |
1154 } |
1154 } |
1155 |
1155 |
1156 /** |
1156 /** |
1157 * Throws a <code>SecurityException</code> if the |
1157 * Throws a {@code SecurityException} if the |
1158 * calling thread is not allowed to initiate a print job request. |
1158 * calling thread is not allowed to initiate a print job request. |
1159 * <p> |
1159 * <p> |
1160 * This method calls |
1160 * This method calls |
1161 * <code>checkPermission</code> with the |
1161 * {@code checkPermission} with the |
1162 * <code>RuntimePermission("queuePrintJob")</code> permission. |
1162 * {@code RuntimePermission("queuePrintJob")} permission. |
1163 * <p> |
1163 * <p> |
1164 * If you override this method, then you should make a call to |
1164 * If you override this method, then you should make a call to |
1165 * <code>super.checkPrintJobAccess</code> |
1165 * {@code super.checkPrintJobAccess} |
1166 * at the point the overridden method would normally throw an |
1166 * at the point the overridden method would normally throw an |
1167 * exception. |
1167 * exception. |
1168 * |
1168 * |
1169 * @exception SecurityException if the calling thread does not have |
1169 * @throws SecurityException if the calling thread does not have |
1170 * permission to initiate a print job request. |
1170 * permission to initiate a print job request. |
1171 * @since 1.1 |
1171 * @since 1.1 |
1172 * @see #checkPermission(java.security.Permission) checkPermission |
1172 * @see #checkPermission(java.security.Permission) checkPermission |
1173 */ |
1173 */ |
1174 public void checkPrintJobAccess() { |
1174 public void checkPrintJobAccess() { |
1492 * name should be granted or denied. |
1492 * name should be granted or denied. |
1493 * |
1493 * |
1494 * <p> If the requested permission is allowed, this method returns |
1494 * <p> If the requested permission is allowed, this method returns |
1495 * quietly. If denied, a SecurityException is raised. |
1495 * quietly. If denied, a SecurityException is raised. |
1496 * |
1496 * |
1497 * <p> This method creates a <code>SecurityPermission</code> object for |
1497 * <p> This method creates a {@code SecurityPermission} object for |
1498 * the given permission target name and calls <code>checkPermission</code> |
1498 * the given permission target name and calls {@code checkPermission} |
1499 * with it. |
1499 * with it. |
1500 * |
1500 * |
1501 * <p> See the documentation for |
1501 * <p> See the documentation for |
1502 * <code>{@link java.security.SecurityPermission}</code> for |
1502 * <code>{@link java.security.SecurityPermission}</code> for |
1503 * a list of possible permission target names. |
1503 * a list of possible permission target names. |
1504 * |
1504 * |
1505 * <p> If you override this method, then you should make a call to |
1505 * <p> If you override this method, then you should make a call to |
1506 * <code>super.checkSecurityAccess</code> |
1506 * {@code super.checkSecurityAccess} |
1507 * at the point the overridden method would normally throw an |
1507 * at the point the overridden method would normally throw an |
1508 * exception. |
1508 * exception. |
1509 * |
1509 * |
1510 * @param target the target name of the <code>SecurityPermission</code>. |
1510 * @param target the target name of the {@code SecurityPermission}. |
1511 * |
1511 * |
1512 * @exception SecurityException if the calling thread does not have |
1512 * @throws SecurityException if the calling thread does not have |
1513 * permission for the requested access. |
1513 * permission for the requested access. |
1514 * @exception NullPointerException if <code>target</code> is null. |
1514 * @throws NullPointerException if {@code target} is null. |
1515 * @exception IllegalArgumentException if <code>target</code> is empty. |
1515 * @throws IllegalArgumentException if {@code target} is empty. |
1516 * |
1516 * |
1517 * @since 1.1 |
1517 * @since 1.1 |
1518 * @see #checkPermission(java.security.Permission) checkPermission |
1518 * @see #checkPermission(java.security.Permission) checkPermission |
1519 */ |
1519 */ |
1520 public void checkSecurityAccess(String target) { |
1520 public void checkSecurityAccess(String target) { |