Providing Your Own Security Manager |
You may have to override several of SecurityManager'scheckXXX()
methods depending on which operations you want your security manager to impose restrictions on.The first column in the following table are objects on which you can perform various operations. The second column lists the SecurityManager methods that approve the operations on the objects in the first column.
Operations On Approved By sockets checkAccept(String host, int port) checkConnect(String host, int port) checkConnect(String host, int port, Object executionContext) checkListen(int port) threads checkAccess(Thread thread) checkAccess(ThreadGroup threadgroup) class loader checkCreateClassLoader() file system checkDelete(String filename) checkLink(String library) checkRead(FileDescriptor filedescriptor) checkRead(String filename) checkRead(String filename, Object executionContext) checkWrite(FileDescriptor filedescriptor) checkWrite(String filename) system commands checkExec(String command) interpreter checkExit(int status) package checkPackageAccess(String packageName) checkPackageDefinition(String packageName) properties checkPropertiesAccess() checkPropertyAccess(String key) checkPropertyAccess(String key, String def) networking checkSetFactory() windows checkTopLevelWindow(Object window)Depending on your security policy, you can override some or all of these methods. For example, suppose you are writing a Web browser or applet viewer and want to disallow applets from using sockets altogether. To do this you override the four methods that affect socket access.Many of the
checkXXX()
methods are called in multiple situations. You saw this when writing the PasswordSecurityManager in Writing a Security Manager--thecheckAccess(ThreadGroup g)
method is invoked when you create a ThreadGroup, set its daemon status, stop it, and so on. When overriding acheckXXX()
method make sure that you understand all the situations in which it can be invoked.The default implementation provided by the SecurityManager class for all
checkXXX()
methods is:Most security policies that you want to implement will likely be more selective than disallowing everything! So you may find that you have to override all SecurityManager'spublic void checkXXX(. . .) { throw new SecurityException(); }checkXXX()
methods.
Providing Your Own Security Manager |