java.lang.Object | +--java.security.AccessController
static void | checkPermission(java.security.Permission perm) Checks wether the access control context of the current thread allows the given Permission. |
static java.lang.Object | doPrivileged(java.security.PrivilegedAction action) Calls the |
static java.lang.Object | doPrivileged(java.security.PrivilegedAction action, java.security.AccessControlContext context) Calls the |
static java.lang.Object | doPrivileged(java.security.PrivilegedExceptionAction action) Calls the |
static java.lang.Object | doPrivileged(java.security.PrivilegedExceptionAction action, java.security.AccessControlContext context) Calls the |
static java.security.AccessControlContext | getContext() Returns the complete access control context of the current thread. |
public static void checkPermission(java.security.Permission perm)
AccessControlException
when the permission is not allowed in the current context. Otherwise
returns silently without throwing an exception.
perm
- the permission to be checked.AccessControlException
- thrown if the current context does not
allow the given permission.public static Object doPrivileged(java.security.PrivilegedAction action)
run()
method of the given action with as
(initial) access control context only the protection domain of the
calling class. Calls to checkPermission()
in the
run()
method ignore all earlier protection domains of
classes in the call chain. Note that the protection domains of classes
called by the code in the run()
method are not ignored.
action
- the PrivilegedAction
whose run()
should be be called.public static Object doPrivileged(java.security.PrivilegedAction action, java.security.AccessControlContext context)
run()
method of the given action with as
(initial) access control context the given context combined with the
protection domain of the calling class. Calls to
checkPermission()
in the run()
method ignore
all earlier protection domains of classes in the call chain, but add
checks for the protection domains given in the supplied context.
action
- the PrivilegedAction
whose run()
should be be called.context
- the AccessControlContext
whose protection
domains should be added to the protection domain of the calling class.public static Object doPrivileged(java.security.PrivilegedExceptionAction action)
run()
method of the given action with as
(initial) access control context only the protection domain of the
calling class. Calls to checkPermission()
in the
run()
method ignore all earlier protection domains of
classes in the call chain. Note that the protection domains of classes
called by the code in the run()
method are not ignored.
If the run()
method throws an exception then this method
will wrap that exception in an PrivilegedActionException
.
action
- the PrivilegedExceptionAction
whose
run()
should be be called.PrivilegedActionException
- wrapped around any exception that
is thrown in the run()
method.public static Object doPrivileged(java.security.PrivilegedExceptionAction action, java.security.AccessControlContext context)
run()
method of the given action with as
(initial) access control context the given context combined with the
protection domain of the calling class. Calls to
checkPermission()
in the run()
method ignore
all earlier protection domains of classes in the call chain, but add
checks for the protection domains given in the supplied context.
If the run()
method throws an exception then this method
will wrap that exception in an PrivilegedActionException
.
action
- the PrivilegedExceptionAction
whose
run()
should be be called.context
- the AccessControlContext
whose protection
domains should be added to the protection domain of the calling class.PrivilegedActionException
- wrapped around any exception that
is thrown in the run()
method.public static AccessControlContext getContext()
XXX - Should this include all the protection domains in the call chain
or only the domains till the last doPrivileged()
call?
XXX - needs native support. Currently returns an empty context.
checkPermission()
method. Manipulates the access control context for code that needs to be executed the protection domain of the calling class (by explicitly ignoring the context of the calling code) in thedoPrivileged()
methods. And provides agetContext()
method which gives the access control context of the current thread that can be used for checking permissions at a later time and/or in another thread.XXX - Mostly a stub implementation at the moment. Needs native support from the VM to function correctly. XXX - Do not forget to think about how to handle
java.lang.reflect.Method.invoke()
on thedoPrivileged()
methods.