Re: Security Manager in JDK 1.2 environment

Marianne Mueller (Marianne.Mueller@Eng)
Wed, 24 Jun 1998 10:21:24 -0700 (PDT)

Date: Wed, 24 Jun 1998 10:21:24 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: Security Manager in JDK 1.2 environment
To: java-security@java0.javasoft.com, rri0054@ibm.net

JDK 1.2 security is described at

http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html

The JDK packages (File, Net, ...) still call SecurityManager, but the
implementation of SecurityManager changed. SecurityManager creates
a new permission object representing the requested action, and calls
the AccessController.

For example, java.lang.SecurityManager.checkRead(String file) basically looks
like

public void checkRead(String file) {
java.security.AccessController.checkPermission(new FilePermission(file,
"read"));
}

The AccessController compares the permissions held by the calling protection
domain with the permission requested. If the permissions that are held
allow the requested permission, it returns quietly. Else, it throws an
AccessControlException.