After reading up on the new Security Model I have a small comment to
make to the API doc team on a certain class. (I presume this is the
developers)
The new AccessController classes javadoc description is rather
confusing:
There are three examples of over_riding the doPriviliged method using
Inner Classes
1) System.loadLibrary("awt"); is called inside the method
2) return System.getProperty("user.name"); is called and...
3) return new FileInputStream("someFile"); is called!
No 3) uses PrivilegedExceptionAction() instead of new
PrivilegedAction(), the reason being:
If the action performed in your run method could throw a "checked"
exception (those listed in the throws clause of a method), then you need
to use the PrivilegedExceptionAction interface instead of the
PrivilegedAction interface:
This is fine, but System.getProperty and System.loadLibrary both throw
exceptions that are listed in their throws clause. so either:
a) 1) and 2) are bad examples as they should really use the
PrivilegedExceptionAction interface to catch the exceptions that may be
thrown.
b) There is a bad explanation of what a "checked" exception is.
Also, (at a guess), I would think everything you wanted to do inside a
priviliged method could throw an exception so you would always want to
use the PrivilegedExceptionAction interface?
Can someone clear this point up as I am sure others will pick up on it!
Thanks
Ben Gill