5.3. ProtectionDomain

To assign permissions to a class, one could follow the straightforward approach of encapsulating all the permissions granted to a class, represented by various Permission objects, to an instance of a Permissions class (described in Section 5.1.3 and then associating this permission set with the class via an interface in the base class java.lang.Class. However, linking a permission set so directly with a class would lead to a rigid API that could not easily be extended. For example, suppose that access control checks were to be performed based not only on permissions granted to the class but also on the name of the principal currently running the code. To do this, the Class class would have to be extended with additional ...

Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.