6.4. AccessController

Although the SecurityManager class defines the checkPermission and check methods as interfaces to invoke an appropriate security check, these interfaces do not specify how the security checks are done. In particular, they do not specify under what circumstances a request should be granted or denied. This is necessary because it is almost impossible to anticipate all reasonable ways to enforce a security check. For example, one application developer might want to implement a multilevel security policy [5], whereas another might want to implement support for separation-of-duty policies [72]. One way to achieve the goal of supporting multiple policies is to provide a Policy object with a sufficiently rich expressive power ...

Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.