The AccessController Class

Now we have all the pieces in place to discuss the mechanics of the access controller. The access controller is represented by a single class called, conveniently, AccessController (java.security.AccessController). There are no instances of the AccessController class -- its constructor is private so that it cannot be instantiated. Instead, this class has a number of static methods that can be called in order to determine if a particular operation should succeed. The key method of this class takes a particular permission and determines, based on the installed Policy object, whether or not the permission should be granted:

public static void checkPermission(Permission p)

Check the given permission against the policy in place for the program. If the permission is granted, this method returns normally; otherwise, it throws an AccessControlException.

This method is used by the security manager to implement each of its methods.

We can use this method to determine whether or not a specified operation should be permitted:

package javasec.samples.ch05;

import java.applet.*;
import java.net.*;
import java.security.*;

public class AccessTest extends Applet {
    public void init(  ) {
        SocketPermission sp = new SocketPermission(
                            getParameter("host") + ":6000", "connect");
        try {
            AccessController.checkPermission(sp);
            System.out.println("Ok to open socket");
        } catch (AccessControlException ace) {
            System.out.println(ace);
        }
    }
}

Whether the access controller allows or rejects ...

Get Java Security, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.