The AccessController Class

Now we have all the pieces in place to discuss the mechanics of the access controller. The access controller is represented by a single class called, conveniently, AccessController. There are no instances of the AccessController class (java.security.AccessController)—its constructor is private, so that it cannot be instantiated. Instead, this class has a number of static methods that can be called in order to determine if a particular operation should succeed. The key method of this class takes a particular permission and determines, based on the installed Policy object, whether or not the permission should be granted:

public static void checkPermission(Permission p)

Check the given permission against the policy in place for the program. If the permission is granted, this method returns normally; otherwise, it throws an AccessControlException.

We can use this method to determine whether or not a specified operation should be permitted:

public class AccessTest extends Applet {
	public void init() {
		SocketPermission sp = new SocketPermission(
							getParameter("host") + ":6000", "connect");
		try {
			AccessController.checkPermission(sp);
			System.out.println("Ok to open socket");
		} catch (AccessControlException ace) {
			System.out.println(ace);
		}
	}
}

Whether the access controller allows or rejects a given permission depends upon the set of protection domains that are on the stack when the access controller is called. Figure 5.2 shows the stack that might be in place ...

Get Java Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.