Implementation Techniques

We’ll now turn our attention to implementing security policies. Our goal is to show how to write a security manager—one that can be used in conjunction with the access controller, and one that can stand alone. We’ll plug these security managers into our JavaRunner program, and we’ll also discuss the implementation of the security manager that comes with the Launcher and how that security manager may be installed.

Utility Classes

In order to make our implementation of the security manger a bit easier, we’ll provide a few utility classes.

As we intimated above, there are many times when we want to reject an operation if there is any untrusted class on the stack. In order to simplify this operation, we define this method:

private void checkClassLoader(String ask, String ex) {
		// Use the ask string to prompt the user if the operation
		// should succeed
		if (inClassLoader()) {
			throw new SecurityException(ex);
		}
	}

We’ve passed a string to this method that allows us to ask the user if the operation in question should be permitted; for example, the application could pop up a dialog window and give the user the opportunity to accept the operation. Whether or not that ability is a good idea is open to debate; we’ve left it to the reader to provide the logic to implement that feature (if desired).

There are a number of tests we want our security manager to reject if they are attempted directly by an untrusted class, but should succeed if they are attempted indirectly by ...

Get Java Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Java Security by Scott Oaks

Implementation Techniques

Utility Classes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly