O'Reilly logo

Java Security by Scott Oaks

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Implementation Techniques

We’ll now turn our attention to implementing security policies. Our goal is to show how to write a security manager—one that can be used in conjunction with the access controller, and one that can stand alone. We’ll plug these security managers into our JavaRunner program, and we’ll also discuss the implementation of the security manager that comes with the Launcher and how that security manager may be installed.

Utility Classes

In order to make our implementation of the security manger a bit easier, we’ll provide a few utility classes.

As we intimated above, there are many times when we want to reject an operation if there is any untrusted class on the stack. In order to simplify this operation, we define this method:

private void checkClassLoader(String ask, String ex) {
		// Use the ask string to prompt the user if the operation
		// should succeed
		if (inClassLoader()) {
			throw new SecurityException(ex);
		}
	}

We’ve passed a string to this method that allows us to ask the user if the operation in question should be permitted; for example, the application could pop up a dialog window and give the user the opportunity to accept the operation. Whether or not that ability is a good idea is open to debate; we’ve left it to the reader to provide the logic to implement that feature (if desired).

There are a number of tests we want our security manager to reject if they are attempted directly by an untrusted class, but should succeed if they are attempted indirectly by ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required