Find Usages Diff Raw Download HTML Widget Stack Overflow Q&A
Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
1. Does reflection breaks the idea of private methods, because private methods can be access outside of the class?
Does reflection breaks the idea of private methods, because private methods can be access outside of the class? (Maybe I dont understand the meaning of reflection or miss something else, please write) http://en.wikipedia.org/wiki/Reflection_%28computer_science%29 Edit: If relection breaks the idea of private methods - does we use private methods only for program logic and not for program secur...
2. Sandbox against malicious code in a Java application
In a simulation server environment where users are allowed to submit their own code to be run by the server, it would clearly be advantageous for any user-submitted code to be run in side a sandbox, not unlike Applets are within a browser. I wanted to be able to leverage the JVM itself, rather than adding another VM layer to isolate these submitted components. This kind of limitation appears ...
3. Does Java have a built-in Antivirus? Is it true?
Does Java have a built-in Antivirus? One of my friends told me there is in the JVM itself - it's called the "sandbox". Is it true?
4. How do i create a java sandbox?
I want to make my application to run other people's code, aka plugins. However, what options do I have to make this secure so they don't write malicous code. How do I control what they can or can not do? I have stumbled around that JVM has a "built in sandbox" feature - what is it and is this the only way? Are there third-party Java libraries for making a sandbox? What options do I have? Link...
5. Java file permissions for threads
I'm programming a Java server that has to handle Python code given by the user using Jython. Obviously, I can't just execute it without some risk of a cracker accessing files and system commands that he/she shouldn't. I've been searching for some way to restrict file permissions for specific threads for hours now, and the closest I've gotten was restricting file permissions for the entire appli...
6. Catch an exit instruction by a library
To my astonishment and horror, I've just encountered the line System.exit(1); in a library I use. I'm planning on contacting the library's authors and asking what gives, but meanwhile is there any way to prevent the library from killing my code (and worse, killing the application using my code)? Perhaps somehow force the library to throw a SecurityException, which I see that exit(int) may throw?
7. Disable Java reflection for the current thread
I need to call some semi-trustworthy Java code and want to disable the ability to use reflection for the duration of that code's execution. try{ // disable reflection somehow someObject.method(); } finally{ // enable reflection again } Can this be done with a SecurityManager, and if so, how? Clarification/Context: This is a follow-up to another question about restricting the pack...
8. Possible to change the outer class instance of an inner class in Java?
In Java, whenever an inner class instance is created, it is associated with an instance of an outer class. Out of curiosity, is it possible to associate the inner class with another instance of an outer class instead?
9. Compiling and running user code with JavaCompiler and ClassLoader
I am writing web app for java learning. Using which users may compile their code on my serwer + run that code. Compiling is easy with JavaCompiler: JavaCompiler compiler = ToolProvider.getSystemJavaCompiler(); DiagnosticCollector<JavaFileObject> diagnostics = new DiagnosticCollector<JavaFileObject>(); CompilationTask task = compiler.getTask(null, null, diagnostics, nu...
10. How to access the private variables of a class in its subclass?
This is a question I was asked in an interview: I have class A with private members and Class B extends A. I know private members of a class cannot be accessed, but the question is: I need to access private members of class A from class B, rather than create variables with the same value in class B. I hope I am clear with this question. Thanks.
11. Java reflection framework and security
Assume I have a singleton class in an external lib to my application. But still I can create instances of that particular class using reflection. Like this Class clas = Class.forName(Private.class.getName()); for(Constructor c : clas.getDeclaredConstructors()){ c.setAccessible(true); Private p = (Private) c.newInstance(); System.out.println(p); } How ca...
12. Accessing private static methods from a public static context
Consider this sample class, class TargetClass { private static String SENSITIVE_DATA = "sw0rdfish"; private static String getSensitiveData() { return SENSITIVE_DATA; } } When I do this, import java.lang.reflect.Method; public class ClassPiercing { public static void main(String... args) throws Exception { Class targetClass = Class.forName("TargetClass"); ...
13. Checking for write access in a directory before creating files inside it
My small utility application asks the user for an output directory via a GUI file selector. Then it creates a lot of files in this output directory after some processing. I need to check if the application has write access so that it informs the user and does not continue with the processing (which might take a long time) My first attempt was the canWrite() method of java.io.File. But this d...
14. Does anyone know how a white-list class access approach similar to Google App Engine can be implemented?
I am writing a container framework that can dynamically deploy a Jar file containing user developed classes in the container, and then using a web interface execute certain classes from the Jar file. Everything else is well set, including the validations. However, a requirement is to only allow access to certain JDK and other library classes from the user developed class. Clearly, this is du...
15. How to restrict developers to use reflection to access private methods and constructors in Java?
How to restrict developers to use reflection to access private methods and constructors in Java? Using normal Java code we can't access private constructors or private methods outside of a class. But by using reflection we can access any private methods and constructors in a Java class. So how can we give security to our Java code?
16. Scope of the Java System Properties
In Java we use System.setProperty() method to set some system properties. According to this article the use of system properties is bit tricky. System.setProperty() can be an evil call. * It is 100% thread-hostile * It contains super-global variables * It is extremely difficult to debug when these variables mysteriously change at runtime My questions are as follows. How about the scop...
17. Where does the log file locate in a web application with log4j?
With the following settings: log4j.appender.file=org.apache.log4j.RollingFileAppender log4j.appender.file.maxFileSize=100KB log4j.appender.file.maxBackupIndex=5 log4j.appender.file.File=test.log log4j.appender.file.threshold=info log4j.appender.file.layout=org.apache.log4j.PatternLayout log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n Where does the test.log file...
18. How to test executable JAR?
I have a simple class in executable JAR file: public final class Main { public static void main(String[] args) { System.out.println("hello, world!"); System.exit(-1); } } Now I'm trying to test this class/method: public class MainTest { @Test public void testMain() { Main.main(new String[] { "something" }); } } Testing crashes on System.exit(0), and I can understand wh...
19. AppCertDlls: Process creation slowdown on Win32 caused by virus
I've been enjoying a hefty process creation penalty on my Windows XP Home SP3 for about two months. The problem is most manifest and annoying with tasks that do create lots of processes, such as shell scripts (incidentally, bash scripts on Cygwin), Makefiles, or unpacking an IzPack package such as the SpringSource Tool Suite installer (lots of separate unpack200.exe JAR extractor processes). I'...
20. Need Compilers on Server
I'm looking to build a web service that can compile some entered code (probably C/Java) and can run some tests on it. What kind of design should I follow? What compiler can I place on my server to do the job? Recommendations? Pros? Cons?
21. Java.security.AccessControlException: access denied Exception
I'm trying to do a simple program for RMI. But, I'm getting the following exception while running the line Naming.rebind("interfacename",Remoteserverobject); java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve) My Code is as follows: public static void main(String[] args) throws Exception { if(System.getSecurityM... 
1
   /*
2
    * Copyright 1995-2006 Sun Microsystems, Inc.  All Rights Reserved.
3
    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
    *
5
    * This code is free software; you can redistribute it and/or modify it
6
    * under the terms of the GNU General Public License version 2 only, as
7
    * published by the Free Software Foundation.  Sun designates this
8
    * particular file as subject to the "Classpath" exception as provided
9
    * by Sun in the LICENSE file that accompanied this code.
10
   *
11
   * This code is distributed in the hope that it will be useful, but WITHOUT
12
   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
   * version 2 for more details (a copy is included in the LICENSE file that
15
   * accompanied this code).
16
   *
17
   * You should have received a copy of the GNU General Public License version
18
   * 2 along with this work; if not, write to the Free Software Foundation,
19
   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
   *
21
   * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22
   * CA 95054 USA or visit www.sun.com if you need additional information or
23
   * have any questions.
24
   */
25
  
26
  package java.lang;
27
  
28
  import java.security.*;
30
  import java.io.File;
41
  import java.net.URL;
42
  
The security manager is a class that allows applications to implement a security policy. It allows an application to determine, before performing a possibly unsafe or sensitive operation, what the operation is and whether it is being attempted in a security context that allows the operation to be performed. The application can allow or disallow the operation.

The SecurityManager class contains many methods with names that begin with the word check. These methods are called by various methods in the Java libraries before those methods perform certain potentially sensitive operations. The invocation of such a check method typically looks like this: 

     SecurityManager security = System.getSecurityManager();
     if (security != null) {
         security.checkXXX(argument,  . . . );
     }

The security manager is thereby given an opportunity to prevent completion of the operation by throwing an exception. A security manager routine simply returns if the operation is permitted, but throws a SecurityException if the operation is not permitted. The only exception to this convention is checkTopLevelWindow, which returns a boolean value.

The current security manager is set by the setSecurityManager method in class System. The current security manager is obtained by the getSecurityManager method.

The special method checkPermission(java.security.Permission) determines whether an access request indicated by a specified permission should be granted or denied. The default implementation calls 

   AccessController.checkPermission(perm);

If a requested access is allowed, checkPermission returns quietly. If denied, a SecurityException is thrown.

As of Java 2 SDK v1.2, the default implementation of each of the other check methods in SecurityManager is to call the SecurityManager checkPermission method to determine if the calling thread has permission to perform the requested operation.

Note that the checkPermission method with just a single permission argument always performs security checks within the context of the currently executing thread. Sometimes a security check that should be made within a given context will actually need to be done from within a different context (for example, from within a worker thread). The getSecurityContext method and the checkPermission method that includes a context argument are provided for this situation. The getSecurityContext method returns a "snapshot" of the current calling context. (The default implementation returns an AccessControlContext object.) A sample call is the following: 

   Object context = null;
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) context = sm.getSecurityContext();

The checkPermission method that takes a context object in addition to a permission makes access decisions based on that context, rather than on that of the current execution thread. Code within a different context can thus call that method, passing the permission and the previously-saved context object. A sample call, using the SecurityManager sm obtained as in the previous example, is the following: 

   if (sm != null) sm.checkPermission(permission, context);

Permissions fall into these categories: File, Socket, Net, Security, Runtime, Property, AWT, Reflect, and Serializable. The classes managing these various permission categories are java.io.FilePermission, java.net.SocketPermission, java.net.NetPermission, java.security.SecurityPermission, java.lang.RuntimePermission, java.util.PropertyPermission, java.awt.AWTPermission, java.lang.reflect.ReflectPermission, and java.io.SerializablePermission.

All but the first two (FilePermission and SocketPermission) are subclasses of java.security.BasicPermission, which itself is an abstract subclass of the top-level class for permissions, which is java.security.Permission. BasicPermission defines the functionality needed for all permissions that contain a name that follows the hierarchical property naming convention (for example, "exitVM", "setFactory", "queuePrintJob", etc). An asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "a.*" or "*" is valid, "*a" or "a*b" is not valid.

FilePermission and SocketPermission are subclasses of the top-level class for permissions (java.security.Permission). Classes like these that have a more complicated name syntax than that used by BasicPermission subclass directly from Permission rather than from BasicPermission. For example, for a java.io.FilePermission object, the permission name is the path name of a file (or directory).

Some of the permission classes have an "actions" list that tells the actions that are permitted for the object. For example, for a java.io.FilePermission object, the actions list (such as "read, write") specifies which actions are granted for the specified file (or for files in the specified directory).

Other permission classes are for "named" permissions - ones that contain a name but no actions list; you either have the named permission or you don't.

Note: There is also a java.security.AllPermission permission that implies all permissions. It exists to simplify the work of system administrators who might need to perform multiple tasks that require all (or numerous) permissions.

See Permissions in the JDK for permission-related information. This document includes, for example, a table listing the various SecurityManager check methods and the permission(s) the default implementation of each such method requires. It also contains a table of all the version 1.2 methods that require permissions, and for each such method tells which permission it requires.

For more information about SecurityManager changes made in the JDK and advice regarding porting of 1.1-style security managers, see the security documentation.

Author(s):
Arthur van Hoff
Roland Schemers
Since:
JDK1.0
See also:
ClassLoader
SecurityException
checkTopLevelWindow(java.lang.Object) checkTopLevelWindow
System.getSecurityManager() getSecurityManager
System.setSecurityManager(java.lang.SecurityManager) setSecurityManager
java.security.AccessController AccessController
java.security.AccessControlContext AccessControlContext
java.security.AccessControlException AccessControlException
java.security.Permission
java.security.BasicPermission
java.io.FilePermission
java.net.SocketPermission
java.util.PropertyPermission
RuntimePermission
java.awt.AWTPermission
java.security.Policy Policy
java.security.SecurityPermission SecurityPermission
java.security.ProtectionDomain
225
 
226
 public
227
 class SecurityManager {

    
This field is true if there is a security check in progress; false otherwise.

Deprecated:
This type of security checking is not recommended. It is recommended that the checkPermission call be used instead.
236
 
237
     @Deprecated
238
     protected boolean inCheck;
239
 
240
     /*
241
      * Have we been initialized. Effective against finalizer attacks.
242
      */
243
     private boolean initialized = false;


    
returns true if the current context has been granted AllPermission 
248
 
249
     private boolean hasAllPermission()
250
     {
251
         try {
253
             return true;
254
         } catch (SecurityException se) {
255
             return false;
256
         }
257
     }

    
Tests if there is a security check in progress.

Deprecated:
This type of security checking is not recommended. It is recommended that the checkPermission call be used instead.
Returns:
the value of the inCheck field. This field should contain true if a security check is in progress, false otherwise.
See also:
inCheck
270
 
271
     @Deprecated
272
     public boolean getInCheck() {
273
         return ;
274
     }

    
Constructs a new SecurityManager.

If there is a security manager already installed, this method first calls the security manager's checkPermission method with the RuntimePermission("createSecurityManager") permission to ensure the calling thread has permission to create a new security manager. This may result in throwing a SecurityException.

Throws:
SecurityException if a security manager already exists and its checkPermission method doesn't allow creation of a new security manager.
See also:
System.getSecurityManager()
checkPermission(java.security.Permission) checkPermission
RuntimePermission
292
 
293
     public SecurityManager() {
294
         synchronized(SecurityManager.class) {
295
             SecurityManager sm = System.getSecurityManager();
296
             if (sm != null) {
297
                 // ask the currently installed security manager if we
298
                 // can create a new one.
299
                 sm.checkPermission(new RuntimePermission
300
                                    ("createSecurityManager"));
301
             }
302
              = true;
303
         }
304
     }

    
Returns the current execution stack as an array of classes.

The length of the array is the number of methods on the execution stack. The element at index 0 is the class of the currently executing method, the element at index 1 is the class of that method's caller, and so on.

Returns:
the execution stack.
315
 
316
     protected native Class[] getClassContext();

    
Returns the class loader of the most recently executing method from a class defined using a non-system class loader. A non-system class loader is defined as being a class loader that is not equal to the system class loader (as returned by ClassLoader.getSystemClassLoader()) or one of its ancestors.

This method will return null in the following three cases:

  1. All methods on the execution stack are from classes defined using the system class loader or one of its ancestors.
  2. All methods on the execution stack up to the first "privileged" caller (see java.security.AccessController.doPrivileged(java.security.PrivilegedAction)) are from classes defined using the system class loader or one of its ancestors.
  3. A call to checkPermission with java.security.AllPermission does not result in a SecurityException.

Deprecated:
This type of security checking is not recommended. It is recommended that the checkPermission call be used instead.
Returns:
the class loader of the most recent occurrence on the stack of a method from a class defined using a non-system class loader.
See also:
ClassLoader.getSystemClassLoader() getSystemClassLoader
checkPermission(java.security.Permission) checkPermission
353
 
354
     @Deprecated
355
     protected ClassLoader currentClassLoader()
356
     {
357
         ClassLoader cl = currentClassLoader0();
358
         if ((cl != null) && hasAllPermission())
359
             cl = null;
360
         return cl;
361
     }
362
 
363
     private native ClassLoader currentClassLoader0();

    
Returns the class of the most recently executing method from a class defined using a non-system class loader. A non-system class loader is defined as being a class loader that is not equal to the system class loader (as returned by ClassLoader.getSystemClassLoader()) or one of its ancestors.

This method will return null in the following three cases:

  1. All methods on the execution stack are from classes defined using the system class loader or one of its ancestors.
  2. All methods on the execution stack up to the first "privileged" caller (see java.security.AccessController.doPrivileged(java.security.PrivilegedAction)) are from classes defined using the system class loader or one of its ancestors.
  3. A call to checkPermission with java.security.AllPermission does not result in a SecurityException.

Deprecated:
This type of security checking is not recommended. It is recommended that the checkPermission call be used instead.
Returns:
the class of the most recent occurrence on the stack of a method from a class defined using a non-system class loader.
See also:
ClassLoader.getSystemClassLoader() getSystemClassLoader
checkPermission(java.security.Permission) checkPermission
400
 
401
     @Deprecated
402
     protected Class<?> currentLoadedClass() {
403
         Class c = currentLoadedClass0();
404
         if ((c != null) && hasAllPermission())
405
             c = null;
406
         return c;
407
     }

    
Returns the stack depth of the specified class.

Deprecated:
This type of security checking is not recommended. It is recommended that the checkPermission call be used instead.
Parameters:
name the fully qualified name of the class to search for.
Returns:
the depth on the stack frame of the first occurrence of a method from a class with the specified name; -1 if such a frame cannot be found.
420
 
421
     @Deprecated
422
     protected native int classDepth(String name);

    
Returns the stack depth of the most recently executing method from a class defined using a non-system class loader. A non-system class loader is defined as being a class loader that is not equal to the system class loader (as returned by ClassLoader.getSystemClassLoader()) or one of its ancestors.

This method will return -1 in the following three cases:

  1. All methods on the execution stack are from classes defined using the system class loader or one of its ancestors.
  2. All methods on the execution stack up to the first "privileged" caller (see java.security.AccessController.doPrivileged(java.security.PrivilegedAction)) are from classes defined using the system class loader or one of its ancestors.
  3. A call to checkPermission with java.security.AllPermission does not result in a SecurityException.

Deprecated:
This type of security checking is not recommended. It is recommended that the checkPermission call be used instead.
Returns:
the depth on the stack frame of the most recent occurrence of a method from a class defined using a non-system class loader.
See also:
ClassLoader.getSystemClassLoader() getSystemClassLoader
checkPermission(java.security.Permission) checkPermission
458
 
459
     @Deprecated
460
     protected int classLoaderDepth()
461
     {
462
         int depth = classLoaderDepth0();
463
         if (depth != -1) {
464
             if (hasAllPermission())
465
                 depth = -1;
466
             else
467
                 depth--; // make sure we don't include ourself
468
         }
469
         return depth;
470
     }
471
 
472
     private native int classLoaderDepth0();

    
Tests if a method from a class with the specified name is on the execution stack.

Deprecated:
This type of security checking is not recommended. It is recommended that the checkPermission call be used instead.
Parameters:
name the fully qualified name of the class.
Returns:
true if a method from a class with the specified name is on the execution stack; false otherwise.
484
 
485
     @Deprecated
486
     protected boolean inClass(String name) {
487
         return classDepth(name) >= 0;
488
     }

    
Basically, tests if a method from a class defined using a class loader is on the execution stack.

Deprecated:
This type of security checking is not recommended. It is recommended that the checkPermission call be used instead.
Returns:
true if a call to currentClassLoader has a non-null return value.
See also:
currentClassLoader() currentClassLoader
501
 
502
     @Deprecated
503
     protected boolean inClassLoader() {
504
         return currentClassLoader() != null;
505
     }

    
Creates an object that encapsulates the current execution environment. The result of this method is used, for example, by the three-argument checkConnect method and by the two-argument checkRead method. These methods are needed because a trusted method may be called on to read a file or open a socket on behalf of another method. The trusted method needs to determine if the other (possibly untrusted) method would be allowed to perform the operation on its own.

The default implementation of this method is to return an AccessControlContext object.

Returns:
an implementation-dependent object that encapsulates sufficient information about the current execution environment to perform some security checks later.
See also:
checkConnect(java.lang.String,int,java.lang.Object) checkConnect
checkRead(java.lang.String,java.lang.Object) checkRead
java.security.AccessControlContext AccessControlContext
528
 
529
     public Object getSecurityContext() {
530
         return AccessController.getContext();
531
     }

    
Throws a SecurityException if the requested access, specified by the given permission, is not permitted based on the security policy currently in effect.

This method calls AccessController.checkPermission with the given permission.

Parameters:
perm the requested permission.
Throws:
SecurityException if access is not permitted based on the current security policy.
NullPointerException if the permission argument is null.
Since:
1.2
547
 
548
     public void checkPermission(Permission perm) {
549
         java.security.AccessController.checkPermission(perm);
550
     }

    
Throws a SecurityException if the specified security context is denied access to the resource specified by the given permission. The context must be a security context returned by a previous call to getSecurityContext and the access control decision is based upon the configured security policy for that security context.

If context is an instance of AccessControlContext then the AccessControlContext.checkPermission method is invoked with the specified permission.

If context is not an instance of AccessControlContext then a SecurityException is thrown.

Parameters:
perm the specified permission
context a system-dependent security context.
Throws:
SecurityException if the specified security context is not an instance of AccessControlContext (e.g., is null), or is denied access to the resource specified by the given permission.
NullPointerException if the permission argument is null.
Since:
1.2
See also:
getSecurityContext()
java.security.AccessControlContext.checkPermission(java.security.Permission)
582
 
583
     public void checkPermission(Permission permObject context) {
584
         if (context instanceof AccessControlContext) {
585
             ((AccessControlContext)context).checkPermission(perm);
586
         } else {
587
             throw new SecurityException();
588
         }
589
     }

    
Throws a SecurityException if the calling thread is not allowed to create a new class loader.

This method calls checkPermission with the RuntimePermission("createClassLoader") permission.

If you override this method, then you should make a call to super.checkCreateClassLoader at the point the overridden method would normally throw an exception.

Throws:
SecurityException if the calling thread does not have permission to create a new class loader.
See also:
java.lang.ClassLoader.ClassLoader.()
checkPermission(java.security.Permission) checkPermission
609
 
610
     public void checkCreateClassLoader() {
612
     }

    
reference to the root thread group, used for the checkAccess methods. 
617
 
618
 
619
     private static ThreadGroup rootGroup = getRootGroup();
620
 
621
     private static ThreadGroup getRootGroup() {
622
         ThreadGroup root =  Thread.currentThread().getThreadGroup();
623
         while (root.getParent() != null) {
624
             root = root.getParent();
625
         }
626
         return root;
627
     }

    
Throws a SecurityException if the calling thread is not allowed to modify the thread argument.

This method is invoked for the current security manager by the stop, suspend, resume, setPriority, setName, and setDaemon methods of class Thread.

If the thread argument is a system thread (belongs to the thread group with a null parent) then this method calls checkPermission with the RuntimePermission("modifyThread") permission. If the thread argument is not a system thread, this method just returns silently.

Applications that want a stricter policy should override this method. If this method is overridden, the method that overrides it should additionally check to see if the calling thread has the RuntimePermission("modifyThread") permission, and if so, return silently. This is to ensure that code granted that permission (such as the JDK itself) is allowed to manipulate any thread.

If this method is overridden, then super.checkAccess should be called by the first statement in the overridden method, or the equivalent security check should be placed in the overridden method.

Parameters:
t the thread to be checked.
Throws:
SecurityException if the calling thread does not have permission to modify the thread.
NullPointerException if the thread argument is null.
See also:
Thread.resume() resume
Thread.setDaemon(boolean) setDaemon
Thread.setName(java.lang.String) setName
Thread.setPriority(int) setPriority
Thread.stop() stop
Thread.suspend() suspend
checkPermission(java.security.Permission) checkPermission
670
 
671
     public void checkAccess(Thread t) {
672
         if (t == null) {
673
             throw new NullPointerException("thread can't be null");
674
         }
675
         if (t.getThreadGroup() == ) {
677
         } else {
678
             // just return
679
         }
680
     }
    
Throws a SecurityException if the calling thread is not allowed to modify the thread group argument.

This method is invoked for the current security manager when a new child thread or child thread group is created, and by the setDaemon, setMaxPriority, stop, suspend, resume, and destroy methods of class ThreadGroup.

If the thread group argument is the system thread group ( has a null parent) then this method calls checkPermission with the RuntimePermission("modifyThreadGroup") permission. If the thread group argument is not the system thread group, this method just returns silently.

Applications that want a stricter policy should override this method. If this method is overridden, the method that overrides it should additionally check to see if the calling thread has the RuntimePermission("modifyThreadGroup") permission, and if so, return silently. This is to ensure that code granted that permission (such as the JDK itself) is allowed to manipulate any thread.

If this method is overridden, then super.checkAccess should be called by the first statement in the overridden method, or the equivalent security check should be placed in the overridden method.

Parameters:
g the thread group to be checked.
Throws:
SecurityException if the calling thread does not have permission to modify the thread group.
NullPointerException if the thread group argument is null.
See also:
ThreadGroup.destroy() destroy
ThreadGroup.resume() resume
ThreadGroup.setDaemon(boolean) setDaemon
ThreadGroup.setMaxPriority(int) setMaxPriority
ThreadGroup.stop() stop
ThreadGroup.suspend() suspend
checkPermission(java.security.Permission) checkPermission
723
 
724
     public void checkAccess(ThreadGroup g) {
725
         if (g == null) {
726
             throw new NullPointerException("thread group can't be null");
727
         }
728
         if (g == ) {
730
         } else {
731
             // just return
732
         }
733
     }

    
Throws a SecurityException if the calling thread is not allowed to cause the Java Virtual Machine to halt with the specified status code.

This method is invoked for the current security manager by the exit method of class Runtime. A status of 0 indicates success; other values indicate various errors.

This method calls checkPermission with the RuntimePermission("exitVM."+status) permission.

If you override this method, then you should make a call to super.checkExit at the point the overridden method would normally throw an exception.

Parameters:
status the exit status.
Throws:
SecurityException if the calling thread does not have permission to halt the Java Virtual Machine with the specified status.
See also:
Runtime.exit(int) exit
checkPermission(java.security.Permission) checkPermission
759
 
760
     public void checkExit(int status) {
761
         checkPermission(new RuntimePermission("exitVM."+status));
762
     }

    
Throws a SecurityException if the calling thread is not allowed to create a subprocess.

This method is invoked for the current security manager by the exec methods of class Runtime.

This method calls checkPermission with the FilePermission(cmd,"execute") permission if cmd is an absolute path, otherwise it calls checkPermission with FilePermission("<<ALL FILES>>","execute").

If you override this method, then you should make a call to super.checkExec at the point the overridden method would normally throw an exception.

Parameters:
cmd the specified system command.
Throws:
SecurityException if the calling thread does not have permission to create a subprocess.
NullPointerException if the cmd argument is null.
See also:
Runtime.exec(java.lang.String)
Runtime.exec(java.lang.String,java.lang.String[])
Runtime.exec(java.lang.String[])
Runtime.exec(java.lang.String[],java.lang.String[])
checkPermission(java.security.Permission) checkPermission
792
 
793
     public void checkExec(String cmd) {
794
         File f = new File(cmd);
795
         if (f.isAbsolute()) {
796
             checkPermission(new FilePermission(cmd,
797
                 .));
798
         } else {
799
             checkPermission(new FilePermission("<<ALL FILES>>",
800
                 .));
801
         }
802
     }

    
Throws a SecurityException if the calling thread is not allowed to dynamic link the library code specified by the string argument file. The argument is either a simple library name or a complete filename.

This method is invoked for the current security manager by methods load and loadLibrary of class Runtime.

This method calls checkPermission with the RuntimePermission("loadLibrary."+lib) permission.

If you override this method, then you should make a call to super.checkLink at the point the overridden method would normally throw an exception.

Parameters:
lib the name of the library.
Throws:
SecurityException if the calling thread does not have permission to dynamically link the library.
NullPointerException if the lib argument is null.
See also:
Runtime.load(java.lang.String)
Runtime.loadLibrary(java.lang.String)
checkPermission(java.security.Permission) checkPermission
830
 
831
     public void checkLink(String lib) {
832
         if (lib == null) {
833
             throw new NullPointerException("library can't be null");
834
         }
835
         checkPermission(new RuntimePermission("loadLibrary."+lib));
836
     }

    
Throws a SecurityException if the calling thread is not allowed to read from the specified file descriptor.

This method calls checkPermission with the RuntimePermission("readFileDescriptor") permission.

If you override this method, then you should make a call to super.checkRead at the point the overridden method would normally throw an exception.

Parameters:
fd the system-dependent file descriptor.
Throws:
SecurityException if the calling thread does not have permission to access the specified file descriptor.
NullPointerException if the file descriptor argument is null.
See also:
java.io.FileDescriptor
checkPermission(java.security.Permission) checkPermission
859
 
860
     public void checkRead(FileDescriptor fd) {
861
         if (fd == null) {
862
             throw new NullPointerException("file descriptor can't be null");
863
         }
864
         checkPermission(new RuntimePermission("readFileDescriptor"));
865
     }

    
Throws a SecurityException if the calling thread is not allowed to read the file specified by the string argument.

This method calls checkPermission with the FilePermission(file,"read") permission.

If you override this method, then you should make a call to super.checkRead at the point the overridden method would normally throw an exception.

Parameters:
file the system-dependent file name.
Throws:
SecurityException if the calling thread does not have permission to access the specified file.
NullPointerException if the file argument is null.
See also:
checkPermission(java.security.Permission) checkPermission
886
 
887
     public void checkRead(String file) {
888
         checkPermission(new FilePermission(file,
889
             .));
890
     }

    
Throws a SecurityException if the specified security context is not allowed to read the file specified by the string argument. The context must be a security context returned by a previous call to getSecurityContext.

If context is an instance of AccessControlContext then the AccessControlContext.checkPermission method will be invoked with the FilePermission(file,"read") permission.

If context is not an instance of AccessControlContext then a SecurityException is thrown.

If you override this method, then you should make a call to super.checkRead at the point the overridden method would normally throw an exception.

Parameters:
file the system-dependent filename.
context a system-dependent security context.
Throws:
SecurityException if the specified security context is not an instance of AccessControlContext (e.g., is null), or does not have permission to read the specified file.
NullPointerException if the file argument is null.
See also:
getSecurityContext()
java.security.AccessControlContext.checkPermission(java.security.Permission)
921
 
922
     public void checkRead(String fileObject context) {
923
         checkPermission(
924
             new FilePermission(file.),
925
             context);
926
     }

    
Throws a SecurityException if the calling thread is not allowed to write to the specified file descriptor.

This method calls checkPermission with the RuntimePermission("writeFileDescriptor") permission.

If you override this method, then you should make a call to super.checkWrite at the point the overridden method would normally throw an exception.

Parameters:
fd the system-dependent file descriptor.
Throws:
SecurityException if the calling thread does not have permission to access the specified file descriptor.
NullPointerException if the file descriptor argument is null.
See also:
java.io.FileDescriptor
checkPermission(java.security.Permission) checkPermission
949
 
950
     public void checkWrite(FileDescriptor fd) {
951
         if (fd == null) {
952
             throw new NullPointerException("file descriptor can't be null");
953
         }
954
         checkPermission(new RuntimePermission("writeFileDescriptor"));
955
 
956
     }

    
Throws a SecurityException if the calling thread is not allowed to write to the file specified by the string argument.

This method calls checkPermission with the FilePermission(file,"write") permission.

If you override this method, then you should make a call to super.checkWrite at the point the overridden method would normally throw an exception.

Parameters:
file the system-dependent filename.
Throws:
SecurityException if the calling thread does not have permission to access the specified file.
NullPointerException if the file argument is null.
See also:
checkPermission(java.security.Permission) checkPermission
977
 
978
     public void checkWrite(String file) {
979
         checkPermission(new FilePermission(file,
980
             .));
981
     }

    
Throws a SecurityException if the calling thread is not allowed to delete the specified file.

This method is invoked for the current security manager by the delete method of class File.

This method calls checkPermission with the FilePermission(file,"delete") permission.

If you override this method, then you should make a call to super.checkDelete at the point the overridden method would normally throw an exception.

Parameters:
file the system-dependent filename.
Throws:
SecurityException if the calling thread does not have permission to delete the file.
NullPointerException if the file argument is null.
See also:
java.io.File.delete()
checkPermission(java.security.Permission) checkPermission
1006
    public void checkDelete(String file) {
1007
        checkPermission(new FilePermission(file,
1008
            .));
1009
    }

    
Throws a SecurityException if the calling thread is not allowed to open a socket connection to the specified host and port number.

A port number of -1 indicates that the calling method is attempting to determine the IP address of the specified host name.

This method calls checkPermission with the SocketPermission(host+":"+port,"connect") permission if the port is not equal to -1. If the port is equal to -1, then it calls checkPermission with the SocketPermission(host,"resolve") permission.

If you override this method, then you should make a call to super.checkConnect at the point the overridden method would normally throw an exception.

Parameters:
host the host name port to connect to.
port the protocol port to connect to.
Throws:
SecurityException if the calling thread does not have permission to open a socket connection to the specified host and port.
NullPointerException if the host argument is null.
See also:
checkPermission(java.security.Permission) checkPermission
1040
    public void checkConnect(String hostint port) {
1041
        if (host == null) {
1042
            throw new NullPointerException("host can't be null");
1043
        }
1044
        if (!host.startsWith("[") && host.indexOf(':') != -1) {
1045
            host = "[" + host + "]";
1046
        }
1047
        if (port == -1) {
1048
            checkPermission(new SocketPermission(host,
1049
                .));
1050
        } else {
1051
            checkPermission(new SocketPermission(host+":"+port,
1052
                .));
1053
        }
1054
    }

    
Throws a SecurityException if the specified security context is not allowed to open a socket connection to the specified host and port number.

A port number of -1 indicates that the calling method is attempting to determine the IP address of the specified host name.

If context is not an instance of AccessControlContext then a SecurityException is thrown.

Otherwise, the port number is checked. If it is not equal to -1, the context's checkPermission method is called with a SocketPermission(host+":"+port,"connect") permission. If the port is equal to -1, then the context's checkPermission method is called with a SocketPermission(host,"resolve") permission.

If you override this method, then you should make a call to super.checkConnect at the point the overridden method would normally throw an exception.

Parameters:
host the host name port to connect to.
port the protocol port to connect to.
context a system-dependent security context.
Throws:
SecurityException if the specified security context is not an instance of AccessControlContext (e.g., is null), or does not have permission to open a socket connection to the specified host and port.
NullPointerException if the host argument is null.
See also:
getSecurityContext()
java.security.AccessControlContext.checkPermission(java.security.Permission)
1095
    public void checkConnect(String hostint portObject context) {
1096
        if (host == null) {
1097
            throw new NullPointerException("host can't be null");
1098
        }
1099
        if (!host.startsWith("[") && host.indexOf(':') != -1) {
1100
            host = "[" + host + "]";
1101
        }
1102
        if (port == -1)
1103
            checkPermission(new SocketPermission(host,
1104
                .),
1105
                context);
1106
        else
1107
            checkPermission(new SocketPermission(host+":"+port,
1108
                .),
1109
                context);
1110
    }

    
Throws a SecurityException if the calling thread is not allowed to wait for a connection request on the specified local port number.

If port is not 0, this method calls checkPermission with the SocketPermission("localhost:"+port,"listen"). If port is zero, this method calls checkPermission with SocketPermission("localhost:1024-","listen").

If you override this method, then you should make a call to super.checkListen at the point the overridden method would normally throw an exception.

Parameters:
port the local port.
Throws:
SecurityException if the calling thread does not have permission to listen on the specified port.
See also:
checkPermission(java.security.Permission) checkPermission
1133
    public void checkListen(int port) {
1134
        if (port == 0) {
1136
        } else {
1137
            checkPermission(new SocketPermission("localhost:"+port,
1138
                .));
1139
        }
1140
    }

    
Throws a SecurityException if the calling thread is not permitted to accept a socket connection from the specified host and port number.

This method is invoked for the current security manager by the accept method of class ServerSocket.

This method calls checkPermission with the SocketPermission(host+":"+port,"accept") permission.

If you override this method, then you should make a call to super.checkAccept at the point the overridden method would normally throw an exception.

Parameters:
host the host name of the socket connection.
port the port number of the socket connection.
Throws:
SecurityException if the calling thread does not have permission to accept the connection.
NullPointerException if the host argument is null.
See also:
java.net.ServerSocket.accept()
checkPermission(java.security.Permission) checkPermission
1167
    public void checkAccept(String hostint port) {
1168
        if (host == null) {
1169
            throw new NullPointerException("host can't be null");
1170
        }
1171
        if (!host.startsWith("[") && host.indexOf(':') != -1) {
1172
            host = "[" + host + "]";
1173
        }
1174
        checkPermission(new SocketPermission(host+":"+port,
1175
            .));
1176
    }

    
Throws a SecurityException if the calling thread is not allowed to use (join/leave/send/receive) IP multicast.

This method calls checkPermission with the java.net.SocketPermission(maddr.getHostAddress(), "accept,connect") permission.

If you override this method, then you should make a call to super.checkMulticast at the point the overridden method would normally throw an exception.

Parameters:
maddr Internet group address to be used.
Throws:
SecurityException if the calling thread is not allowed to use (join/leave/send/receive) IP multicast.
NullPointerException if the address argument is null.
Since:
JDK1.1
See also:
checkPermission(java.security.Permission) checkPermission
1200
    public void checkMulticast(InetAddress maddr) {
1201
        String host = maddr.getHostAddress();
1202
        if (!host.startsWith("[") && host.indexOf(':') != -1) {
1203
            host = "[" + host + "]";
1204
        }
1205
        checkPermission(new SocketPermission(host,
1207
    }

    
Throws a SecurityException if the calling thread is not allowed to use (join/leave/send/receive) IP multicast.

This method calls checkPermission with the java.net.SocketPermission(maddr.getHostAddress(), "accept,connect") permission.

If you override this method, then you should make a call to super.checkMulticast at the point the overridden method would normally throw an exception.

Deprecated:
Use .checkPermission(java.security.Permission) instead
Parameters:
maddr Internet group address to be used.
ttl value in use, if it is multicast send. Note: this particular implementation does not use the ttl parameter.
Throws:
SecurityException if the calling thread is not allowed to use (join/leave/send/receive) IP multicast.
NullPointerException if the address argument is null.
Since:
JDK1.1
See also:
checkPermission(java.security.Permission) checkPermission
1236
    public void checkMulticast(InetAddress maddrbyte ttl) {
1237
        String host = maddr.getHostAddress();
1238
        if (!host.startsWith("[") && host.indexOf(':') != -1) {
1239
            host = "[" + host + "]";
1240
        }
1241
        checkPermission(new SocketPermission(host,
1243
    }

    
Throws a SecurityException if the calling thread is not allowed to access or modify the system properties.

This method is used by the getProperties and setProperties methods of class System.

This method calls checkPermission with the PropertyPermission("*", "read,write") permission.

If you override this method, then you should make a call to super.checkPropertiesAccess at the point the overridden method would normally throw an exception.

Throws:
SecurityException if the calling thread does not have permission to access or modify the system properties.
See also:
System.getProperties()
System.setProperties(java.util.Properties)
checkPermission(java.security.Permission) checkPermission
1268
    public void checkPropertiesAccess() {
1269
        checkPermission(new PropertyPermission("*",
1270
            .));
1271
    }

    
Throws a SecurityException if the calling thread is not allowed to access the system property with the specified key name.

This method is used by the getProperty method of class System.

This method calls checkPermission with the PropertyPermission(key, "read") permission.

If you override this method, then you should make a call to super.checkPropertyAccess at the point the overridden method would normally throw an exception.

Parameters:
key a system property key.
Throws:
SecurityException if the calling thread does not have permission to access the specified system property.
NullPointerException if the key argument is null.
IllegalArgumentException if key is empty.
See also:
System.getProperty(java.lang.String)
checkPermission(java.security.Permission) checkPermission
1301
    public void checkPropertyAccess(String key) {
1302
        checkPermission(new PropertyPermission(key,
1303
            .));
1304
    }

    
Returns false if the calling thread is not trusted to bring up the top-level window indicated by the window argument. In this case, the caller can still decide to show the window, but the window should include some sort of visual warning. If the method returns true, then the window can be shown without any special restrictions.

See class Window for more information on trusted and untrusted windows.

This method calls checkPermission with the AWTPermission("showWindowWithoutWarningBanner") permission, and returns true if a SecurityException is not thrown, otherwise it returns false.

If you override this method, then you should make a call to super.checkTopLevelWindow at the point the overridden method would normally return false, and the value of super.checkTopLevelWindow should be returned.

Parameters:
window the new window that is being created.
Returns:
true if the calling thread is trusted to put up top-level windows; false otherwise.
Throws:
NullPointerException if the window argument is null.
See also:
java.awt.Window
checkPermission(java.security.Permission) checkPermission
1339
    public boolean checkTopLevelWindow(Object window) {
1340
        if (window == null) {
1341
            throw new NullPointerException("window can't be null");
1342
        }
1343
        try {
1345
            return true;
1346
        } catch (SecurityException se) {
1347
            // just return false
1348
        }
1349
        return false;
1350
    }

    
Throws a SecurityException if the calling thread is not allowed to initiate a print job request.

This method calls checkPermission with the RuntimePermission("queuePrintJob") permission.

If you override this method, then you should make a call to super.checkPrintJobAccess at the point the overridden method would normally throw an exception.

Throws:
SecurityException if the calling thread does not have permission to initiate a print job request.
Since:
JDK1.1
See also:
checkPermission(java.security.Permission) checkPermission
1371
    public void checkPrintJobAccess() {
1372
        checkPermission(new RuntimePermission("queuePrintJob"));
1373
    }

    
Throws a SecurityException if the calling thread is not allowed to access the system clipboard.

This method calls checkPermission with the AWTPermission("accessClipboard") permission.

If you override this method, then you should make a call to super.checkSystemClipboardAccess at the point the overridden method would normally throw an exception.

Throws:
SecurityException if the calling thread does not have permission to access the system clipboard.
Since:
JDK1.1
See also:
checkPermission(java.security.Permission) checkPermission
1393
    public void checkSystemClipboardAccess() {
1395
    }

    
Throws a SecurityException if the calling thread is not allowed to access the AWT event queue.

This method calls checkPermission with the AWTPermission("accessEventQueue") permission.

If you override this method, then you should make a call to super.checkAwtEventQueueAccess at the point the overridden method would normally throw an exception.

Throws:
SecurityException if the calling thread does not have permission to access the AWT event queue.
Since:
JDK1.1
See also:
checkPermission(java.security.Permission) checkPermission
1414
    public void checkAwtEventQueueAccess() {
1416
    }
1418
    /*
1419
     * We have an initial invalid bit (initially false) for the class
1420
     * variables which tell if the cache is valid.  If the underlying
1421
     * java.security.Security property changes via setProperty(), the
1422
     * Security class uses reflection to change the variable and thus
1423
     * invalidate the cache.
1424
     *
1425
     * Locking is handled by synchronization to the
1426
     * packageAccessLock/packageDefinitionLock objects.  They are only
1427
     * used in this class.
1428
     *
1429
     * Note that cache invalidation as a result of the property change
1430
     * happens without using these locks, so there may be a delay between
1431
     * when a thread updates the property and when other threads updates
1432
     * the cache.
1433
     */
1434
    private static boolean packageAccessValid = false;
1435
    private static String[] packageAccess;
1436
    private static final Object packageAccessLock = new Object();
1438
    private static boolean packageDefinitionValid = false;
1439
    private static String[] packageDefinition;
1440
    private static final Object packageDefinitionLock = new Object();
1442
    private static String[] getPackages(String p) {
1443
        String packages[] = null;
1444
        if (p != null && !p.equals("")) {
1445
            java.util.StringTokenizer tok =
1446
                new java.util.StringTokenizer(p",");
1447
            int n = tok.countTokens();
1448
            if (n > 0) {
1449
                packages = new String[n];
1450
                int i = 0;
1451
                while (tok.hasMoreElements()) {
1452
                    String s = tok.nextToken().trim();
1453
                    packages[i++] = s;
1454
                }
1455
            }
1456
        }
1458
        if (packages == null)
1459
            packages = new String[0];
1460
        return packages;
1461
    }

    
Throws a SecurityException if the calling thread is not allowed to access the package specified by the argument.

This method is used by the loadClass method of class loaders.

This method first gets a list of restricted packages by obtaining a comma-separated list from a call to java.security.Security.getProperty("package.access"), and checks to see if pkg starts with or equals any of the restricted packages. If it does, then checkPermission gets called with the RuntimePermission("accessClassInPackage."+pkg) permission.

If this method is overridden, then super.checkPackageAccess should be called as the first line in the overridden method.

Parameters:
pkg the package name.
Throws:
SecurityException if the calling thread does not have permission to access the specified package.
NullPointerException if the package name argument is null.
See also:
ClassLoader.loadClass(java.lang.String,boolean) loadClass
java.security.Security.getProperty(java.lang.String) getProperty
checkPermission(java.security.Permission) checkPermission
1495
    public void checkPackageAccess(String pkg) {
1496
        if (pkg == null) {
1497
            throw new NullPointerException("package name can't be null");
1498
        }
1500
        String[] pkgs;
1501
        synchronized () {
1502
            /*
1503
             * Do we need to update our property array?
1504
             */
1505
            if (!) {
1506
                String tmpPropertyStr =
1507
                    AccessController.doPrivileged(
1508
                        new PrivilegedAction<String>() {
1509
                            public String run() {
1510
                                return java.security.Security.getProperty(
1511
                                    "package.access");
1512
                            }
1513
                        }
1514
                    );
1515
                 = getPackages(tmpPropertyStr);
1516
                 = true;
1517
            }
1519
            // Using a snapshot of packageAccess -- don't care if static field
1520
            // changes afterwards; array contents won't change.
1521
            pkgs = ;
1522
        }
1524
        /*
1525
         * Traverse the list of packages, check for any matches.
1526
         */
1527
        for (int i = 0; i < pkgs.lengthi++) {
1528
            if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1529
                checkPermission(
1530
                    new RuntimePermission("accessClassInPackage."+pkg));
1531
                break;  // No need to continue; only need to check this once
1532
            }
1533
        }
1534
    }

    
Throws a SecurityException if the calling thread is not allowed to define classes in the package specified by the argument.

This method is used by the loadClass method of some class loaders.

This method first gets a list of restricted packages by obtaining a comma-separated list from a call to java.security.Security.getProperty("package.definition"), and checks to see if pkg starts with or equals any of the restricted packages. If it does, then checkPermission gets called with the RuntimePermission("defineClassInPackage."+pkg) permission.

If this method is overridden, then super.checkPackageDefinition should be called as the first line in the overridden method.

Parameters:
pkg the package name.
Throws:
SecurityException if the calling thread does not have permission to define classes in the specified package.
See also:
ClassLoader.loadClass(java.lang.String,boolean)
java.security.Security.getProperty(java.lang.String) getProperty
checkPermission(java.security.Permission) checkPermission
1564
    public void checkPackageDefinition(String pkg) {
1565
        if (pkg == null) {
1566
            throw new NullPointerException("package name can't be null");
1567
        }
1569
        String[] pkgs;
1570
        synchronized () {
1571
            /*
1572
             * Do we need to update our property array?
1573
             */
1574
            if (!) {
1575
                String tmpPropertyStr =
1576
                    AccessController.doPrivileged(
1577
                        new PrivilegedAction<String>() {
1578
                            public String run() {
1579
                                return java.security.Security.getProperty(
1580
                                    "package.definition");
1581
                            }
1582
                        }
1583
                    );
1584
                 = getPackages(tmpPropertyStr);
1585
                 = true;
1586
            }
1587
            // Using a snapshot of packageDefinition -- don't care if static
1588
            // field changes afterwards; array contents won't change.
1589
            pkgs = ;
1590
        }
1592
        /*
1593
         * Traverse the list of packages, check for any matches.
1594
         */
1595
        for (int i = 0; i < pkgs.lengthi++) {
1596
            if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1597
                checkPermission(
1598
                    new RuntimePermission("defineClassInPackage."+pkg));
1599
                break// No need to continue; only need to check this once
1600
            }
1601
        }
1602
    }

    
Throws a SecurityException if the calling thread is not allowed to set the socket factory used by ServerSocket or Socket, or the stream handler factory used by URL.

This method calls checkPermission with the RuntimePermission("setFactory") permission.

If you override this method, then you should make a call to super.checkSetFactory at the point the overridden method would normally throw an exception.

Throws:
SecurityException if the calling thread does not have permission to specify a socket factory or a stream handler factory.
See also:
java.net.ServerSocket.setSocketFactory(java.net.SocketImplFactory) setSocketFactory
java.net.Socket.setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory
java.net.URL.setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory
checkPermission(java.security.Permission) checkPermission
1628
    public void checkSetFactory() {
1629
        checkPermission(new RuntimePermission("setFactory"));
1630
    }

    
Throws a SecurityException if the calling thread is not allowed to access members.

The default policy is to allow access to PUBLIC members, as well as access to classes that have the same class loader as the caller. In all other cases, this method calls checkPermission with the RuntimePermission("accessDeclaredMembers") permission.

If this method is overridden, then a call to super.checkMemberAccess cannot be made, as the default implementation of checkMemberAccess relies on the code being checked being at a stack depth of 4.

Parameters:
clazz the class that reflection is to be performed on.
which type of access, PUBLIC or DECLARED.
Throws:
SecurityException if the caller does not have permission to access members.
NullPointerException if the clazz argument is null.
Since:
JDK1.1
See also:
java.lang.reflect.Member
checkPermission(java.security.Permission) checkPermission
1660
    public void checkMemberAccess(Class<?> clazzint which) {
1661
        if (clazz == null) {
1662
            throw new NullPointerException("class can't be null");
1663
        }
1664
        if (which != .) {
1665
            Class stack[] = getClassContext();
1666
            /*
1667
             * stack depth of 4 should be the caller of one of the
1668
             * methods in java.lang.Class that invoke checkMember
1669
             * access. The stack should look like:
1670
             *
1671
             * someCaller                        [3]
1672
             * java.lang.Class.someReflectionAPI [2]
1673
             * java.lang.Class.checkMemberAccess [1]
1674
             * SecurityManager.checkMemberAccess [0]
1675
             *
1676
             */
1677
            if ((stack.length<4) ||
1678
                (stack[3].getClassLoader() != clazz.getClassLoader())) {
1680
            }
1681
        }
1682
    }

    
Determines whether the permission with the specified permission target name should be granted or denied.

If the requested permission is allowed, this method returns quietly. If denied, a SecurityException is raised.

This method creates a SecurityPermission object for the given permission target name and calls checkPermission with it.

See the documentation for java.security.SecurityPermission for a list of possible permission target names.

If you override this method, then you should make a call to super.checkSecurityAccess at the point the overridden method would normally throw an exception.

Parameters:
target the target name of the SecurityPermission.
Throws:
SecurityException if the calling thread does not have permission for the requested access.
NullPointerException if target is null.
IllegalArgumentException if target is empty.
Since:
JDK1.1
See also:
checkPermission(java.security.Permission) checkPermission
1714
    public void checkSecurityAccess(String target) {
1715
        checkPermission(new SecurityPermission(target));
1716
    }
1718
    private native Class currentLoadedClass0();

    
Returns the thread group into which to instantiate any new thread being created at the time this is being called. By default, it returns the thread group of the current thread. This should be overridden by a specific security manager to return the appropriate thread group.

Returns:
ThreadGroup that new threads are instantiated into
Since:
JDK1.1
See also:
ThreadGroup
1731
    public ThreadGroup getThreadGroup() {
1732
        return Thread.currentThread().getThreadGroup();
1733
    }
New to GrepCode? Check out our FAQ X