• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Java AccessController

 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have recently started experimenting with java's security features.

I read quite a bit about method doPrivileged() in AccessController class , but I could not get its use.
The javadoc says that the caller of the code should have required permission , not the code which has doPrivileged() method.

For that I made a small infrastructure.

I created a service with the following method



Then I created another client class AccessTest.java to invoke this service. I have also made a policy file which is granting my client program all permissions , but have not granted any permissions to service class.Then I ran the AccessTest (my client program) with the security manager enabled.
But I got a AccessController exception.
why is that so ?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You're misunderstanding what doPrivileged does. It's not about things that one class can do that another cannot. It's about enabling a complete application (or rather, a particular code section in it) to do things that would otherwise be forbidden by the security manager. This section from the Security Guide might make it clearer.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:
It's about enabling a complete application (or rather, a particular code section in it)



What is complete application ?
Can you please give a small example regarding this.

So if I write a applet and write a code with system.exit() in it as previleged code , then will this code get required permissions to execute this action.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

What is complete application ?


In this context, the set of all classes that make up your applet (as opposed to differentiating between classes within the code base, which is what you wrere trying to do).

So if I write a applet and write a code with system.exit() in it as previleged code, then will this code get required permissions to execute this action.


That's easy to find out, isn't it? (No, it won't, it still needs to be signed.)
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Ulf.
Finally I figured out this stuff today.But still I find the javadoc for this to be bit cryptic.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a good article regarding this stuff.



People facing similar problem can check this link.
 
Who knew that furniture could be so violent? Put this tiny ad out there to see what happens:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic