Class AccessController


  • public class AccessController
    extends Object
    This utility wrapper class is created to support AXIS2 runs inside of Java 2 Security environment. Due to the access control checking algorithm, for Java 2 Security to function properly, doPrivileged() is required in cases where there is application code on the stack frame accessing the system resources (ie, read/write files, opening ports, and etc). This class also improve performance no matther Security Manager is being enabled or not.

    Note: This utility should be used properly, otherwise might introduce security holes.

    Usage Example: public void changePassword() { ... AccessController.doPrivileged(new PrivilegedAction() { public Object run() { f = Util.openPasswordFile(); ...

    } }); ... }

    • Method Detail

      • doPrivileged

        public static <T> T doPrivileged​(PrivilegedAction<T> action,
                                         AccessControlContext context)
        Performs the specified PrivilegedAction with privileges enabled and restricted by the specified AccessControlContext. The action is performed with the intersection of the permissions possessed by the caller's protection domain, and those possessed by the domains represented by the specified AccessControlContext if a security manager is present.

        If the action's run method throws an (unchecked) exception, it will propagate through this method.

        Parameters:
        action - the action to be performed.
        context - an access control context representing the restriction to be applied to the caller's domain's privileges before performing the specified action.
        Returns:
        the value returned by the action's run method.
        See Also:
        doPrivileged(PrivilegedAction), doPrivileged(PrivilegedExceptionAction,AccessControlContext)
      • doPrivileged

        public static <T> T doPrivileged​(PrivilegedExceptionAction<T> action,
                                         AccessControlContext context)
                                  throws PrivilegedActionException
        Performs the specified PrivilegedExceptionAction with privileges enabled and restricted by the specified AccessControlContext. The action is performed with the intersection of the the permissions possessed by the caller's protection domain, and those possessed by the domains represented by the specified AccessControlContext.

        If the action's run method throws an unchecked exception, it will propagate through this method.

        Parameters:
        action - the action to be performed.
        context - an access control context representing the restriction to be applied to the caller's domain's privileges before performing the specified action.
        Returns:
        the value returned by the action's run method.
        Throws:
        PrivilegedActionException - the specified action's run method threw a checked exception.
        See Also:
        doPrivileged(PrivilegedAction), doPrivileged(PrivilegedExceptionAction,AccessControlContext)
      • getContext

        public static AccessControlContext getContext()
        This method takes a "snapshot" of the current calling context, which includes the current Thread's inherited AccessControlContext, and places it in an AccessControlContext object. This context may then be checked at a later point, possibly in another thread.
        Returns:
        the AccessControlContext based on the current context.
        See Also:
        AccessControlContext
      • checkPermission

        public static void checkPermission​(Permission perm)
                                    throws AccessControlException
        Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security policy currently in effect. This method quietly returns if the access request is permitted, or throws a suitable AccessControlException otherwise.
        Parameters:
        perm - the requested permission.
        Throws:
        AccessControlException - if the specified permission is not permitted, based on the current security policy.