Package org.apache.axis2.java.security
Class AccessController
- java.lang.Object
-
- org.apache.axis2.java.security.AccessController
-
public class AccessController extends Object
This utility wrapper class is created to support AXIS2 runs inside of Java 2 Security environment. Due to the access control checking algorithm, for Java 2 Security to function properly,doPrivileged()is required in cases where there is application code on the stack frame accessing the system resources (ie, read/write files, opening ports, and etc). This class also improve performance no matther Security Manager is being enabled or not. Note: This utility should be used properly, otherwise might introduce security holes. Usage Example:public void changePassword() { ... AccessController.doPrivileged(new PrivilegedAction() { public Object run() { f = Util.openPasswordFile(); ... } }); ... }
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static voidcheckPermission(Permission perm)Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security policy currently in effect.static <T> TdoPrivileged(PrivilegedAction<T> action)Performs the specifiedPrivilegedActionwith privileges enabled if a security manager is present.static <T> TdoPrivileged(PrivilegedAction<T> action, AccessControlContext context)Performs the specifiedPrivilegedActionwith privileges enabled and restricted by the specifiedAccessControlContext.static <T> TdoPrivileged(PrivilegedExceptionAction<T> action)Performs the specifiedPrivilegedExceptionActionwith privileges enabled.static <T> TdoPrivileged(PrivilegedExceptionAction<T> action, AccessControlContext context)Performs the specifiedPrivilegedExceptionActionwith privileges enabled and restricted by the specifiedAccessControlContext.static AccessControlContextgetContext()This method takes a "snapshot" of the current calling context, which includes the current Thread's inherited AccessControlContext, and places it in an AccessControlContext object.
-
-
-
Method Detail
-
doPrivileged
public static <T> T doPrivileged(PrivilegedAction<T> action)
Performs the specifiedPrivilegedActionwith privileges enabled if a security manager is present. If the action'srunmethod throws an (unchecked) exception, it will propagate through this method.- Parameters:
action- the action to be performed.- Returns:
- the value returned by the action's
runmethod. - See Also:
doPrivileged(PrivilegedAction,AccessControlContext),doPrivileged(PrivilegedExceptionAction)
-
doPrivileged
public static <T> T doPrivileged(PrivilegedAction<T> action, AccessControlContext context)
Performs the specifiedPrivilegedActionwith privileges enabled and restricted by the specifiedAccessControlContext. The action is performed with the intersection of the permissions possessed by the caller's protection domain, and those possessed by the domains represented by the specifiedAccessControlContextif a security manager is present. If the action'srunmethod throws an (unchecked) exception, it will propagate through this method.- Parameters:
action- the action to be performed.context- an access control context representing the restriction to be applied to the caller's domain's privileges before performing the specified action.- Returns:
- the value returned by the action's
runmethod. - See Also:
doPrivileged(PrivilegedAction),doPrivileged(PrivilegedExceptionAction,AccessControlContext)
-
doPrivileged
public static <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
Performs the specifiedPrivilegedExceptionActionwith privileges enabled. The action is performed with all of the permissions possessed by the caller's protection domain. If the action'srunmethod throws an unchecked exception, it will propagate through this method.- Parameters:
action- the action to be performed.- Returns:
- the value returned by the action's
runmethod. - Throws:
PrivilgedActionException- the specified action'srunmethod threw a checked exception.PrivilegedActionException- See Also:
doPrivileged(PrivilegedExceptionAction,AccessControlContext),doPrivileged(PrivilegedAction)
-
doPrivileged
public static <T> T doPrivileged(PrivilegedExceptionAction<T> action, AccessControlContext context) throws PrivilegedActionException
Performs the specifiedPrivilegedExceptionActionwith privileges enabled and restricted by the specifiedAccessControlContext. The action is performed with the intersection of the the permissions possessed by the caller's protection domain, and those possessed by the domains represented by the specifiedAccessControlContext. If the action'srunmethod throws an unchecked exception, it will propagate through this method.- Parameters:
action- the action to be performed.context- an access control context representing the restriction to be applied to the caller's domain's privileges before performing the specified action.- Returns:
- the value returned by the action's
runmethod. - Throws:
PrivilegedActionException- the specified action'srunmethod threw a checked exception.- See Also:
doPrivileged(PrivilegedAction),doPrivileged(PrivilegedExceptionAction,AccessControlContext)
-
getContext
public static AccessControlContext getContext()
This method takes a "snapshot" of the current calling context, which includes the current Thread's inherited AccessControlContext, and places it in an AccessControlContext object. This context may then be checked at a later point, possibly in another thread.- Returns:
- the AccessControlContext based on the current context.
- See Also:
AccessControlContext
-
checkPermission
public static void checkPermission(Permission perm) throws AccessControlException
Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security policy currently in effect. This method quietly returns if the access request is permitted, or throws a suitable AccessControlException otherwise.- Parameters:
perm- the requested permission.- Throws:
AccessControlException- if the specified permission is not permitted, based on the current security policy.
-
-