Package org.apache.axis2.java.security

Class AccessController

java.lang.Object
org.apache.axis2.java.security.AccessController
public class AccessController extends Object
This utility wrapper class is created to support AXIS2 runs inside of Java 2 Security environment. Due to the access control checking algorithm, for Java 2 Security to function properly, doPrivileged() is required in cases where there is application code on the stack frame accessing the system resources (ie, read/write files, opening ports, and etc). This class also improve performance no matther Security Manager is being enabled or not.

Note: This utility should be used properly, otherwise might introduce security holes.

Usage Example: public void changePassword() { ... AccessController.doPrivileged(new PrivilegedAction() { public Object run() { f = Util.openPasswordFile(); ...

} }); ... }

  • Method Details

    • doPrivileged

      public static <T> T doPrivileged(PrivilegedAction<T> action)
      Performs the specified PrivilegedAction with privileges enabled if a security manager is present.

      If the action's run method throws an (unchecked) exception, it will propagate through this method.

      Parameters:
      action - the action to be performed.
      Returns:
      the value returned by the action's run method.
      See Also:

    • doPrivileged

      public static <T> T doPrivileged(PrivilegedAction<T> action, AccessControlContext context)
      Performs the specified PrivilegedAction with privileges enabled and restricted by the specified AccessControlContext. The action is performed with the intersection of the permissions possessed by the caller's protection domain, and those possessed by the domains represented by the specified AccessControlContext if a security manager is present.

      If the action's run method throws an (unchecked) exception, it will propagate through this method.

      Parameters:
      action - the action to be performed.
      context - an access control context representing the restriction to be applied to the caller's domain's privileges before performing the specified action.
      Returns:
      the value returned by the action's run method.
      See Also:

    • doPrivileged

      public static <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
      Performs the specified PrivilegedExceptionAction with privileges enabled. The action is performed with all of the permissions possessed by the caller's protection domain.

      If the action's run method throws an unchecked exception, it will propagate through this method.

      Parameters:
      action - the action to be performed.
      Returns:
      the value returned by the action's run method.
      Throws:
      PrivilgedActionException - the specified action's run method threw a checked exception.
      PrivilegedActionException
      See Also:

    • doPrivileged

      public static <T> T doPrivileged(PrivilegedExceptionAction<T> action, AccessControlContext context) throws PrivilegedActionException
      Performs the specified PrivilegedExceptionAction with privileges enabled and restricted by the specified AccessControlContext. The action is performed with the intersection of the the permissions possessed by the caller's protection domain, and those possessed by the domains represented by the specified AccessControlContext.

      If the action's run method throws an unchecked exception, it will propagate through this method.

      Parameters:
      action - the action to be performed.
      context - an access control context representing the restriction to be applied to the caller's domain's privileges before performing the specified action.
      Returns:
      the value returned by the action's run method.
      Throws:
      PrivilegedActionException - the specified action's run method threw a checked exception.
      See Also:

    • getContext

      public static AccessControlContext getContext()
      This method takes a "snapshot" of the current calling context, which includes the current Thread's inherited AccessControlContext, and places it in an AccessControlContext object. This context may then be checked at a later point, possibly in another thread.
      Returns:
      the AccessControlContext based on the current context.
      See Also:

    • checkPermission

      public static void checkPermission(Permission perm) throws AccessControlException
      Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security policy currently in effect. This method quietly returns if the access request is permitted, or throws a suitable AccessControlException otherwise.
      Parameters:
      perm - the requested permission.
      Throws:
      AccessControlException - if the specified permission is not permitted, based on the current security policy.