1 *java.lang.SecurityManager* *SecurityManager* The security manager is a class th
3 public class SecurityManager
4 extends |java.lang.Object|
6 |java.lang.SecurityManager_Description|
7 |java.lang.SecurityManager_Fields|
8 |java.lang.SecurityManager_Constructors|
9 |java.lang.SecurityManager_Methods|
11 ================================================================================
13 *java.lang.SecurityManager_Fields*
14 |boolean_java.lang.SecurityManager.inCheck|
16 *java.lang.SecurityManager_Constructors*
17 |java.lang.SecurityManager()|Constructs a new SecurityManager.
19 *java.lang.SecurityManager_Methods*
20 |java.lang.SecurityManager.checkAccept(String,int)|Throws a SecurityException i
21 |java.lang.SecurityManager.checkAccess(Thread)|Throws a SecurityException if th
22 |java.lang.SecurityManager.checkAccess(ThreadGroup)|Throws a SecurityException
23 |java.lang.SecurityManager.checkAwtEventQueueAccess()|Throws a SecurityExceptio
24 |java.lang.SecurityManager.checkConnect(String,int)|Throws a SecurityException
25 |java.lang.SecurityManager.checkConnect(String,int,Object)|Throws a SecurityExc
26 |java.lang.SecurityManager.checkCreateClassLoader()|Throws a SecurityException
27 |java.lang.SecurityManager.checkDelete(String)|Throws a SecurityException if th
28 |java.lang.SecurityManager.checkExec(String)|Throws a SecurityException if the
29 |java.lang.SecurityManager.checkExit(int)|Throws a SecurityException if the c
30 |java.lang.SecurityManager.checkLink(String)|Throws a SecurityException if the
31 |java.lang.SecurityManager.checkListen(int)|Throws a SecurityException if the
32 |java.lang.SecurityManager.checkMemberAccess(Class,int)|Throws a SecurityExcept
33 |java.lang.SecurityManager.checkMulticast(InetAddress)|Throws a SecurityExcepti
34 |java.lang.SecurityManager.checkMulticast(InetAddress,byte)|Throws a SecurityEx
35 |java.lang.SecurityManager.checkPackageAccess(String)|Throws a SecurityExceptio
36 |java.lang.SecurityManager.checkPackageDefinition(String)|Throws a SecurityExce
37 |java.lang.SecurityManager.checkPermission(Permission)|Throws a SecurityExcepti
38 |java.lang.SecurityManager.checkPermission(Permission,Object)|Throws a Security
39 |java.lang.SecurityManager.checkPrintJobAccess()|Throws a SecurityException if
40 |java.lang.SecurityManager.checkPropertiesAccess()|Throws a SecurityException i
41 |java.lang.SecurityManager.checkPropertyAccess(String)|Throws a SecurityExcepti
42 |java.lang.SecurityManager.checkRead(FileDescriptor)|Throws a SecurityException
43 |java.lang.SecurityManager.checkRead(String)|Throws a SecurityException if the
44 |java.lang.SecurityManager.checkRead(String,Object)|Throws a SecurityException
45 |java.lang.SecurityManager.checkSecurityAccess(String)|Determines whether the p
46 |java.lang.SecurityManager.checkSetFactory()|Throws a SecurityException if the
47 |java.lang.SecurityManager.checkSystemClipboardAccess()|Throws a SecurityExcept
48 |java.lang.SecurityManager.checkTopLevelWindow(Object)|Returns false if the cal
49 |java.lang.SecurityManager.checkWrite(FileDescriptor)|Throws a SecurityExceptio
50 |java.lang.SecurityManager.checkWrite(String)|Throws a SecurityException if the
51 |java.lang.SecurityManager.classDepth(String)|Returns the stack depth of the sp
52 |java.lang.SecurityManager.classLoaderDepth()|Returns the stack depth of the mo
53 |java.lang.SecurityManager.currentClassLoader()|Returns the class loader of the
54 |java.lang.SecurityManager.currentLoadedClass()|Returns the class of the most r
55 |java.lang.SecurityManager.getClassContext()|Returns the current execution stac
56 |java.lang.SecurityManager.getInCheck()|Tests if there is a security check in p
57 |java.lang.SecurityManager.getSecurityContext()|Creates an object that encapsul
58 |java.lang.SecurityManager.getThreadGroup()|Returns the thread group into which
59 |java.lang.SecurityManager.inClass(String)|Tests if a method from a class with
60 |java.lang.SecurityManager.inClassLoader()|Basically, tests if a method from a
62 *java.lang.SecurityManager_Description*
64 The security manager is a class that allows applications to implement a
65 security policy. It allows an application to determine, before performing a
66 possibly unsafe or sensitive operation, what the operation is and whether it is
67 being attempted in a security context that allows the operation to be
68 performed. The application can allow or disallow the operation.
70 The SecurityManager class contains many methods with names that begin with the
71 word check. These methods are called by various methods in the Java libraries
72 before those methods perform certain potentially sensitive operations. The
73 invocation of such a check method typically looks like this:
75 SecurityManager security = System.getSecurityManager(); if (security != null) {
76 security.checkXXX(argument, ...); }
78 The security manager is thereby given an opportunity to prevent completion of
79 the operation by throwing an exception. A security manager routine simply
80 returns if the operation is permitted, but throws a SecurityException if the
81 operation is not permitted. The only exception to this convention is
82 checkTopLevelWindow, which returns a boolean value.
84 The current security manager is set by the setSecurityManager method in class
85 System. The current security manager is obtained by the getSecurityManager
88 The special method (|java.lang.SecurityManager|) determines whether an access
89 request indicated by a specified permission should be granted or denied. The
90 default implementation calls
94 AccessController.checkPermission(perm);
96 If a requested access is allowed, checkPermission returns quietly. If denied, a
97 SecurityException is thrown.
99 As of Java 2 SDK v1.2, the default implementation of each of the other check
100 methods in SecurityManager is to call the SecurityManager checkPermission
101 method to determine if the calling thread has permission to perform the
104 Note that the checkPermission method with just a single permission argument
105 always performs security checks within the context of the currently executing
106 thread. Sometimes a security check that should be made within a given context
107 will actually need to be done from within a different context (for example,
108 from within a worker thread). The
109 getSecurityContext(|java.lang.SecurityManager|) method and the
110 checkPermission(|java.lang.SecurityManager|) method that includes a context
111 argument are provided for this situation. The getSecurityContext method returns
112 a "snapshot" of the current calling context. (The default implementation
113 returns an AccessControlContext object.) A sample call is the following:
117 Object context = null; SecurityManager sm = System.getSecurityManager(); if (sm
118 != null) context = sm.getSecurityContext();
122 The checkPermission method that takes a context object in addition to a
123 permission makes access decisions based on that context, rather than on that of
124 the current execution thread. Code within a different context can thus call
125 that method, passing the permission and the previously-saved context object. A
126 sample call, using the SecurityManager sm obtained as in the previous example,
131 if (sm != null) sm.checkPermission(permission, context);
135 Permissions fall into these categories: File, Socket, Net, Security, Runtime,
136 Property, AWT, Reflect, and Serializable. The classes managing these various
137 permission categories are java.io.FilePermission, java.net.SocketPermission,
138 java.net.NetPermission, java.security.SecurityPermission,
139 java.lang.RuntimePermission, java.util.PropertyPermission,
140 java.awt.AWTPermission, java.lang.reflect.ReflectPermission, and
141 java.io.SerializablePermission.
143 All but the first two (FilePermission and SocketPermission) are subclasses of
144 java.security.BasicPermission, which itself is an abstract subclass of the
145 top-level class for permissions, which is java.security.Permission.
146 BasicPermission defines the functionality needed for all permissions that
147 contain a name that follows the hierarchical property naming convention (for
148 example, "exitVM", "setFactory", "queuePrintJob", etc). An asterisk may appear
149 at the end of the name, following a ".", or by itself, to signify a wildcard
150 match. For example: "a.*" or "*" is valid, "*a" or "a*b" is not valid.
152 FilePermission and SocketPermission are subclasses of the top-level class for
153 permissions (java.security.Permission). Classes like these that have a more
154 complicated name syntax than that used by BasicPermission subclass directly
155 from Permission rather than from BasicPermission. For example, for a
156 java.io.FilePermission object, the permission name is the path name of a file
159 Some of the permission classes have an "actions" list that tells the actions
160 that are permitted for the object. For example, for a java.io.FilePermission
161 object, the actions list (such as "read, write") specifies which actions are
162 granted for the specified file (or for files in the specified directory).
164 Other permission classes are for "named" permissions - ones that contain a name
165 but no actions list; you either have the named permission or you don't.
167 Note: There is also a java.security.AllPermission permission that implies all
168 permissions. It exists to simplify the work of system administrators who might
169 need to perform multiple tasks that require all (or numerous) permissions.
171 See Permissions in the JDK for permission-related information. This document
172 includes, for example, a table listing the various SecurityManager check
173 methods and the permission(s) the default implementation of each such method
174 requires. It also contains a table of all the version 1.2 methods that require
175 permissions, and for each such method tells which permission it requires.
177 For more information about SecurityManager changes made in the JDK and advice
178 regarding porting of 1.1-style security managers, see the security
182 *boolean_java.lang.SecurityManager.inCheck*
184 The security manager is a class that allows applications to implement a
185 security policy. It allows an application to determine, before performing a
186 possibly unsafe or sensitive operation, what the operation is and whether it is
187 being attempted in a security context that allows the operation to be
188 performed. The application can allow or disallow the operation.
190 The SecurityManager class contains many methods with names that begin with the
191 word check. These methods are called by various methods in the Java libraries
192 before those methods perform certain potentially sensitive operations. The
193 invocation of such a check method typically looks like this:
195 SecurityManager security = System.getSecurityManager(); if (security != null) {
196 security.checkXXX(argument, ...); }
198 The security manager is thereby given an opportunity to prevent completion of
199 the operation by throwing an exception. A security manager routine simply
200 returns if the operation is permitted, but throws a SecurityException if the
201 operation is not permitted. The only exception to this convention is
202 checkTopLevelWindow, which returns a boolean value.
204 The current security manager is set by the setSecurityManager method in class
205 System. The current security manager is obtained by the getSecurityManager
208 The special method (|java.lang.SecurityManager|) determines whether an access
209 request indicated by a specified permission should be granted or denied. The
210 default implementation calls
214 AccessController.checkPermission(perm);
216 If a requested access is allowed, checkPermission returns quietly. If denied, a
217 SecurityException is thrown.
219 As of Java 2 SDK v1.2, the default implementation of each of the other check
220 methods in SecurityManager is to call the SecurityManager checkPermission
221 method to determine if the calling thread has permission to perform the
224 Note that the checkPermission method with just a single permission argument
225 always performs security checks within the context of the currently executing
226 thread. Sometimes a security check that should be made within a given context
227 will actually need to be done from within a different context (for example,
228 from within a worker thread). The
229 getSecurityContext(|java.lang.SecurityManager|) method and the
230 checkPermission(|java.lang.SecurityManager|) method that includes a context
231 argument are provided for this situation. The getSecurityContext method returns
232 a "snapshot" of the current calling context. (The default implementation
233 returns an AccessControlContext object.) A sample call is the following:
237 Object context = null; SecurityManager sm = System.getSecurityManager(); if (sm
238 != null) context = sm.getSecurityContext();
242 The checkPermission method that takes a context object in addition to a
243 permission makes access decisions based on that context, rather than on that of
244 the current execution thread. Code within a different context can thus call
245 that method, passing the permission and the previously-saved context object. A
246 sample call, using the SecurityManager sm obtained as in the previous example,
251 if (sm != null) sm.checkPermission(permission, context);
255 Permissions fall into these categories: File, Socket, Net, Security, Runtime,
256 Property, AWT, Reflect, and Serializable. The classes managing these various
257 permission categories are java.io.FilePermission, java.net.SocketPermission,
258 java.net.NetPermission, java.security.SecurityPermission,
259 java.lang.RuntimePermission, java.util.PropertyPermission,
260 java.awt.AWTPermission, java.lang.reflect.ReflectPermission, and
261 java.io.SerializablePermission.
263 All but the first two (FilePermission and SocketPermission) are subclasses of
264 java.security.BasicPermission, which itself is an abstract subclass of the
265 top-level class for permissions, which is java.security.Permission.
266 BasicPermission defines the functionality needed for all permissions that
267 contain a name that follows the hierarchical property naming convention (for
268 example, "exitVM", "setFactory", "queuePrintJob", etc). An asterisk may appear
269 at the end of the name, following a ".", or by itself, to signify a wildcard
270 match. For example: "a.*" or "*" is valid, "*a" or "a*b" is not valid.
272 FilePermission and SocketPermission are subclasses of the top-level class for
273 permissions (java.security.Permission). Classes like these that have a more
274 complicated name syntax than that used by BasicPermission subclass directly
275 from Permission rather than from BasicPermission. For example, for a
276 java.io.FilePermission object, the permission name is the path name of a file
279 Some of the permission classes have an "actions" list that tells the actions
280 that are permitted for the object. For example, for a java.io.FilePermission
281 object, the actions list (such as "read, write") specifies which actions are
282 granted for the specified file (or for files in the specified directory).
284 Other permission classes are for "named" permissions - ones that contain a name
285 but no actions list; you either have the named permission or you don't.
287 Note: There is also a java.security.AllPermission permission that implies all
288 permissions. It exists to simplify the work of system administrators who might
289 need to perform multiple tasks that require all (or numerous) permissions.
291 See Permissions in the JDK for permission-related information. This document
292 includes, for example, a table listing the various SecurityManager check
293 methods and the permission(s) the default implementation of each such method
294 requires. It also contains a table of all the version 1.2 methods that require
295 permissions, and for each such method tells which permission it requires.
297 For more information about SecurityManager changes made in the JDK and advice
298 regarding porting of 1.1-style security managers, see the security
303 *java.lang.SecurityManager()*
305 public SecurityManager()
307 Constructs a new SecurityManager.
309 If there is a security manager already installed, this method first calls the
310 security manager's checkPermission method with the
311 RuntimePermission("createSecurityManager") permission to ensure the calling
312 thread has permission to create a new security manager. This may result in
313 throwing a SecurityException.
316 *java.lang.SecurityManager.checkAccept(String,int)*
318 public void checkAccept(
319 java.lang.String host,
322 Throws a SecurityException if the calling thread is not permitted to accept a
323 socket connection from the specified host and port number.
325 This method is invoked for the current security manager by the accept method of
328 This method calls checkPermission with the
329 SocketPermission(host+":"+port,"accept") permission.
331 If you override this method, then you should make a call to super.checkAccept
332 at the point the overridden method would normally throw an exception.
334 host - the host name of the socket connection.
335 port - the port number of the socket connection.
337 *java.lang.SecurityManager.checkAccess(Thread)*
339 public void checkAccess(java.lang.Thread t)
341 Throws a SecurityException if the calling thread is not allowed to modify the
344 This method is invoked for the current security manager by the stop, suspend,
345 resume, setPriority, setName, and setDaemon methods of class Thread.
347 If the thread argument is a system thread (belongs to the thread group with a
348 null parent) then this method calls checkPermission with the
349 RuntimePermission("modifyThread") permission. If the thread argument is not a
350 system thread, this method just returns silently.
352 Applications that want a stricter policy should override this method. If this
353 method is overridden, the method that overrides it should additionally check to
354 see if the calling thread has the RuntimePermission("modifyThread") permission,
355 and if so, return silently. This is to ensure that code granted that permission
356 (such as the JDK itself) is allowed to manipulate any thread.
358 If this method is overridden, then super.checkAccess should be called by the
359 first statement in the overridden method, or the equivalent security check
360 should be placed in the overridden method.
362 t - the thread to be checked.
364 *java.lang.SecurityManager.checkAccess(ThreadGroup)*
366 public void checkAccess(java.lang.ThreadGroup g)
368 Throws a SecurityException if the calling thread is not allowed to modify the
369 thread group argument.
371 This method is invoked for the current security manager when a new child thread
372 or child thread group is created, and by the setDaemon, setMaxPriority, stop,
373 suspend, resume, and destroy methods of class ThreadGroup.
375 If the thread group argument is the system thread group ( has a null parent)
376 then this method calls checkPermission with the
377 RuntimePermission("modifyThreadGroup") permission. If the thread group argument
378 is not the system thread group, this method just returns silently.
380 Applications that want a stricter policy should override this method. If this
381 method is overridden, the method that overrides it should additionally check to
382 see if the calling thread has the RuntimePermission("modifyThreadGroup")
383 permission, and if so, return silently. This is to ensure that code granted
384 that permission (such as the JDK itself) is allowed to manipulate any thread.
386 If this method is overridden, then super.checkAccess should be called by the
387 first statement in the overridden method, or the equivalent security check
388 should be placed in the overridden method.
390 g - the thread group to be checked.
392 *java.lang.SecurityManager.checkAwtEventQueueAccess()*
394 public void checkAwtEventQueueAccess()
396 Throws a SecurityException if the calling thread is not allowed to access the
399 This method calls checkPermission with the AWTPermission("accessEventQueue")
402 If you override this method, then you should make a call to
403 super.checkAwtEventQueueAccess at the point the overridden method would
404 normally throw an exception.
407 *java.lang.SecurityManager.checkConnect(String,int)*
409 public void checkConnect(
410 java.lang.String host,
413 Throws a SecurityException if the calling thread is not allowed to open a
414 socket connection to the specified host and port number.
416 A port number of -1 indicates that the calling method is attempting to
417 determine the IP address of the specified host name.
419 This method calls checkPermission with the
420 SocketPermission(host+":"+port,"connect") permission if the port is not equal
421 to -1. If the port is equal to -1, then it calls checkPermission with the
422 SocketPermission(host,"resolve") permission.
424 If you override this method, then you should make a call to super.checkConnect
425 at the point the overridden method would normally throw an exception.
427 host - the host name port to connect to.
428 port - the protocol port to connect to.
430 *java.lang.SecurityManager.checkConnect(String,int,Object)*
432 public void checkConnect(
433 java.lang.String host,
435 java.lang.Object context)
437 Throws a SecurityException if the specified security context is not allowed to
438 open a socket connection to the specified host and port number.
440 A port number of -1 indicates that the calling method is attempting to
441 determine the IP address of the specified host name. If context is not an
442 instance of AccessControlContext then a SecurityException is thrown.
444 Otherwise, the port number is checked. If it is not equal to -1, the context's
445 checkPermission method is called with a
446 SocketPermission(host+":"+port,"connect") permission. If the port is equal to
447 -1, then the context's checkPermission method is called with a
448 SocketPermission(host,"resolve") permission.
450 If you override this method, then you should make a call to super.checkConnect
451 at the point the overridden method would normally throw an exception.
453 host - the host name port to connect to.
454 port - the protocol port to connect to.
455 context - a system-dependent security context.
457 *java.lang.SecurityManager.checkCreateClassLoader()*
459 public void checkCreateClassLoader()
461 Throws a SecurityException if the calling thread is not allowed to create a new
464 This method calls checkPermission with the
465 RuntimePermission("createClassLoader") permission.
467 If you override this method, then you should make a call to
468 super.checkCreateClassLoader at the point the overridden method would normally
472 *java.lang.SecurityManager.checkDelete(String)*
474 public void checkDelete(java.lang.String file)
476 Throws a SecurityException if the calling thread is not allowed to delete the
479 This method is invoked for the current security manager by the delete method of
482 This method calls checkPermission with the FilePermission(file,"delete")
485 If you override this method, then you should make a call to super.checkDelete
486 at the point the overridden method would normally throw an exception.
488 file - the system-dependent filename.
490 *java.lang.SecurityManager.checkExec(String)*
492 public void checkExec(java.lang.String cmd)
494 Throws a SecurityException if the calling thread is not allowed to create a
497 This method is invoked for the current security manager by the exec methods of
500 This method calls checkPermission with the FilePermission(cmd,"execute")
501 permission if cmd is an absolute path, otherwise it calls checkPermission with
502 FilePermission("<<ALL FILES>>","execute").
504 If you override this method, then you should make a call to super.checkExec at
505 the point the overridden method would normally throw an exception.
507 cmd - the specified system command.
509 *java.lang.SecurityManager.checkExit(int)*
511 public void checkExit(int status)
513 Throws a SecurityException if the calling thread is not allowed to cause the
514 Java Virtual Machine to halt with the specified status code.
516 This method is invoked for the current security manager by the exit method of
517 class Runtime. A status of 0 indicates success; other values indicate various
520 This method calls checkPermission with the RuntimePermission("exitVM")
523 If you override this method, then you should make a call to super.checkExit at
524 the point the overridden method would normally throw an exception.
526 status - the exit status.
528 *java.lang.SecurityManager.checkLink(String)*
530 public void checkLink(java.lang.String lib)
532 Throws a SecurityException if the calling thread is not allowed to dynamic link
533 the library code specified by the string argument file. The argument is either
534 a simple library name or a complete filename.
536 This method is invoked for the current security manager by methods load and
537 loadLibrary of class Runtime.
539 This method calls checkPermission with the
540 RuntimePermission("loadLibrary."+lib) permission.
542 If you override this method, then you should make a call to super.checkLink at
543 the point the overridden method would normally throw an exception.
545 lib - the name of the library.
547 *java.lang.SecurityManager.checkListen(int)*
549 public void checkListen(int port)
551 Throws a SecurityException if the calling thread is not allowed to wait for a
552 connection request on the specified local port number.
554 If port is not 0, this method calls checkPermission with the
555 SocketPermission("localhost:"+port,"listen"). If port is zero, this method
556 calls checkPermission with SocketPermission("localhost:1024-","listen").
558 If you override this method, then you should make a call to super.checkListen
559 at the point the overridden method would normally throw an exception.
561 port - the local port.
563 *java.lang.SecurityManager.checkMemberAccess(Class,int)*
565 public void checkMemberAccess(
566 java.lang.Class clazz,
569 Throws a SecurityException if the calling thread is not allowed to access
572 The default policy is to allow access to PUBLIC members, as well as access to
573 classes that have the same class loader as the caller. In all other cases, this
574 method calls checkPermission with the
575 RuntimePermission("accessDeclaredMembers") permission.
577 If this method is overridden, then a call to super.checkMemberAccess cannot be
578 made, as the default implementation of checkMemberAccess relies on the code
579 being checked being at a stack depth of 4.
581 clazz - the class that reflection is to be performed on.
582 which - type of access, PUBLIC or DECLARED.
584 *java.lang.SecurityManager.checkMulticast(InetAddress)*
586 public void checkMulticast(java.net.InetAddress maddr)
588 Throws a SecurityException if the calling thread is not allowed to use
589 (join/leave/send/receive) IP multicast.
591 This method calls checkPermission with the
592 java.net.SocketPermission(maddr.getHostAddress(), "accept,connect") permission.
594 If you override this method, then you should make a call to
595 super.checkMulticast at the point the overridden method would normally throw an
598 maddr - Internet group address to be used.
600 *java.lang.SecurityManager.checkMulticast(InetAddress,byte)*
602 public void checkMulticast(
603 java.net.InetAddress maddr,
606 Throws a SecurityException if the calling thread is not allowed to use
607 (join/leave/send/receive) IP multicast.
609 This method calls checkPermission with the
610 java.net.SocketPermission(maddr.getHostAddress(), "accept,connect") permission.
612 If you override this method, then you should make a call to
613 super.checkMulticast at the point the overridden method would normally throw an
616 maddr - Internet group address to be used.
617 ttl - value in use, if it is multicast send. Note: this particular implementation
618 does not use the ttl parameter.
620 *java.lang.SecurityManager.checkPackageAccess(String)*
622 public void checkPackageAccess(java.lang.String pkg)
624 Throws a SecurityException if the calling thread is not allowed to access the
625 package specified by the argument.
627 This method is used by the loadClass method of class loaders.
629 This method first gets a list of restricted packages by obtaining a
630 comma-separated list from a call to
631 java.security.Security.getProperty("package.access"), and checks to see if pkg
632 starts with or equals any of the restricted packages. If it does, then
633 checkPermission gets called with the
634 RuntimePermission("accessClassInPackage."+pkg) permission.
636 If this method is overridden, then super.checkPackageAccess should be called as
637 the first line in the overridden method.
639 pkg - the package name.
641 *java.lang.SecurityManager.checkPackageDefinition(String)*
643 public void checkPackageDefinition(java.lang.String pkg)
645 Throws a SecurityException if the calling thread is not allowed to define
646 classes in the package specified by the argument.
648 This method is used by the loadClass method of some class loaders.
650 This method first gets a list of restricted packages by obtaining a
651 comma-separated list from a call to
652 java.security.Security.getProperty("package.definition"), and checks to see if
653 pkg starts with or equals any of the restricted packages. If it does, then
654 checkPermission gets called with the
655 RuntimePermission("defineClassInPackage."+pkg) permission.
657 If this method is overridden, then super.checkPackageDefinition should be
658 called as the first line in the overridden method.
660 pkg - the package name.
662 *java.lang.SecurityManager.checkPermission(Permission)*
664 public void checkPermission(java.security.Permission perm)
666 Throws a SecurityException if the requested access, specified by the given
667 permission, is not permitted based on the security policy currently in effect.
669 This method calls AccessController.checkPermission with the given permission.
671 perm - the requested permission.
673 *java.lang.SecurityManager.checkPermission(Permission,Object)*
675 public void checkPermission(
676 java.security.Permission perm,
677 java.lang.Object context)
679 Throws a SecurityException if the specified security context is denied access
680 to the resource specified by the given permission. The context must be a
681 security context returned by a previous call to getSecurityContext and the
682 access control decision is based upon the configured security policy for that
685 If context is an instance of AccessControlContext then the
686 AccessControlContext.checkPermission method is invoked with the specified
689 If context is not an instance of AccessControlContext then a SecurityException
692 perm - the specified permission
693 context - a system-dependent security context.
695 *java.lang.SecurityManager.checkPrintJobAccess()*
697 public void checkPrintJobAccess()
699 Throws a SecurityException if the calling thread is not allowed to initiate a
702 This method calls checkPermission with the RuntimePermission("queuePrintJob")
705 If you override this method, then you should make a call to
706 super.checkPrintJobAccess at the point the overridden method would normally
710 *java.lang.SecurityManager.checkPropertiesAccess()*
712 public void checkPropertiesAccess()
714 Throws a SecurityException if the calling thread is not allowed to access or
715 modify the system properties.
717 This method is used by the getProperties and setProperties methods of class
720 This method calls checkPermission with the PropertyPermission("*",
721 "read,write") permission.
723 If you override this method, then you should make a call to
724 super.checkPropertiesAccess at the point the overridden method would normally
728 *java.lang.SecurityManager.checkPropertyAccess(String)*
730 public void checkPropertyAccess(java.lang.String key)
732 Throws a SecurityException if the calling thread is not allowed to access the
733 system property with the specified key name.
735 This method is used by the getProperty method of class System.
737 This method calls checkPermission with the PropertyPermission(key, "read")
740 If you override this method, then you should make a call to
741 super.checkPropertyAccess at the point the overridden method would normally
744 key - a system property key.
746 *java.lang.SecurityManager.checkRead(FileDescriptor)*
748 public void checkRead(java.io.FileDescriptor fd)
750 Throws a SecurityException if the calling thread is not allowed to read from
751 the specified file descriptor.
753 This method calls checkPermission with the
754 RuntimePermission("readFileDescriptor") permission.
756 If you override this method, then you should make a call to super.checkRead at
757 the point the overridden method would normally throw an exception.
759 fd - the system-dependent file descriptor.
761 *java.lang.SecurityManager.checkRead(String)*
763 public void checkRead(java.lang.String file)
765 Throws a SecurityException if the calling thread is not allowed to read the
766 file specified by the string argument.
768 This method calls checkPermission with the FilePermission(file,"read")
771 If you override this method, then you should make a call to super.checkRead at
772 the point the overridden method would normally throw an exception.
774 file - the system-dependent file name.
776 *java.lang.SecurityManager.checkRead(String,Object)*
778 public void checkRead(
779 java.lang.String file,
780 java.lang.Object context)
782 Throws a SecurityException if the specified security context is not allowed to
783 read the file specified by the string argument. The context must be a security
784 context returned by a previous call to getSecurityContext. If context is an
785 instance of AccessControlContext then the AccessControlContext.checkPermission
786 method will be invoked with the FilePermission(file,"read") permission. If
787 context is not an instance of AccessControlContext then a SecurityException is
790 If you override this method, then you should make a call to super.checkRead at
791 the point the overridden method would normally throw an exception.
793 file - the system-dependent filename.
794 context - a system-dependent security context.
796 *java.lang.SecurityManager.checkSecurityAccess(String)*
798 public void checkSecurityAccess(java.lang.String target)
800 Determines whether the permission with the specified permission target name
801 should be granted or denied.
803 If the requested permission is allowed, this method returns quietly. If denied,
804 a SecurityException is raised.
806 This method creates a SecurityPermission object for the given permission target
807 name and calls checkPermission with it.
809 See the documentation for (|java.security.SecurityPermission|) for a list of
810 possible permission target names.
812 If you override this method, then you should make a call to
813 super.checkSecurityAccess at the point the overridden method would normally
816 target - the target name of the SecurityPermission.
818 *java.lang.SecurityManager.checkSetFactory()*
820 public void checkSetFactory()
822 Throws a SecurityException if the calling thread is not allowed to set the
823 socket factory used by ServerSocket or Socket, or the stream handler factory
826 This method calls checkPermission with the RuntimePermission("setFactory")
829 If you override this method, then you should make a call to
830 super.checkSetFactory at the point the overridden method would normally throw
834 *java.lang.SecurityManager.checkSystemClipboardAccess()*
836 public void checkSystemClipboardAccess()
838 Throws a SecurityException if the calling thread is not allowed to access the
841 This method calls checkPermission with the AWTPermission("accessClipboard")
844 If you override this method, then you should make a call to
845 super.checkSystemClipboardAccess at the point the overridden method would
846 normally throw an exception.
849 *java.lang.SecurityManager.checkTopLevelWindow(Object)*
851 public boolean checkTopLevelWindow(java.lang.Object window)
853 Returns false if the calling thread is not trusted to bring up the top-level
854 window indicated by the window argument. In this case, the caller can still
855 decide to show the window, but the window should include some sort of visual
856 warning. If the method returns true, then the window can be shown without any
857 special restrictions.
859 See class Window for more information on trusted and untrusted windows.
861 This method calls checkPermission with the
862 AWTPermission("showWindowWithoutWarningBanner") permission, and returns true if
863 a SecurityException is not thrown, otherwise it returns false.
865 If you override this method, then you should make a call to
866 super.checkTopLevelWindow at the point the overridden method would normally
867 return false, and the value of super.checkTopLevelWindow should be returned.
869 window - the new window that is being created.
871 Returns: true if the calling thread is trusted to put up top-level windows; false
873 *java.lang.SecurityManager.checkWrite(FileDescriptor)*
875 public void checkWrite(java.io.FileDescriptor fd)
877 Throws a SecurityException if the calling thread is not allowed to write to the
878 specified file descriptor.
880 This method calls checkPermission with the
881 RuntimePermission("writeFileDescriptor") permission.
883 If you override this method, then you should make a call to super.checkWrite at
884 the point the overridden method would normally throw an exception.
886 fd - the system-dependent file descriptor.
888 *java.lang.SecurityManager.checkWrite(String)*
890 public void checkWrite(java.lang.String file)
892 Throws a SecurityException if the calling thread is not allowed to write to the
893 file specified by the string argument.
895 This method calls checkPermission with the FilePermission(file,"write")
898 If you override this method, then you should make a call to super.checkWrite at
899 the point the overridden method would normally throw an exception.
901 file - the system-dependent filename.
903 *java.lang.SecurityManager.classDepth(String)*
905 protected native int classDepth(java.lang.String name)
907 Returns the stack depth of the specified class.
909 name - the fully qualified name of the class to search for.
911 Returns: the depth on the stack frame of the first occurrence of a method from a class
912 with the specified name; -1 if such a frame cannot be found.
913 *java.lang.SecurityManager.classLoaderDepth()*
915 protected int classLoaderDepth()
917 Returns the stack depth of the most recently executing method from a class
918 defined using a non-system class loader. A non-system class loader is defined
919 as being a class loader that is not equal to the system class loader (as
920 returned by (|java.lang.ClassLoader|) ) or one of its ancestors.
922 This method will return -1 in the following three cases:
924 All methods on the execution stack are from classes defined using the system
925 class loader or one of its ancestors.
927 All methods on the execution stack up to the first "privileged" caller (see
928 (|java.security.AccessController|) ) are from classes defined using the system
929 class loader or one of its ancestors.
931 A call to checkPermission with java.security.AllPermission does not result in a
937 Returns: the depth on the stack frame of the most recent occurrence of a method from a
938 class defined using a non-system class loader.
939 *java.lang.SecurityManager.currentClassLoader()*
941 protected |java.lang.ClassLoader| currentClassLoader()
943 Returns the class loader of the most recently executing method from a class
944 defined using a non-system class loader. A non-system class loader is defined
945 as being a class loader that is not equal to the system class loader (as
946 returned by (|java.lang.ClassLoader|) ) or one of its ancestors.
948 This method will return null in the following three cases:
950 All methods on the execution stack are from classes defined using the system
951 class loader or one of its ancestors.
953 All methods on the execution stack up to the first "privileged" caller (see
954 (|java.security.AccessController|) ) are from classes defined using the system
955 class loader or one of its ancestors.
957 A call to checkPermission with java.security.AllPermission does not result in a
963 Returns: the class loader of the most recent occurrence on the stack of a method from a
964 class defined using a non-system class loader.
965 *java.lang.SecurityManager.currentLoadedClass()*
967 protected |java.lang.Class| currentLoadedClass()
969 Returns the class of the most recently executing method from a class defined
970 using a non-system class loader. A non-system class loader is defined as being
971 a class loader that is not equal to the system class loader (as returned by
972 (|java.lang.ClassLoader|) ) or one of its ancestors.
974 This method will return null in the following three cases:
976 All methods on the execution stack are from classes defined using the system
977 class loader or one of its ancestors.
979 All methods on the execution stack up to the first "privileged" caller (see
980 (|java.security.AccessController|) ) are from classes defined using the system
981 class loader or one of its ancestors.
983 A call to checkPermission with java.security.AllPermission does not result in a
989 Returns: the class of the most recent occurrence on the stack of a method from a class
990 defined using a non-system class loader.
991 *java.lang.SecurityManager.getClassContext()*
993 protected native |java.lang.Class| getClassContext()
995 Returns the current execution stack as an array of classes.
997 The length of the array is the number of methods on the execution stack. The
998 element at index 0 is the class of the currently executing method, the element
999 at index 1 is the class of that method's caller, and so on.
1002 Returns: the execution stack.
1003 *java.lang.SecurityManager.getInCheck()*
1005 public boolean getInCheck()
1007 Tests if there is a security check in progress.
1010 Returns: the value of the inCheck field. This field should contain true if a security
1011 check is in progress, false otherwise.
1012 *java.lang.SecurityManager.getSecurityContext()*
1014 public |java.lang.Object| getSecurityContext()
1016 Creates an object that encapsulates the current execution environment. The
1017 result of this method is used, for example, by the three-argument checkConnect
1018 method and by the two-argument checkRead method. These methods are needed
1019 because a trusted method may be called on to read a file or open a socket on
1020 behalf of another method. The trusted method needs to determine if the other
1021 (possibly untrusted) method would be allowed to perform the operation on its
1022 own. The default implementation of this method is to return an
1023 AccessControlContext object.
1026 Returns: an implementation-dependent object that encapsulates sufficient information
1027 about the current execution environment to perform some security
1029 *java.lang.SecurityManager.getThreadGroup()*
1031 public |java.lang.ThreadGroup| getThreadGroup()
1033 Returns the thread group into which to instantiate any new thread being created
1034 at the time this is being called. By default, it returns the thread group of
1035 the current thread. This should be overridden by a specific security manager to
1036 return the appropriate thread group.
1039 Returns: ThreadGroup that new threads are instantiated into
1040 *java.lang.SecurityManager.inClass(String)*
1042 protected boolean inClass(java.lang.String name)
1044 Tests if a method from a class with the specified name is on the execution
1047 name - the fully qualified name of the class.
1049 Returns: true if a method from a class with the specified name is on the execution
1050 stack; false otherwise.
1051 *java.lang.SecurityManager.inClassLoader()*
1053 protected boolean inClassLoader()
1055 Basically, tests if a method from a class defined using a class loader is on
1056 the execution stack.
1059 Returns: true if a call to currentClassLoader has a non-null return value.