Deprecated
for removal since 17.
The Security Manager is deprecated and subject to removal in a future release. There is no replacement for the Security Manager. See JEP 411 for discussion and alternatives.
The SecurityManager
class contains many methods with
names that begin with the word check
. These methods
are called by various methods in the Java libraries before those
methods perform certain potentially sensitive operations. The
invocation of such a check
method typically looks like this:
SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkXXX(argument, . . . ); }
The security manager is thereby given an opportunity to prevent
completion of the operation by throwing an exception. A security
manager routine simply returns if the operation is permitted, but
throws a SecurityException
if the operation is not
permitted.
java.security.manager
on the command line
to the class name of the security manager. It can also be set to the empty
String ("") or the special token "default
" to use the
default java.lang.SecurityManager
. If a class name is specified,
it must be java.lang.SecurityManager
or a public subclass and have
a public no-arg constructor. The class is loaded by the
built-in system class loader
if it is not java.lang.SecurityManager
. If the
java.security.manager
system property is not set, the default value
is null
, which means a security manager will not be set at startup.
The Java run-time may also allow, but is not required to allow, the security
manager to be set dynamically by invoking the
setSecurityManager
method.
In the JDK implementation, if the Java virtual machine is started with
the java.security.manager
system property set to the special token
"allow
", then a security manager will not be set at startup but can
be set dynamically. If the Java virtual machine is started with the
java.security.manager
system property not set or set to the special
token "disallow
", then a security manager will not be set at startup
and cannot be set dynamically (the
setSecurityManager
method will throw an UnsupportedOperationException
). Finally, if the
java.security.manager
system property is set to the class name of
the security manager, or to the empty String ("") or the special token
"default
", then a security manager is set at startup (as described
previously) and can also be subsequently replaced (or disabled) dynamically
(subject to the policy of the currently installed security manager). The
following table illustrates the behavior of the JDK implementation for the
different settings of the java.security.manager
system property:
Property Value | The SecurityManager set at startup | System.setSecurityManager run-time behavior |
---|---|---|
null | None | Throws UnsupportedOperationException |
empty String ("") | java.lang.SecurityManager |
Success or throws SecurityException if not permitted by
the currently installed security manager |
"default" | java.lang.SecurityManager |
Success or throws SecurityException if not permitted by
the currently installed security manager |
"disallow" | None | Throws UnsupportedOperationException |
"allow" | None | Success or throws SecurityException if not permitted by
the currently installed security manager |
a class name | the named class | Success or throws SecurityException if not permitted by
the currently installed security manager |
The current security manager is returned by the
getSecurityManager
method.
SecurityManager#checkPermission(java.security.Permission)
determines whether an access request indicated by a specified
permission should be granted or denied. The
default implementation calls
AccessController.checkPermission(perm);
If a requested access is allowed,
checkPermission
returns quietly. If denied, a
SecurityException
is thrown.
The default implementation of each of the other
check
methods in SecurityManager
is to
call the SecurityManager checkPermission
method
to determine if the calling thread has permission to perform the requested
operation.
Note that the checkPermission
method with
just a single permission argument always performs security checks
within the context of the currently executing thread.
Sometimes a security check that should be made within a given context
will actually need to be done from within a
different context (for example, from within a worker thread).
The getSecurityContext
method
and the checkPermission
method that includes a context argument are provided
for this situation. The
getSecurityContext
method returns a "snapshot"
of the current calling context. (The default implementation
returns an AccessControlContext object.) A sample call is
the following:
Object context = null; SecurityManager sm = System.getSecurityManager(); if (sm != null) context = sm.getSecurityContext();
The checkPermission
method
that takes a context object in addition to a permission
makes access decisions based on that context,
rather than on that of the current execution thread.
Code within a different context can thus call that method,
passing the permission and the
previously-saved context object. A sample call, using the
SecurityManager sm
obtained as in the previous example,
is the following:
if (sm != null) sm.checkPermission(permission, context);
Permissions fall into these categories: File, Socket, Net,
Security, Runtime, Property, AWT, Reflect, and Serializable.
The classes managing these various
permission categories are java.io.FilePermission
,
java.net.SocketPermission
,
java.net.NetPermission
,
java.security.SecurityPermission
,
java.lang.RuntimePermission
,
java.util.PropertyPermission
,
java.awt.AWTPermission
,
java.lang.reflect.ReflectPermission
, and
java.io.SerializablePermission
.
All but the first two (FilePermission and SocketPermission) are
subclasses of java.security.BasicPermission
, which itself
is an abstract subclass of the
top-level class for permissions, which is
java.security.Permission
. BasicPermission defines the
functionality needed for all permissions that contain a name
that follows the hierarchical property naming convention
(for example, "exitVM", "setFactory", "queuePrintJob", etc).
An asterisk
may appear at the end of the name, following a ".", or by itself, to
signify a wildcard match. For example: "a.*" or "*" is valid,
"*a" or "a*b" is not valid.
FilePermission and SocketPermission are subclasses of the
top-level class for permissions
(java.security.Permission
). Classes like these
that have a more complicated name syntax than that used by
BasicPermission subclass directly from Permission rather than from
BasicPermission. For example,
for a java.io.FilePermission
object, the permission name is
the path name of a file (or directory).
Some of the permission classes have an "actions" list that tells
the actions that are permitted for the object. For example,
for a java.io.FilePermission
object, the actions list
(such as "read, write") specifies which actions are granted for the
specified file (or for files in the specified directory).
Other permission classes are for "named" permissions - ones that contain a name but no actions list; you either have the named permission or you don't.
Note
There is also a java.security.AllPermission
permission that implies all permissions. It exists to simplify the work
of system administrators who might need to perform multiple
tasks that require all (or numerous) permissions.
See Permissions in the Java Development Kit (JDK)
for permission-related information.
This document includes a table listing the various SecurityManager
check
methods and the permission(s) the default
implementation of each such method requires.
It also contains a table of the methods
that require permissions, and for each such method tells
which permission it requires.
java.lang.ClassLoader
, java.lang.SecurityException
, getSecurityManager
, setSecurityManager
, AccessController
, AccessControlContext
, AccessControlException
, java.security.Permission
, java.security.BasicPermission
, java.io.FilePermission
, java.net.SocketPermission
, java.util.PropertyPermission
, java.lang.RuntimePermission
, Policy
, SecurityPermission
, java.security.ProtectionDomain
Modifier and Type | Field and Description |
---|---|
private boolean | |
private static final Map | |
private static String[] | |
private static final Object | |
private static boolean | |
private static String[] | |
private static final Object | |
private static boolean | |
private static ThreadGroup | rootGroup
reference to the root thread group, used for the checkAccess methods. |
Access | Constructor and Description |
---|---|
public |
Modifier and Type | Method and Description |
---|---|
pack-priv static void | addNonExportedPackages(ModuleLayer layer)
Record the non-exported packages of the modules in the given layer |
public void | checkAccept(String
the host name of the socket connection. host, int the port number of the socket connection. port)Throws a |
public void | checkAccess(Thread
the thread to be checked. t)Throws a |
public void | checkAccess(ThreadGroup
the thread group to be checked. g)Throws a |
public void | checkConnect(String
the host name port to connect to. host, int the protocol port to connect to. port)Throws a |
public void | checkConnect(String
the host name port to connect to. host, int the protocol port to connect to. port, Object a system-dependent security context. context)Throws a |
public void | checkCreateClassLoader()
Throws a |
public void | checkDelete(String
the system-dependent filename. file)Throws a |
public void | |
public void | checkExit(int
the exit status. status)Throws a |
public void | |
public void | checkListen(int
the local port. port)Throws a |
public void | checkMulticast(InetAddress
Internet group address to be used. maddr)Throws a |
public void | checkMulticast(InetAddress
Internet group address to be used. maddr, byte value in use, if it is multicast send.
ttl)Note this particular implementation does not use the ttl parameter.
Deprecated
for removal since 1.4.
Throws a SecurityException if the
calling thread is not allowed to use
(join/leave/send/receive) IP multicast.
|
public void | checkPackageAccess(String
the package name. pkg)Throws a |
public void | checkPackageDefinition(String
the package name. pkg)Throws a |
public void | checkPermission(Permission
the requested permission. perm)Throws a |
public void | checkPermission(Permission
the specified permission perm, Object a system-dependent security context. context)Throws a |
public void | checkPrintJobAccess()
Throws a |
public void | checkPropertiesAccess()
Throws a |
public void | checkPropertyAccess(String
a system property key. key)Throws a |
public void | checkRead(FileDescriptor
the system-dependent file descriptor. fd)Throws a |
public void | |
public void | |
public void | checkSecurityAccess(String
the target name of the target)SecurityPermission .Determines whether the permission with the specified permission target name should be granted or denied. |
public void | checkSetFactory()
Throws a |
public void | checkWrite(FileDescriptor
the system-dependent file descriptor. fd)Throws a |
public void | checkWrite(String
the system-dependent filename. file)Throws a |
protected native Class | Returns: the execution stack.Returns the current execution stack as an array of classes. |
private static String[] | |
private static ThreadGroup | |
public Object | Returns: an implementation-dependent object that encapsulates sufficient information about the current execution environment to perform some security checks later.Creates an object that encapsulates the current execution environment. |
public ThreadGroup | Returns: ThreadGroup that new threads are instantiated intoReturns the thread group into which to instantiate any new thread being created at the time this is being called. |
pack-priv static void | |
private static Set |
initialized | back to summary |
---|---|
private boolean initialized |
nonExportedPkgs | back to summary |
---|---|
private static final Map<String, Boolean> nonExportedPkgs |
packageAccess | back to summary |
---|---|
private static String[] packageAccess |
packageAccessLock | back to summary |
---|---|
private static final Object packageAccessLock |
packageAccessValid | back to summary |
---|---|
private static boolean packageAccessValid |
packageDefinition | back to summary |
---|---|
private static String[] packageDefinition |
packageDefinitionLock | back to summary |
---|---|
private static final Object packageDefinitionLock |
packageDefinitionValid | back to summary |
---|---|
private static boolean packageDefinitionValid |
rootGroup | back to summary |
---|---|
private static ThreadGroup rootGroup reference to the root thread group, used for the checkAccess methods. |
SecurityManager | back to summary |
---|---|
public SecurityManager() Constructs a new If there is a security manager already installed, this method first
calls the security manager's
|
addNonExportedPackages | back to summary |
---|---|
pack-priv static void addNonExportedPackages(ModuleLayer layer) Record the non-exported packages of the modules in the given layer |
checkAccept | back to summary |
---|---|
public void checkAccept(String host, int port) Throws a
This method is invoked for the current security manager by the
This method calls
If you override this method, then you should make a call to
|
checkAccess | back to summary |
---|---|
public void checkAccess(Thread t) Throws a
This method is invoked for the current security manager by the
If the thread argument is a system thread (belongs to
the thread group with a
Applications that want a stricter policy should override this
method. If this method is overridden, the method that overrides
it should additionally check to see if the calling thread has the
If this method is overridden, then
|
checkAccess | back to summary |
---|---|
public void checkAccess(ThreadGroup g) Throws a
This method is invoked for the current security manager when a
new child thread or child thread group is created, and by the
If the thread group argument is the system thread group (
has a
Applications that want a stricter policy should override this
method. If this method is overridden, the method that overrides
it should additionally check to see if the calling thread has the
If this method is overridden, then
|
checkConnect | back to summary |
---|---|
public void checkConnect(String host, int port) Throws a
A port number of
This method calls
If you override this method, then you should make a call to
|
checkConnect | back to summary |
---|---|
public void checkConnect(String host, int port, Object context) Throws a
A port number of If
Otherwise, the port number is checked. If it is not equal
to -1, the
If you override this method, then you should make a call to
|
checkCreateClassLoader | back to summary |
---|---|
public void checkCreateClassLoader() Throws a
This method calls
If you override this method, then you should make a call to
|
checkDelete | back to summary |
---|---|
public void checkDelete(String file) Throws a
This method is invoked for the current security manager by the
This method calls
If you override this method, then you should make a call to
|
checkExec | back to summary |
---|---|
public void checkExec(String cmd) Throws a
This method is invoked for the current security manager by the
This method calls
If you override this method, then you should make a call to
|
checkExit | back to summary |
---|---|
public void checkExit(int status) Throws a
This method is invoked for the current security manager by the
This method calls
If you override this method, then you should make a call to
|
checkLink | back to summary |
---|---|
public void checkLink(String lib) Throws a
This method is invoked for the current security manager by
methods
This method calls
If you override this method, then you should make a call to
|
checkListen | back to summary |
---|---|
public void checkListen(int port) Throws a
This method calls
If you override this method, then you should make a call to
|
checkMulticast | back to summary |
---|---|
public void checkMulticast(InetAddress maddr) Throws a
This method calls
If you override this method, then you should make a call to
|
checkMulticast | back to summary |
---|---|
public void checkMulticast(InetAddress maddr, byte ttl)
Deprecated for removal since 1.4. Throws a
This method calls
If you override this method, then you should make a call to
|
checkPackageAccess | back to summary |
---|---|
public void checkPackageAccess(String pkg) Throws a
During class loading, this method may be called by the
This method checks if the specified package starts with or equals
any of the packages in the
If this method is overridden, then Implementation Note This implementation also restricts all non-exported packages of modules loaded by the platform class loader or its ancestors. A "non-exported package" refers to a package that is not exported to all modules. Specifically, it refers to a package that either is not exported at all by its containing module or is exported in a qualified fashion by its containing module.
|
checkPackageDefinition | back to summary |
---|---|
public void checkPackageDefinition(String pkg) Throws a
This method is called by the
This method checks if the specified package starts with or equals
any of the packages in the
If this method is overridden, then Implementation Note This implementation also restricts all non-exported packages of modules loaded by the platform class loader or its ancestors. A "non-exported package" refers to a package that is not exported to all modules. Specifically, it refers to a package that either is not exported at all by its containing module or is exported in a qualified fashion by its containing module.
|
checkPermission | back to summary |
---|---|
public void checkPermission(Permission perm) Throws a
This method calls
|
checkPermission | back to summary |
---|---|
public void checkPermission(Permission perm, Object context) Throws a
If
If
|
checkPrintJobAccess | back to summary |
---|---|
public void checkPrintJobAccess() Throws a
This method calls
If you override this method, then you should make a call to
|
checkPropertiesAccess | back to summary |
---|---|
public void checkPropertiesAccess() Throws a
This method is used by the
This method calls
If you override this method, then you should make a call to
|
checkPropertyAccess | back to summary |
---|---|
public void checkPropertyAccess(String key) Throws a
This method is used by the
This method calls
If you override this method, then you should make a call to
|
checkRead | back to summary |
---|---|
public void checkRead(FileDescriptor fd) Throws a
This method calls
If you override this method, then you should make a call to
|
checkRead | back to summary |
---|---|
public void checkRead(String file) Throws a
This method calls
If you override this method, then you should make a call to
|
checkRead | back to summary |
---|---|
public void checkRead(String file, Object context) Throws a If If
If you override this method, then you should make a call to
|
checkSecurityAccess | back to summary |
---|---|
public void checkSecurityAccess(String target) Determines whether the permission with the specified permission target name should be granted or denied. If the requested permission is allowed, this method returns quietly. If denied, a SecurityException is raised. This method creates a See the documentation for
If you override this method, then you should make a call to
|
checkSetFactory | back to summary |
---|---|
public void checkSetFactory() Throws a
This method calls
If you override this method, then you should make a call to
|
checkWrite | back to summary |
---|---|
public void checkWrite(FileDescriptor fd) Throws a
This method calls
If you override this method, then you should make a call to
|
checkWrite | back to summary |
---|---|
public void checkWrite(String file) Throws a
This method calls
If you override this method, then you should make a call to
|
getClassContext | back to summary |
---|---|
protected native Class Returns the current execution stack as an array of classes.
The length of the array is the number of methods on the execution
stack. The element at index
|
getPackages | back to summary |
---|---|
private static String[] getPackages(String p) |
getRootGroup | back to summary |
---|---|
private static ThreadGroup getRootGroup() |
getSecurityContext | back to summary |
---|---|
public Object getSecurityContext() Creates an object that encapsulates the current execution
environment. The result of this method is used, for example, by the
three-argument The default implementation of this method is to return
an
|
getThreadGroup | back to summary |
---|---|
public ThreadGroup getThreadGroup() Returns the thread group into which to instantiate any new thread being created at the time this is being called. By default, it returns the thread group of the current thread. This should be overridden by a specific security manager to return the appropriate thread group.
|
invalidatePackageAccessCache | back to summary |
---|---|
pack-priv static void invalidatePackageAccessCache() Called by java.security.Security |
nonExportedPkgs | back to summary |
---|---|
private static Set Returns the non-exported packages of the specified module. |