Java Reference
In-Depth Information
Compliant Solution (Callback-Local
doPrivileged Block
)
According to Oracle's secure coding guidelines [SCG 2010],
By convention, instances of
PrivilegedAction
and
PrivilegedExceptionAction
may be made available to untrusted code, but
doPrivileged
must not be invoked
with caller-provided actions.
This compliant solution moves the invocation of
doPrivileged()
out of the
CallBackAction
code and into the callback itself.
public interface CallBack {
void callMethod();
}
class UserLookupCallBack implements CallBack {
private int uid;
private String name;
public UserLookupCallBack(int uid) {
this.uid = uid;
}
public String getName() {
return name;
}
public final void callMethod() {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
try (InputStream fis =
new FileInputStream("/etc/passwd")) {
// Look up userid and assign to
// UserLookupCallBack.this.name
} catch (IOException x) {
UserLookupCallBack.this.name = null;
}
return null;
}
});
}
}
final class CallBackAction {
private CallBack callback;