Java Reference
In-Depth Information
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
String passwordFile = System.getProperty("user.dir") +
File.separator + "PasswordFileName";
f[0] = new FileInputStream(passwordFile);
// Check whether oldPassword matches the one in the file
// If not, throw an exception
System.loadLibrary("authentication");
} catch (FileNotFoundException cnf) {
// Forward to handler
}
return null;
}
}); // End of doPrivileged()
}
This example violates the principle of least privilege because an unprivileged caller
could also cause the authentication library to be loaded. An unprivileged caller cannot
invoke the System.loadLibrary() method directly, because this could expose native
methods to the unprivileged code [SCG 2010]. Furthermore, the System.loadLibrary()
method checks only the privileges of its immediate caller, so it should be used only with
great care. For more information, see Guideline 18 , “ Do not expose methods that use
reduced-security checks to untrusted code .
Compliant Solution
This compliant solution moves the call to System.loadLibrary() outside the doPriv-
ileged() block. Doing so allows unprivileged code to perform preliminary password-re-
set checks using the file, but prevents it from loading the authentication library.
Click here to view code image
public void changePassword(String currentPassword,
String newPassword) {
final FileInputStream f[] = { null };
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
String passwordFile = System.getProperty("user.dir") +
File.separator + "PasswordFileName";
f[0] = new FileInputStream(passwordFile);
// Check whether oldPassword matches the one in the file
Previous Page
Next Page
Java Coding Guidelines
Search WWH ::




Custom Search
Home