Java Reference
In-Depth Information
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
String passwordFile = System.getProperty("user.dir") +
File.separator + "PasswordFileName";
f[0] = new FileInputStream(passwordFile);
// Check whether oldPassword matches the one in the file
// If not, throw an exception
System.loadLibrary("authentication");
} catch (FileNotFoundException cnf) {
// Forward to handler
}
return null;
}
}); // End of doPrivileged()
}
This example violates the principle of least privilege because an unprivileged caller
could also cause the authentication library to be loaded. An unprivileged caller cannot
invoke the
System.loadLibrary()
method directly, because this could expose native
methods to the unprivileged code [SCG 2010]. Furthermore, the
System.loadLibrary()
method checks only the privileges of its immediate caller, so it should be used only with
great care. For more information, see
Guideline 18
, “
Do not expose methods that use
Compliant Solution
This compliant solution moves the call to
System.loadLibrary()
outside the
doPriv-
ileged()
block. Doing so allows unprivileged code to perform preliminary password-re-
set checks using the file, but prevents it from loading the authentication library.
public void changePassword(String currentPassword,
String newPassword) {
final FileInputStream f[] = { null };
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
String passwordFile = System.getProperty("user.dir") +
File.separator + "PasswordFileName";
f[0] = new FileInputStream(passwordFile);
// Check whether oldPassword matches the one in the file