Java Reference
In-Depth Information
•
New
PKIXRevocationChecker
class
•
PKCS 11 Windows support now includes 64-bit
•
New rcache types added to Kerberos 5
•
Kerberos 5 protocol transition supported in same realm as constrained
delegation
•
DES-related Kerberos 5 encryption types not supported by default
•
Unbound SASL for the GSS-API/Kerberos 5 mechanism
•
SASL service can support multiple host names
•
JNI bridge to native JGSS on OS X
•
Stronger ephemeral DH keys supported
•
Cipher suites preference customization
This chapter contains recipes that cover a handful of these security features.
22-1. Asserting a Subset of Privileges
Problem
You want to run an application with a regular set of privileges, but a portion of the ap-
plication requires a subset of privileges in order to prevent a possible security risk.
Solution
Write a privileged block and assert a subset of privileges to the block of code that re-
quires additional security. In the following code block, standard permissions execute
the application, but only a subset of permissions writes the file. This is done by placing
the code in an
AccessController.doPrivileged
block, which specifies the
least amount of privileges required to complete the task.
public static String writeFile(final String filename) {
return AccessController.doPrivileged(
(PrivilegedAction<String>) () -> {