Java Reference
In-Depth Information
For example, a sample policy file entry granting code from the
/home/
sysadmin
directory read access to the file
/tmp/abc
is
grant codeBase "file:/home/sysadmin/" {
permission java.io.FilePermission "/tmp/abc", "read";
};
To find out how security policies are defined in your local system, con-
sult your local documentation.
Classes loaded by the bootstrap loader are considered to be trusted and
do not need explicit permissions set in the security policy. Some virtual
machine implementations also support the
standard extensions
mech-
anism, which allows classes to be identified as trusted by placing them in
special locations accessed by the
extensions class loader.
These classes
do not need explicit permissions set either.
23.5.4. Access Controllers and Privileged Execution
The
AccessController
class is used for three purposes:
•
It provides the basic
checkPermission
method used by security
managers to perform a security check.
•
It provides a way to create a "snapshot" of the current calling
context by using
getContext
, which returns an
AccessControlCon-
text
.
•
It provides a means to run code as
privileged,
thus changing the
set of permissions that might otherwise be associated with the
code.
We have discussed (to the extent we intend to) the first two of these. In
this section we look at what it means to have privileged execution.