KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > java > lang > SecurityManager


1 /*
2  * @(#)SecurityManager.java 1.136 04/06/28
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7
8 package java.lang;
9
10 import java.security.*;
11 import java.io.FileDescriptor JavaDoc;
12 import java.io.File JavaDoc;
13 import java.io.FilePermission JavaDoc;
14 import java.awt.AWTPermission JavaDoc;
15 import java.util.PropertyPermission JavaDoc;
16 import java.lang.RuntimePermission JavaDoc;
17 import java.net.SocketPermission JavaDoc;
18 import java.net.NetPermission JavaDoc;
19 import java.util.Hashtable JavaDoc;
20 import java.net.InetAddress JavaDoc;
21 import java.lang.reflect.Member JavaDoc;
22 import java.lang.reflect.*;
23 import java.net.URL JavaDoc;
24
25 import sun.security.util.SecurityConstants;
26
27 /**
28  * The security manager is a class that allows
29  * applications to implement a security policy. It allows an
30  * application to determine, before performing a possibly unsafe or
31  * sensitive operation, what the operation is and whether
32  * it is being attempted in a security context that allows the
33  * operation to be performed. The
34  * application can allow or disallow the operation.
35  * <p>
36  * The <code>SecurityManager</code> class contains many methods with
37  * names that begin with the word <code>check</code>. These methods
38  * are called by various methods in the Java libraries before those
39  * methods perform certain potentially sensitive operations. The
40  * invocation of such a <code>check</code> method typically looks like this:
41  * <p><blockquote><pre>
42  * SecurityManager security = System.getSecurityManager();
43  * if (security != null) {
44  * security.check<i>XXX</i>(argument, &nbsp;.&nbsp;.&nbsp;.&nbsp;);
45  * }
46  * </pre></blockquote>
47  * <p>
48  * The security manager is thereby given an opportunity to prevent
49  * completion of the operation by throwing an exception. A security
50  * manager routine simply returns if the operation is permitted, but
51  * throws a <code>SecurityException</code> if the operation is not
52  * permitted. The only exception to this convention is
53  * <code>checkTopLevelWindow</code>, which returns a
54  * <code>boolean</code> value.
55  * <p>
56  * The current security manager is set by the
57  * <code>setSecurityManager</code> method in class
58  * <code>System</code>. The current security manager is obtained
59  * by the <code>getSecurityManager</code> method.
60  * <p>
61  * The special method
62  * {@link SecurityManager#checkPermission(java.security.Permission)}
63  * determines whether an access request indicated by a specified
64  * permission should be granted or denied. The
65  * default implementation calls
66  *
67  * <pre>
68  * AccessController.checkPermission(perm);
69  * </pre>
70  *
71  * <p>
72  * If a requested access is allowed,
73  * <code>checkPermission</code> returns quietly. If denied, a
74  * <code>SecurityException</code> is thrown.
75  * <p>
76  * As of Java 2 SDK v1.2, the default implementation of each of the other
77  * <code>check</code> methods in <code>SecurityManager</code> is to
78  * call the <code>SecurityManager checkPermission</code> method
79  * to determine if the calling thread has permission to perform the requested
80  * operation.
81  * <p>
82  * Note that the <code>checkPermission</code> method with
83  * just a single permission argument always performs security checks
84  * within the context of the currently executing thread.
85  * Sometimes a security check that should be made within a given context
86  * will actually need to be done from within a
87  * <i>different</i> context (for example, from within a worker thread).
88  * The {@link SecurityManager#getSecurityContext getSecurityContext} method
89  * and the {@link SecurityManager#checkPermission(java.security.Permission,
90  * java.lang.Object) checkPermission}
91  * method that includes a context argument are provided
92  * for this situation. The
93  * <code>getSecurityContext</code> method returns a "snapshot"
94  * of the current calling context. (The default implementation
95  * returns an AccessControlContext object.) A sample call is
96  * the following:
97  *
98  * <pre>
99  * Object context = null;
100  * SecurityManager sm = System.getSecurityManager();
101  * if (sm != null) context = sm.getSecurityContext();
102  * </pre>
103  *
104  * <p>
105  * The <code>checkPermission</code> method
106  * that takes a context object in addition to a permission
107  * makes access decisions based on that context,
108  * rather than on that of the current execution thread.
109  * Code within a different context can thus call that method,
110  * passing the permission and the
111  * previously-saved context object. A sample call, using the
112  * SecurityManager <code>sm</code> obtained as in the previous example,
113  * is the following:
114  *
115  * <pre>
116  * if (sm != null) sm.checkPermission(permission, context);
117  * </pre>
118  *
119  * <p>Permissions fall into these categories: File, Socket, Net,
120  * Security, Runtime, Property, AWT, Reflect, and Serializable.
121  * The classes managing these various
122  * permission categories are <code>java.io.FilePermission</code>,
123  * <code>java.net.SocketPermission</code>,
124  * <code>java.net.NetPermission</code>,
125  * <code>java.security.SecurityPermission</code>,
126  * <code>java.lang.RuntimePermission</code>,
127  * <code>java.util.PropertyPermission</code>,
128  * <code>java.awt.AWTPermission</code>,
129  * <code>java.lang.reflect.ReflectPermission</code>, and
130  * <code>java.io.SerializablePermission</code>.
131  *
132  * <p>All but the first two (FilePermission and SocketPermission) are
133  * subclasses of <code>java.security.BasicPermission</code>, which itself
134  * is an abstract subclass of the
135  * top-level class for permissions, which is
136  * <code>java.security.Permission</code>. BasicPermission defines the
137  * functionality needed for all permissions that contain a name
138  * that follows the hierarchical property naming convention
139  * (for example, "exitVM", "setFactory", "queuePrintJob", etc).
140  * An asterisk
141  * may appear at the end of the name, following a ".", or by itself, to
142  * signify a wildcard match. For example: "a.*" or "*" is valid,
143  * "*a" or "a*b" is not valid.
144  *
145  * <p>FilePermission and SocketPermission are subclasses of the
146  * top-level class for permissions
147  * (<code>java.security.Permission</code>). Classes like these
148  * that have a more complicated name syntax than that used by
149  * BasicPermission subclass directly from Permission rather than from
150  * BasicPermission. For example,
151  * for a <code>java.io.FilePermission</code> object, the permission name is
152  * the path name of a file (or directory).
153  *
154  * <p>Some of the permission classes have an "actions" list that tells
155  * the actions that are permitted for the object. For example,
156  * for a <code>java.io.FilePermission</code> object, the actions list
157  * (such as "read, write") specifies which actions are granted for the
158  * specified file (or for files in the specified directory).
159  *
160  * <p>Other permission classes are for "named" permissions -
161  * ones that contain a name but no actions list; you either have the
162  * named permission or you don't.
163  *
164  * <p>Note: There is also a <code>java.security.AllPermission</code>
165  * permission that implies all permissions. It exists to simplify the work
166  * of system administrators who might need to perform multiple
167  * tasks that require all (or numerous) permissions.
168  * <p>
169  * See <a href ="../../../guide/security/permissions.html">
170  * Permissions in the JDK</a> for permission-related information.
171  * This document includes, for example, a table listing the various SecurityManager
172  * <code>check</code> methods and the permission(s) the default
173  * implementation of each such method requires.
174  * It also contains a table of all the version 1.2 methods
175  * that require permissions, and for each such method tells
176  * which permission it requires.
177  * <p>
178  * For more information about <code>SecurityManager</code> changes made in
179  * the JDK and advice regarding porting of 1.1-style security managers,
180  * see the <a HREF="../../../guide/security/index.html">security documentation</a>.
181  *
182  * @author Arthur van Hoff
183  * @author Roland Schemers
184  *
185  * @version 1.136, 06/28/04
186  * @see java.lang.ClassLoader
187  * @see java.lang.SecurityException
188  * @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
189  * checkTopLevelWindow
190  * @see java.lang.System#getSecurityManager() getSecurityManager
191  * @see java.lang.System#setSecurityManager(java.lang.SecurityManager)
192  * setSecurityManager
193  * @see java.security.AccessController AccessController
194  * @see java.security.AccessControlContext AccessControlContext
195  * @see java.security.AccessControlException AccessControlException
196  * @see java.security.Permission
197  * @see java.security.BasicPermission
198  * @see java.io.FilePermission
199  * @see java.net.SocketPermission
200  * @see java.util.PropertyPermission
201  * @see java.lang.RuntimePermission
202  * @see java.awt.AWTPermission
203  * @see java.security.Policy Policy
204  * @see java.security.SecurityPermission SecurityPermission
205  * @see java.security.ProtectionDomain
206  *
207  * @since JDK1.0
208  */
209 public
210 class SecurityManager {
211
212     /**
213      * This field is <code>true</code> if there is a security check in
214      * progress; <code>false</code> otherwise.
215      *
216      * @deprecated This type of security checking is not recommended.
217      * It is recommended that the <code>checkPermission</code>
218      * call be used instead.
219      */
220     @Deprecated JavaDoc
221     protected boolean inCheck;
222
223     /*
224      * Have we been initialized. Effective against finalizer attacks.
225      */
226     private boolean initialized = false;
227
228
229     /**
230      * returns true if the current context has been granted AllPermission
231      */
232     private boolean hasAllPermission()
233     {
234     try {
235         checkPermission(SecurityConstants.ALL_PERMISSION);
236         return true;
237     } catch (SecurityException JavaDoc se) {
238         return false;
239     }
240     }
241
242     /**
243      * Tests if there is a security check in progress.
244      *
245      * @return the value of the <code>inCheck</code> field. This field
246      * should contain <code>true</code> if a security check is
247      * in progress,
248      * <code>false</code> otherwise.
249      * @see java.lang.SecurityManager#inCheck
250      * @deprecated This type of security checking is not recommended.
251      * It is recommended that the <code>checkPermission</code>
252      * call be used instead.
253      */
254     @Deprecated JavaDoc
255     public boolean getInCheck() {
256     return inCheck;
257     }
258
259     /**
260      * Constructs a new <code>SecurityManager</code>.
261      *
262      * <p> If there is a security manager already installed, this method first
263      * calls the security manager's <code>checkPermission</code> method
264      * with the <code>RuntimePermission("createSecurityManager")</code>
265      * permission to ensure the calling thread has permission to create a new
266      * security manager.
267      * This may result in throwing a <code>SecurityException</code>.
268      *
269      * @exception java.lang.SecurityException if a security manager already
270      * exists and its <code>checkPermission</code> method
271      * doesn't allow creation of a new security manager.
272      * @see java.lang.System#getSecurityManager()
273      * @see #checkPermission(java.security.Permission) checkPermission
274      * @see java.lang.RuntimePermission
275      */
276     public SecurityManager() {
277     synchronized(SecurityManager JavaDoc.class) {
278         SecurityManager JavaDoc sm = System.getSecurityManager();
279         if (sm != null) {
280         // ask the currently installed security manager if we
281 // can create a new one.
282 sm.checkPermission(new RuntimePermission JavaDoc
283                    ("createSecurityManager"));
284         }
285         initialized = true;
286     }
287     }
288
289     /**
290      * Returns the current execution stack as an array of classes.
291      * <p>
292      * The length of the array is the number of methods on the execution
293      * stack. The element at index <code>0</code> is the class of the
294      * currently executing method, the element at index <code>1</code> is
295      * the class of that method's caller, and so on.
296      *
297      * @return the execution stack.
298      */
299     protected native Class JavaDoc[] getClassContext();
300
301     /**
302      * Returns the class loader of the most recently executing method from
303      * a class defined using a non-system class loader. A non-system
304      * class loader is defined as being a class loader that is not equal to
305      * the system class loader (as returned
306      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
307      * <p>
308      * This method will return
309      * <code>null</code> in the following three cases:<p>
310      * <ol>
311      * <li>All methods on the execution stack are from classes
312      * defined using the system class loader or one of its ancestors.
313      *
314      * <li>All methods on the execution stack up to the first
315      * "privileged" caller
316      * (see {@link java.security.AccessController#doPrivileged})
317      * are from classes
318      * defined using the system class loader or one of its ancestors.
319      *
320      * <li> A call to <code>checkPermission</code> with
321      * <code>java.security.AllPermission</code> does not
322      * result in a SecurityException.
323      *
324      * </ol>
325      *
326      * @return the class loader of the most recent occurrence on the stack
327      * of a method from a class defined using a non-system class
328      * loader.
329      *
330      * @deprecated This type of security checking is not recommended.
331      * It is recommended that the <code>checkPermission</code>
332      * call be used instead.
333      *
334      * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
335      * @see #checkPermission(java.security.Permission) checkPermission
336      */
337     @Deprecated JavaDoc
338     protected ClassLoader JavaDoc currentClassLoader()
339     {
340     ClassLoader JavaDoc cl = currentClassLoader0();
341     if ((cl != null) && hasAllPermission())
342         cl = null;
343     return cl;
344     }
345
346     private native ClassLoader JavaDoc currentClassLoader0();
347
348     /**
349      * Returns the class of the most recently executing method from
350      * a class defined using a non-system class loader. A non-system
351      * class loader is defined as being a class loader that is not equal to
352      * the system class loader (as returned
353      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
354      * <p>
355      * This method will return
356      * <code>null</code> in the following three cases:<p>
357      * <ol>
358      * <li>All methods on the execution stack are from classes
359      * defined using the system class loader or one of its ancestors.
360      *
361      * <li>All methods on the execution stack up to the first
362      * "privileged" caller
363      * (see {@link java.security.AccessController#doPrivileged})
364      * are from classes
365      * defined using the system class loader or one of its ancestors.
366      *
367      * <li> A call to <code>checkPermission</code> with
368      * <code>java.security.AllPermission</code> does not
369      * result in a SecurityException.
370      *
371      * </ol>
372      *
373      * @return the class of the most recent occurrence on the stack
374      * of a method from a class defined using a non-system class
375      * loader.
376      *
377      * @deprecated This type of security checking is not recommended.
378      * It is recommended that the <code>checkPermission</code>
379      * call be used instead.
380      *
381      * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
382      * @see #checkPermission(java.security.Permission) checkPermission
383      */
384     @Deprecated JavaDoc
385     protected Class JavaDoc<?> currentLoadedClass() {
386     Class JavaDoc c = currentLoadedClass0();
387     if ((c != null) && hasAllPermission())
388         c = null;
389     return c;
390     }
391
392     /**
393      * Returns the stack depth of the specified class.
394      *
395      * @param name the fully qualified name of the class to search for.
396      * @return the depth on the stack frame of the first occurrence of a
397      * method from a class with the specified name;
398      * <code>-1</code> if such a frame cannot be found.
399      * @deprecated This type of security checking is not recommended.
400      * It is recommended that the <code>checkPermission</code>
401      * call be used instead.
402      *
403      */
404     @Deprecated JavaDoc
405     protected native int classDepth(String JavaDoc name);
406
407     /**
408      * Returns the stack depth of the most recently executing method
409      * from a class defined using a non-system class loader. A non-system
410      * class loader is defined as being a class loader that is not equal to
411      * the system class loader (as returned
412      * by {@link ClassLoader#getSystemClassLoader}) or one of its ancestors.
413      * <p>
414      * This method will return
415      * -1 in the following three cases:<p>
416      * <ol>
417      * <li>All methods on the execution stack are from classes
418      * defined using the system class loader or one of its ancestors.
419      *
420      * <li>All methods on the execution stack up to the first
421      * "privileged" caller
422      * (see {@link java.security.AccessController#doPrivileged})
423      * are from classes
424      * defined using the system class loader or one of its ancestors.
425      *
426      * <li> A call to <code>checkPermission</code> with
427      * <code>java.security.AllPermission</code> does not
428      * result in a SecurityException.
429      *
430      * </ol>
431      *
432      * @return the depth on the stack frame of the most recent occurrence of
433      * a method from a class defined using a non-system class loader.
434      *
435      * @deprecated This type of security checking is not recommended.
436      * It is recommended that the <code>checkPermission</code>
437      * call be used instead.
438      *
439      * @see java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
440      * @see #checkPermission(java.security.Permission) checkPermission
441      */
442     @Deprecated JavaDoc
443     protected int classLoaderDepth()
444     {
445     int depth = classLoaderDepth0();
446     if (depth != -1) {
447         if (hasAllPermission())
448         depth = -1;
449         else
450         depth--; // make sure we don't include ourself
451 }
452     return depth;
453     }
454
455     private native int classLoaderDepth0();
456
457     /**
458      * Tests if a method from a class with the specified
459      * name is on the execution stack.
460      *
461      * @param name the fully qualified name of the class.
462      * @return <code>true</code> if a method from a class with the specified
463      * name is on the execution stack; <code>false</code> otherwise.
464      * @deprecated This type of security checking is not recommended.
465      * It is recommended that the <code>checkPermission</code>
466      * call be used instead.
467      */
468     @Deprecated JavaDoc
469     protected boolean inClass(String JavaDoc name) {
470     return classDepth(name) >= 0;
471     }
472
473     /**
474      * Basically, tests if a method from a class defined using a
475      * class loader is on the execution stack.
476      *
477      * @return <code>true</code> if a call to <code>currentClassLoader</code>
478      * has a non-null return value.
479      *
480      * @deprecated This type of security checking is not recommended.
481      * It is recommended that the <code>checkPermission</code>
482      * call be used instead.
483      * @see #currentClassLoader() currentClassLoader
484      */
485     @Deprecated JavaDoc
486     protected boolean inClassLoader() {
487     return currentClassLoader() != null;
488     }
489
490     /**
491      * Creates an object that encapsulates the current execution
492      * environment. The result of this method is used, for example, by the
493      * three-argument <code>checkConnect</code> method and by the
494      * two-argument <code>checkRead</code> method.
495      * These methods are needed because a trusted method may be called
496      * on to read a file or open a socket on behalf of another method.
497      * The trusted method needs to determine if the other (possibly
498      * untrusted) method would be allowed to perform the operation on its
499      * own.
500      * <p> The default implementation of this method is to return
501      * an <code>AccessControlContext</code> object.
502      *
503      * @return an implementation-dependent object that encapsulates
504      * sufficient information about the current execution environment
505      * to perform some security checks later.
506      * @see java.lang.SecurityManager#checkConnect(java.lang.String, int,
507      * java.lang.Object) checkConnect
508      * @see java.lang.SecurityManager#checkRead(java.lang.String,
509      * java.lang.Object) checkRead
510      * @see java.security.AccessControlContext AccessControlContext
511      */
512     public Object JavaDoc getSecurityContext() {
513     return AccessController.getContext();
514     }
515
516     /**
517      * Throws a <code>SecurityException</code> if the requested
518      * access, specified by the given permission, is not permitted based
519      * on the security policy currently in effect.
520      * <p>
521      * This method calls <code>AccessController.checkPermission</code>
522      * with the given permission.
523      *
524      * @param perm the requested permission.
525      * @exception SecurityException if access is not permitted based on
526      * the current security policy.
527      * @exception NullPointerException if the permission argument is
528      * <code>null</code>.
529      * @since 1.2
530      */
531     public void checkPermission(Permission JavaDoc perm) {
532     java.security.AccessController.checkPermission(perm);
533     }
534
535     /**
536      * Throws a <code>SecurityException</code> if the
537      * specified security context is denied access to the resource
538      * specified by the given permission.
539      * The context must be a security
540      * context returned by a previous call to
541      * <code>getSecurityContext</code> and the access control
542      * decision is based upon the configured security policy for
543      * that security context.
544      * <p>
545      * If <code>context</code> is an instance of
546      * <code>AccessControlContext</code> then the
547      * <code>AccessControlContext.checkPermission</code> method is
548      * invoked with the specified permission.
549      * <p>
550      * If <code>context</code> is not an instance of
551      * <code>AccessControlContext</code> then a
552      * <code>SecurityException</code> is thrown.
553      *
554      * @param perm the specified permission
555      * @param context a system-dependent security context.
556      * @exception SecurityException if the specified security context
557      * is not an instance of <code>AccessControlContext</code>
558      * (e.g., is <code>null</code>), or is denied access to the
559      * resource specified by the given permission.
560      * @exception NullPointerException if the permission argument is
561      * <code>null</code>.
562      * @see java.lang.SecurityManager#getSecurityContext()
563      * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
564      * @since 1.2
565      */
566     public void checkPermission(Permission JavaDoc perm, Object JavaDoc context) {
567     if (context instanceof AccessControlContext) {
568         ((AccessControlContext)context).checkPermission(perm);
569     } else {
570         throw new SecurityException JavaDoc();
571     }
572     }
573
574     /**
575      * Throws a <code>SecurityException</code> if the
576      * calling thread is not allowed to create a new class loader.
577      * <p>
578      * This method calls <code>checkPermission</code> with the
579      * <code>RuntimePermission("createClassLoader")</code>
580      * permission.
581      * <p>
582      * If you override this method, then you should make a call to
583      * <code>super.checkCreateClassLoader</code>
584      * at the point the overridden method would normally throw an
585      * exception.
586      *
587      * @exception SecurityException if the calling thread does not
588      * have permission
589      * to create a new class loader.
590      * @see java.lang.ClassLoader#ClassLoader()
591      * @see #checkPermission(java.security.Permission) checkPermission
592      */
593     public void checkCreateClassLoader() {
594     checkPermission(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);
595     }
596
597     /**
598      * reference to the root thread group, used for the checkAccess
599      * methods.
600      */
601
602     private static ThreadGroup JavaDoc rootGroup = getRootGroup();
603    
604     private static ThreadGroup JavaDoc getRootGroup() {
605     ThreadGroup JavaDoc root = Thread.currentThread().getThreadGroup();
606     while (root.getParent() != null) {
607         root = root.getParent();
608     }
609     return root;
610     }
611
612     /**
613      * Throws a <code>SecurityException</code> if the
614      * calling thread is not allowed to modify the thread argument.
615      * <p>
616      * This method is invoked for the current security manager by the
617      * <code>stop</code>, <code>suspend</code>, <code>resume</code>,
618      * <code>setPriority</code>, <code>setName</code>, and
619      * <code>setDaemon</code> methods of class <code>Thread</code>.
620      * <p>
621      * If the thread argument is a system thread (belongs to
622      * the thread group with a <code>null</code> parent) then
623      * this method calls <code>checkPermission</code> with the
624      * <code>RuntimePermission("modifyThread")</code> permission.
625      * If the thread argument is <i>not</i> a system thread,
626      * this method just returns silently.
627      * <p>
628      * Applications that want a stricter policy should override this
629      * method. If this method is overridden, the method that overrides
630      * it should additionally check to see if the calling thread has the
631      * <code>RuntimePermission("modifyThread")</code> permission, and
632      * if so, return silently. This is to ensure that code granted
633      * that permission (such as the JDK itself) is allowed to
634      * manipulate any thread.
635      * <p>
636      * If this method is overridden, then
637      * <code>super.checkAccess</code> should
638      * be called by the first statement in the overridden method, or the
639      * equivalent security check should be placed in the overridden method.
640      *
641      * @param t the thread to be checked.
642      * @exception SecurityException if the calling thread does not have
643      * permission to modify the thread.
644      * @exception NullPointerException if the thread argument is
645      * <code>null</code>.
646      * @see java.lang.Thread#resume() resume
647      * @see java.lang.Thread#setDaemon(boolean) setDaemon
648      * @see java.lang.Thread#setName(java.lang.String) setName
649      * @see java.lang.Thread#setPriority(int) setPriority
650      * @see java.lang.Thread#stop() stop
651      * @see java.lang.Thread#suspend() suspend
652      * @see #checkPermission(java.security.Permission) checkPermission
653      */
654     public void checkAccess(Thread JavaDoc t) {
655     if (t == null) {
656         throw new NullPointerException JavaDoc("thread can't be null");
657     }
658     if (t.getThreadGroup() == rootGroup) {
659         checkPermission(SecurityConstants.MODIFY_THREAD_PERMISSION);
660     } else {
661         // just return
662 }
663     }
664     /**
665      * Throws a <code>SecurityException</code> if the
666      * calling thread is not allowed to modify the thread group argument.
667      * <p>
668      * This method is invoked for the current security manager when a
669      * new child thread or child thread group is created, and by the
670      * <code>setDaemon</code>, <code>setMaxPriority</code>,
671      * <code>stop</code>, <code>suspend</code>, <code>resume</code>, and
672      * <code>destroy</code> methods of class <code>ThreadGroup</code>.
673      * <p>
674      * If the thread group argument is the system thread group (
675      * has a <code>null</code> parent) then
676      * this method calls <code>checkPermission</code> with the
677      * <code>RuntimePermission("modifyThreadGroup")</code> permission.
678      * If the thread group argument is <i>not</i> the system thread group,
679      * this method just returns silently.
680      * <p>
681      * Applications that want a stricter policy should override this
682      * method. If this method is overridden, the method that overrides
683      * it should additionally check to see if the calling thread has the
684      * <code>RuntimePermission("modifyThreadGroup")</code> permission, and
685      * if so, return silently. This is to ensure that code granted
686      * that permission (such as the JDK itself) is allowed to
687      * manipulate any thread.
688      * <p>
689      * If this method is overridden, then
690      * <code>super.checkAccess</code> should
691      * be called by the first statement in the overridden method, or the
692      * equivalent security check should be placed in the overridden method.
693      *
694      * @param g the thread group to be checked.
695      * @exception SecurityException if the calling thread does not have
696      * permission to modify the thread group.
697      * @exception NullPointerException if the thread group argument is
698      * <code>null</code>.
699      * @see java.lang.ThreadGroup#destroy() destroy
700      * @see java.lang.ThreadGroup#resume() resume
701      * @see java.lang.ThreadGroup#setDaemon(boolean) setDaemon
702      * @see java.lang.ThreadGroup#setMaxPriority(int) setMaxPriority
703      * @see java.lang.ThreadGroup#stop() stop
704      * @see java.lang.ThreadGroup#suspend() suspend
705      * @see #checkPermission(java.security.Permission) checkPermission
706      */
707     public void checkAccess(ThreadGroup JavaDoc g) {
708     if (g == null) {
709         throw new NullPointerException JavaDoc("thread group can't be null");
710     }
711     if (g == rootGroup) {
712         checkPermission(SecurityConstants.MODIFY_THREADGROUP_PERMISSION);
713     } else {
714         // just return
715 }
716     }
717
718     /**
719      * Throws a <code>SecurityException</code> if the
720      * calling thread is not allowed to cause the Java Virtual Machine to
721      * halt with the specified status code.
722      * <p>
723      * This method is invoked for the current security manager by the
724      * <code>exit</code> method of class <code>Runtime</code>. A status
725      * of <code>0</code> indicates success; other values indicate various
726      * errors.
727      * <p>
728      * This method calls <code>checkPermission</code> with the
729      * <code>RuntimePermission("exitVM")</code> permission.
730      * <p>
731      * If you override this method, then you should make a call to
732      * <code>super.checkExit</code>
733      * at the point the overridden method would normally throw an
734      * exception.
735      *
736      * @param status the exit status.
737      * @exception SecurityException if the calling thread does not have
738      * permission to halt the Java Virtual Machine with
739      * the specified status.
740      * @see java.lang.Runtime#exit(int) exit
741      * @see #checkPermission(java.security.Permission) checkPermission
742      */
743     public void checkExit(int status) {
744     checkPermission(new RuntimePermission JavaDoc("exitVM"));
745     }
746
747     /**
748      * Throws a <code>SecurityException</code> if the
749      * calling thread is not allowed to create a subprocess.
750      * <p>
751      * This method is invoked for the current security manager by the
752      * <code>exec</code> methods of class <code>Runtime</code>.
753      * <p>
754      * This method calls <code>checkPermission</code> with the
755      * <code>FilePermission(cmd,"execute")</code> permission
756      * if cmd is an absolute path, otherwise it calls
757      * <code>checkPermission</code> with
758      * <code>FilePermission("&lt;&lt;ALL FILES&gt;&gt;","execute")</code>.
759      * <p>
760      * If you override this method, then you should make a call to
761      * <code>super.checkExec</code>
762      * at the point the overridden method would normally throw an
763      * exception.
764      *
765      * @param cmd the specified system command.
766      * @exception SecurityException if the calling thread does not have
767      * permission to create a subprocess.
768      * @exception NullPointerException if the <code>cmd</code> argument is
769      * <code>null</code>.
770      * @see java.lang.Runtime#exec(java.lang.String)
771      * @see java.lang.Runtime#exec(java.lang.String, java.lang.String[])
772      * @see java.lang.Runtime#exec(java.lang.String[])
773      * @see java.lang.Runtime#exec(java.lang.String[], java.lang.String[])
774      * @see #checkPermission(java.security.Permission) checkPermission
775      */
776     public void checkExec(String JavaDoc cmd) {
777     File JavaDoc f = new File JavaDoc(cmd);
778     if (f.isAbsolute()) {
779         checkPermission(new FilePermission JavaDoc(cmd,
780         SecurityConstants.FILE_EXECUTE_ACTION));
781     } else {
782         checkPermission(new FilePermission JavaDoc("<<ALL FILES>>",
783         SecurityConstants.FILE_EXECUTE_ACTION));
784     }
785     }
786
787     /**
788      * Throws a <code>SecurityException</code> if the
789      * calling thread is not allowed to dynamic link the library code
790      * specified by the string argument file. The argument is either a
791      * simple library name or a complete filename.
792      * <p>
793      * This method is invoked for the current security manager by
794      * methods <code>load</code> and <code>loadLibrary</code> of class
795      * <code>Runtime</code>.
796      * <p>
797      * This method calls <code>checkPermission</code> with the
798      * <code>RuntimePermission("loadLibrary."+lib)</code> permission.
799      * <p>
800      * If you override this method, then you should make a call to
801      * <code>super.checkLink</code>
802      * at the point the overridden method would normally throw an
803      * exception.
804      *
805      * @param lib the name of the library.
806      * @exception SecurityException if the calling thread does not have
807      * permission to dynamically link the library.
808      * @exception NullPointerException if the <code>lib</code> argument is
809      * <code>null</code>.
810      * @see java.lang.Runtime#load(java.lang.String)
811      * @see java.lang.Runtime#loadLibrary(java.lang.String)
812      * @see #checkPermission(java.security.Permission) checkPermission
813      */
814     public void checkLink(String JavaDoc lib) {
815     if (lib == null) {
816         throw new NullPointerException JavaDoc("library can't be null");
817     }
818         checkPermission(new RuntimePermission JavaDoc("loadLibrary."+lib));
819     }
820
821     /**
822      * Throws a <code>SecurityException</code> if the
823      * calling thread is not allowed to read from the specified file
824      * descriptor.
825      * <p>
826      * This method calls <code>checkPermission</code> with the
827      * <code>RuntimePermission("readFileDescriptor")</code>
828      * permission.
829      * <p>
830      * If you override this method, then you should make a call to
831      * <code>super.checkRead</code>
832      * at the point the overridden method would normally throw an
833      * exception.
834      *
835      * @param fd the system-dependent file descriptor.
836      * @exception SecurityException if the calling thread does not have
837      * permission to access the specified file descriptor.
838      * @exception NullPointerException if the file descriptor argument is
839      * <code>null</code>.
840      * @see java.io.FileDescriptor
841      * @see #checkPermission(java.security.Permission) checkPermission
842      */
843     public void checkRead(FileDescriptor JavaDoc fd) {
844     if (fd == null) {
845         throw new NullPointerException JavaDoc("file descriptor can't be null");
846     }
847         checkPermission(new RuntimePermission JavaDoc("readFileDescriptor"));
848     }
849
850     /**
851      * Throws a <code>SecurityException</code> if the
852      * calling thread is not allowed to read the file specified by the
853      * string argument.
854      * <p>
855      * This method calls <code>checkPermission</code> with the
856      * <code>FilePermission(file,"read")</code> permission.
857      * <p>
858      * If you override this method, then you should make a call to
859      * <code>super.checkRead</code>
860      * at the point the overridden method would normally throw an
861      * exception.
862      *
863      * @param file the system-dependent file name.
864      * @exception SecurityException if the calling thread does not have
865      * permission to access the specified file.
866      * @exception NullPointerException if the <code>file</code> argument is
867      * <code>null</code>.
868      * @see #checkPermission(java.security.Permission) checkPermission
869      */
870     public void checkRead(String JavaDoc file) {
871     checkPermission(new FilePermission JavaDoc(file,
872         SecurityConstants.FILE_READ_ACTION));
873     }
874
875     /**
876      * Throws a <code>SecurityException</code> if the
877      * specified security context is not allowed to read the file
878      * specified by the string argument. The context must be a security
879      * context returned by a previous call to
880      * <code>getSecurityContext</code>.
881      * <p> If <code>context</code> is an instance of
882      * <code>AccessControlContext</code> then the
883      * <code>AccessControlContext.checkPermission</code> method will
884      * be invoked with the <code>FilePermission(file,"read")</code> permission.
885      * <p> If <code>context</code> is not an instance of
886      * <code>AccessControlContext</code> then a
887      * <code>SecurityException</code> is thrown.
888      * <p>
889      * If you override this method, then you should make a call to
890      * <code>super.checkRead</code>
891      * at the point the overridden method would normally throw an
892      * exception.
893      *
894      * @param file the system-dependent filename.
895      * @param context a system-dependent security context.
896      * @exception SecurityException if the specified security context
897      * is not an instance of <code>AccessControlContext</code>
898      * (e.g., is <code>null</code>), or does not have permission
899      * to read the specified file.
900      * @exception NullPointerException if the <code>file</code> argument is
901      * <code>null</code>.
902      * @see java.lang.SecurityManager#getSecurityContext()
903      * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
904      */
905     public void checkRead(String JavaDoc file, Object JavaDoc context) {
906     checkPermission(
907         new FilePermission JavaDoc(file, SecurityConstants.FILE_READ_ACTION),
908         context);
909     }
910
911     /**
912      * Throws a <code>SecurityException</code> if the
913      * calling thread is not allowed to write to the specified file
914      * descriptor.
915      * <p>
916      * This method calls <code>checkPermission</code> with the
917      * <code>RuntimePermission("writeFileDescriptor")</code>
918      * permission.
919      * <p>
920      * If you override this method, then you should make a call to
921      * <code>super.checkWrite</code>
922      * at the point the overridden method would normally throw an
923      * exception.
924      *
925      * @param fd the system-dependent file descriptor.
926      * @exception SecurityException if the calling thread does not have
927      * permission to access the specified file descriptor.
928      * @exception NullPointerException if the file descriptor argument is
929      * <code>null</code>.
930      * @see java.io.FileDescriptor
931      * @see #checkPermission(java.security.Permission) checkPermission
932      */
933     public void checkWrite(FileDescriptor JavaDoc fd) {
934     if (fd == null) {
935         throw new NullPointerException JavaDoc("file descriptor can't be null");
936     }
937         checkPermission(new RuntimePermission JavaDoc("writeFileDescriptor"));
938
939     }
940
941     /**
942      * Throws a <code>SecurityException</code> if the
943      * calling thread is not allowed to write to the file specified by
944      * the string argument.
945      * <p>
946      * This method calls <code>checkPermission</code> with the
947      * <code>FilePermission(file,"write")</code> permission.
948      * <p>
949      * If you override this method, then you should make a call to
950      * <code>super.checkWrite</code>
951      * at the point the overridden method would normally throw an
952      * exception.
953      *
954      * @param file the system-dependent filename.
955      * @exception SecurityException if the calling thread does not
956      * have permission to access the specified file.
957      * @exception NullPointerException if the <code>file</code> argument is
958      * <code>null</code>.
959      * @see #checkPermission(java.security.Permission) checkPermission
960      */
961     public void checkWrite(String JavaDoc file) {
962     checkPermission(new FilePermission JavaDoc(file,
963         SecurityConstants.FILE_WRITE_ACTION));
964     }
965
966     /**
967      * Throws a <code>SecurityException</code> if the
968      * calling thread is not allowed to delete the specified file.
969      * <p>
970      * This method is invoked for the current security manager by the
971      * <code>delete</code> method of class <code>File</code>.
972      * <p>
973      * This method calls <code>checkPermission</code> with the
974      * <code>FilePermission(file,"delete")</code> permission.
975      * <p>
976      * If you override this method, then you should make a call to
977      * <code>super.checkDelete</code>
978      * at the point the overridden method would normally throw an
979      * exception.
980      *
981      * @param file the system-dependent filename.
982      * @exception SecurityException if the calling thread does not
983      * have permission to delete the file.
984      * @exception NullPointerException if the <code>file</code> argument is
985      * <code>null</code>.
986      * @see java.io.File#delete()
987      * @see #checkPermission(java.security.Permission) checkPermission
988      */
989     public void checkDelete(String JavaDoc file) {
990     checkPermission(new FilePermission JavaDoc(file,
991         SecurityConstants.FILE_DELETE_ACTION));
992     }
993
994     /**
995      * Throws a <code>SecurityException</code> if the
996      * calling thread is not allowed to open a socket connection to the
997      * specified host and port number.
998      * <p>
999      * A port number of <code>-1</code> indicates that the calling
1000     * method is attempting to determine the IP address of the specified
1001     * host name.
1002     * <p>
1003     * This method calls <code>checkPermission</code> with the
1004     * <code>SocketPermission(host+":"+port,"connect")</code> permission if
1005     * the port is not equal to -1. If the port is equal to -1, then
1006     * it calls <code>checkPermission</code> with the
1007     * <code>SocketPermission(host,"resolve")</code> permission.
1008     * <p>
1009     * If you override this method, then you should make a call to
1010     * <code>super.checkConnect</code>
1011     * at the point the overridden method would normally throw an
1012     * exception.
1013     *
1014     * @param host the host name port to connect to.
1015     * @param port the protocol port to connect to.
1016     * @exception SecurityException if the calling thread does not have
1017     * permission to open a socket connection to the specified
1018     * <code>host</code> and <code>port</code>.
1019     * @exception NullPointerException if the <code>host</code> argument is
1020     * <code>null</code>.
1021     * @see #checkPermission(java.security.Permission) checkPermission
1022     */
1023    public void checkConnect(String JavaDoc host, int port) {
1024    if (host == null) {
1025        throw new NullPointerException JavaDoc("host can't be null");
1026    }
1027    if (!host.startsWith("[") && host.indexOf(':') != -1) {
1028        host = "[" + host + "]";
1029    }
1030    if (port == -1) {
1031        checkPermission(new SocketPermission JavaDoc(host,
1032        SecurityConstants.SOCKET_RESOLVE_ACTION));
1033    } else {
1034        checkPermission(new SocketPermission JavaDoc(host+":"+port,
1035        SecurityConstants.SOCKET_CONNECT_ACTION));
1036    }
1037    }
1038
1039    /**
1040     * Throws a <code>SecurityException</code> if the
1041     * specified security context is not allowed to open a socket
1042     * connection to the specified host and port number.
1043     * <p>
1044     * A port number of <code>-1</code> indicates that the calling
1045     * method is attempting to determine the IP address of the specified
1046     * host name.
1047     * <p> If <code>context</code> is not an instance of
1048     * <code>AccessControlContext</code> then a
1049     * <code>SecurityException</code> is thrown.
1050     * <p>
1051     * Otherwise, the port number is checked. If it is not equal
1052     * to -1, the <code>context</code>'s <code>checkPermission</code>
1053     * method is called with a
1054     * <code>SocketPermission(host+":"+port,"connect")</code> permission.
1055     * If the port is equal to -1, then
1056     * the <code>context</code>'s <code>checkPermission</code> method
1057     * is called with a
1058     * <code>SocketPermission(host,"resolve")</code> permission.
1059     * <p>
1060     * If you override this method, then you should make a call to
1061     * <code>super.checkConnect</code>
1062     * at the point the overridden method would normally throw an
1063     * exception.
1064     *
1065     * @param host the host name port to connect to.
1066     * @param port the protocol port to connect to.
1067     * @param context a system-dependent security context.
1068     * @exception SecurityException if the specified security context
1069     * is not an instance of <code>AccessControlContext</code>
1070     * (e.g., is <code>null</code>), or does not have permission
1071     * to open a socket connection to the specified
1072     * <code>host</code> and <code>port</code>.
1073     * @exception NullPointerException if the <code>host</code> argument is
1074     * <code>null</code>.
1075     * @see java.lang.SecurityManager#getSecurityContext()
1076     * @see java.security.AccessControlContext#checkPermission(java.security.Permission)
1077     */
1078    public void checkConnect(String JavaDoc host, int port, Object JavaDoc context) {
1079    if (host == null) {
1080        throw new NullPointerException JavaDoc("host can't be null");
1081    }
1082    if (!host.startsWith("[") && host.indexOf(':') != -1) {
1083        host = "[" + host + "]";
1084    }
1085    if (port == -1)
1086        checkPermission(new SocketPermission JavaDoc(host,
1087        SecurityConstants.SOCKET_RESOLVE_ACTION),
1088        context);
1089    else
1090        checkPermission(new SocketPermission JavaDoc(host+":"+port,
1091        SecurityConstants.SOCKET_CONNECT_ACTION),
1092        context);
1093    }
1094
1095    /**
1096     * Throws a <code>SecurityException</code> if the
1097     * calling thread is not allowed to wait for a connection request on
1098     * the specified local port number.
1099     * <p>
1100     * If port is not 0, this method calls
1101     * <code>checkPermission</code> with the
1102     * <code>SocketPermission("localhost:"+port,"listen")</code>.
1103     * If port is zero, this method calls <code>checkPermission</code>
1104     * with <code>SocketPermission("localhost:1024-","listen").</code>
1105     * <p>
1106     * If you override this method, then you should make a call to
1107     * <code>super.checkListen</code>
1108     * at the point the overridden method would normally throw an
1109     * exception.
1110     *
1111     * @param port the local port.
1112     * @exception SecurityException if the calling thread does not have
1113     * permission to listen on the specified port.
1114     * @see #checkPermission(java.security.Permission) checkPermission
1115     */
1116    public void checkListen(int port) {
1117    if (port == 0) {
1118        checkPermission(SecurityConstants.LOCAL_LISTEN_PERMISSION);
1119    } else {
1120        checkPermission(new SocketPermission JavaDoc("localhost:"+port,
1121        SecurityConstants.SOCKET_LISTEN_ACTION));
1122    }
1123    }
1124
1125    /**
1126     * Throws a <code>SecurityException</code> if the
1127     * calling thread is not permitted to accept a socket connection from
1128     * the specified host and port number.
1129     * <p>
1130     * This method is invoked for the current security manager by the
1131     * <code>accept</code> method of class <code>ServerSocket</code>.
1132     * <p>
1133     * This method calls <code>checkPermission</code> with the
1134     * <code>SocketPermission(host+":"+port,"accept")</code> permission.
1135     * <p>
1136     * If you override this method, then you should make a call to
1137     * <code>super.checkAccept</code>
1138     * at the point the overridden method would normally throw an
1139     * exception.
1140     *
1141     * @param host the host name of the socket connection.
1142     * @param port the port number of the socket connection.
1143     * @exception SecurityException if the calling thread does not have
1144     * permission to accept the connection.
1145     * @exception NullPointerException if the <code>host</code> argument is
1146     * <code>null</code>.
1147     * @see java.net.ServerSocket#accept()
1148     * @see #checkPermission(java.security.Permission) checkPermission
1149     */
1150    public void checkAccept(String JavaDoc host, int port) {
1151    if (host == null) {
1152        throw new NullPointerException JavaDoc("host can't be null");
1153    }
1154    if (!host.startsWith("[") && host.indexOf(':') != -1) {
1155        host = "[" + host + "]";
1156    }
1157    checkPermission(new SocketPermission JavaDoc(host+":"+port,
1158        SecurityConstants.SOCKET_ACCEPT_ACTION));
1159    }
1160
1161    /**
1162     * Throws a <code>SecurityException</code> if the
1163     * calling thread is not allowed to use
1164     * (join/leave/send/receive) IP multicast.
1165     * <p>
1166     * This method calls <code>checkPermission</code> with the
1167     * <code>java.net.SocketPermission(maddr.getHostAddress(),
1168     * "accept,connect")</code> permission.
1169     * <p>
1170     * If you override this method, then you should make a call to
1171     * <code>super.checkMulticast</code>
1172     * at the point the overridden method would normally throw an
1173     * exception.
1174     *
1175     * @param maddr Internet group address to be used.
1176     * @exception SecurityException if the calling thread is not allowed to
1177     * use (join/leave/send/receive) IP multicast.
1178     * @exception NullPointerException if the address argument is
1179     * <code>null</code>.
1180     * @since JDK1.1
1181     * @see #checkPermission(java.security.Permission) checkPermission
1182     */
1183    public void checkMulticast(InetAddress JavaDoc maddr) {
1184    String JavaDoc host = maddr.getHostAddress();
1185    if (!host.startsWith("[") && host.indexOf(':') != -1) {
1186        host = "[" + host + "]";
1187    }
1188        checkPermission(new SocketPermission JavaDoc(host,
1189        SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1190    }
1191
1192    /**
1193     * Throws a <code>SecurityException</code> if the
1194     * calling thread is not allowed to use
1195     * (join/leave/send/receive) IP multicast.
1196     * <p>
1197     * This method calls <code>checkPermission</code> with the
1198     * <code>java.net.SocketPermission(maddr.getHostAddress(),
1199     * "accept,connect")</code> permission.
1200     * <p>
1201     * If you override this method, then you should make a call to
1202     * <code>super.checkMulticast</code>
1203     * at the point the overridden method would normally throw an
1204     * exception.
1205     *
1206     * @param maddr Internet group address to be used.
1207     * @param ttl value in use, if it is multicast send.
1208     * Note: this particular implementation does not use the ttl
1209     * parameter.
1210     * @exception SecurityException if the calling thread is not allowed to
1211     * use (join/leave/send/receive) IP multicast.
1212     * @exception NullPointerException if the address argument is
1213     * <code>null</code>.
1214     * @since JDK1.1
1215     * @deprecated Use #checkPermission(java.security.Permission) instead
1216     * @see #checkPermission(java.security.Permission) checkPermission
1217     */
1218    @Deprecated JavaDoc
1219    public void checkMulticast(InetAddress JavaDoc maddr, byte ttl) {
1220    String JavaDoc host = maddr.getHostAddress();
1221    if (!host.startsWith("[") && host.indexOf(':') != -1) {
1222        host = "[" + host + "]";
1223    }
1224        checkPermission(new SocketPermission JavaDoc(host,
1225        SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
1226    }
1227
1228    /**
1229     * Throws a <code>SecurityException</code> if the
1230     * calling thread is not allowed to access or modify the system
1231     * properties.
1232     * <p>
1233     * This method is used by the <code>getProperties</code> and
1234     * <code>setProperties</code> methods of class <code>System</code>.
1235     * <p>
1236     * This method calls <code>checkPermission</code> with the
1237     * <code>PropertyPermission("*", "read,write")</code> permission.
1238     * <p>
1239     * If you override this method, then you should make a call to
1240     * <code>super.checkPropertiesAccess</code>
1241     * at the point the overridden method would normally throw an
1242     * exception.
1243     * <p>
1244     *
1245     * @exception SecurityException if the calling thread does not have
1246     * permission to access or modify the system properties.
1247     * @see java.lang.System#getProperties()
1248     * @see java.lang.System#setProperties(java.util.Properties)
1249     * @see #checkPermission(java.security.Permission) checkPermission
1250     */
1251    public void checkPropertiesAccess() {
1252        checkPermission(new PropertyPermission JavaDoc("*",
1253        SecurityConstants.PROPERTY_RW_ACTION));
1254    }
1255
1256    /**
1257     * Throws a <code>SecurityException</code> if the
1258     * calling thread is not allowed to access the system property with
1259     * the specified <code>key</code> name.
1260     * <p>
1261     * This method is used by the <code>getProperty</code> method of
1262     * class <code>System</code>.
1263     * <p>
1264     * This method calls <code>checkPermission</code> with the
1265     * <code>PropertyPermission(key, "read")</code> permission.
1266     * <p>
1267     * <p>
1268     * If you override this method, then you should make a call to
1269     * <code>super.checkPropertyAccess</code>
1270     * at the point the overridden method would normally throw an
1271     * exception.
1272     *
1273     * @param key a system property key.
1274     *
1275     * @exception SecurityException if the calling thread does not have
1276     * permission to access the specified system property.
1277     * @exception NullPointerException if the <code>key</code> argument is
1278     * <code>null</code>.
1279     * @exception IllegalArgumentException if <code>key</code> is empty.
1280     *
1281     * @see java.lang.System#getProperty(java.lang.String)
1282     * @see #checkPermission(java.security.Permission) checkPermission
1283     */
1284    public void checkPropertyAccess(String JavaDoc key) {
1285        checkPermission(new PropertyPermission JavaDoc(key,
1286        SecurityConstants.PROPERTY_READ_ACTION));
1287    }
1288
1289    /**
1290     * Returns <code>false</code> if the calling
1291     * thread is not trusted to bring up the top-level window indicated
1292     * by the <code>window</code> argument. In this case, the caller can
1293     * still decide to show the window, but the window should include
1294     * some sort of visual warning. If the method returns
1295     * <code>true</code>, then the window can be shown without any
1296     * special restrictions.
1297     * <p>
1298     * See class <code>Window</code> for more information on trusted and
1299     * untrusted windows.
1300     * <p>
1301     * This method calls
1302     * <code>checkPermission</code> with the
1303     * <code>AWTPermission("showWindowWithoutWarningBanner")</code> permission,
1304     * and returns <code>true</code> if a SecurityException is not thrown,
1305     * otherwise it returns <code>false</code>.
1306     * <p>
1307     * If you override this method, then you should make a call to
1308     * <code>super.checkTopLevelWindow</code>
1309     * at the point the overridden method would normally return
1310     * <code>false</code>, and the value of
1311     * <code>super.checkTopLevelWindow</code> should
1312     * be returned.
1313     *
1314     * @param window the new window that is being created.
1315     * @return <code>true</code> if the calling thread is trusted to put up
1316     * top-level windows; <code>false</code> otherwise.
1317     * @exception NullPointerException if the <code>window</code> argument is
1318     * <code>null</code>.
1319     * @see java.awt.Window
1320     * @see #checkPermission(java.security.Permission) checkPermission
1321     */
1322    public boolean checkTopLevelWindow(Object JavaDoc window) {
1323    if (window == null) {
1324        throw new NullPointerException JavaDoc("window can't be null");
1325    }
1326    try {
1327        checkPermission(SecurityConstants.TOPLEVEL_WINDOW_PERMISSION);
1328        return true;
1329    } catch (SecurityException JavaDoc se) {
1330        // just return false
1331 }
1332    return false;
1333    }
1334
1335    /**
1336     * Throws a <code>SecurityException</code> if the
1337     * calling thread is not allowed to initiate a print job request.
1338     * <p>
1339     * This method calls
1340     * <code>checkPermission</code> with the
1341     * <code>RuntimePermission("queuePrintJob")</code> permission.
1342     * <p>
1343     * If you override this method, then you should make a call to
1344     * <code>super.checkPrintJobAccess</code>
1345     * at the point the overridden method would normally throw an
1346     * exception.
1347     * <p>
1348     *
1349     * @exception SecurityException if the calling thread does not have
1350     * permission to initiate a print job request.
1351     * @since JDK1.1
1352     * @see #checkPermission(java.security.Permission) checkPermission
1353     */
1354    public void checkPrintJobAccess() {
1355        checkPermission(new RuntimePermission JavaDoc("queuePrintJob"));
1356    }
1357
1358    /**
1359     * Throws a <code>SecurityException</code> if the
1360     * calling thread is not allowed to access the system clipboard.
1361     * <p>
1362     * This method calls <code>checkPermission</code> with the
1363     * <code>AWTPermission("accessClipboard")</code>
1364     * permission.
1365     * <p>
1366     * If you override this method, then you should make a call to
1367     * <code>super.checkSystemClipboardAccess</code>
1368     * at the point the overridden method would normally throw an
1369     * exception.
1370     *
1371     * @since JDK1.1
1372     * @exception SecurityException if the calling thread does not have
1373     * permission to access the system clipboard.
1374     * @see #checkPermission(java.security.Permission) checkPermission
1375     */
1376    public void checkSystemClipboardAccess() {
1377    checkPermission(SecurityConstants.ACCESS_CLIPBOARD_PERMISSION);
1378    }
1379
1380    /**
1381     * Throws a <code>SecurityException</code> if the
1382     * calling thread is not allowed to access the AWT event queue.
1383     * <p>
1384     * This method calls <code>checkPermission</code> with the
1385     * <code>AWTPermission("accessEventQueue")</code> permission.
1386     * <p>
1387     * If you override this method, then you should make a call to
1388     * <code>super.checkAwtEventQueueAccess</code>
1389     * at the point the overridden method would normally throw an
1390     * exception.
1391     *
1392     * @since JDK1.1
1393     * @exception SecurityException if the calling thread does not have
1394     * permission to access the AWT event queue.
1395     * @see #checkPermission(java.security.Permission) checkPermission
1396     */
1397    public void checkAwtEventQueueAccess() {
1398        checkPermission(SecurityConstants.CHECK_AWT_EVENTQUEUE_PERMISSION);
1399    }
1400
1401    /*
1402     * We have an initial invalid bit (initially false) for the class
1403     * variables which tell if the cache is valid. If the underlying
1404     * java.security.Security property changes via setProperty(), the
1405     * Security class uses reflection to change the variable and thus
1406     * invalidate the cache.
1407     *
1408     * Locking is handled by synchronization to the
1409     * packageAccessLock/packageDefinitionLock objects. They are only
1410     * used in this class.
1411     *
1412     * Note that cache invalidation as a result of the property change
1413     * happens without using these locks, so there may be a delay between
1414     * when a thread updates the property and when other threads updates
1415     * the cache.
1416     */
1417    private static boolean packageAccessValid = false;
1418    private static String JavaDoc[] packageAccess;
1419    private static final Object JavaDoc packageAccessLock = new Object JavaDoc();
1420
1421    private static boolean packageDefinitionValid = false;
1422    private static String JavaDoc[] packageDefinition;
1423    private static final Object JavaDoc packageDefinitionLock = new Object JavaDoc();
1424
1425    private static String JavaDoc[] getPackages(String JavaDoc p) {
1426    String JavaDoc packages[] = null;
1427    if (p != null && !p.equals("")) {
1428        java.util.StringTokenizer JavaDoc tok =
1429        new java.util.StringTokenizer JavaDoc(p, ",");
1430        int n = tok.countTokens();
1431        if (n > 0) {
1432        packages = new String JavaDoc[n];
1433        int i = 0;
1434        while (tok.hasMoreElements()) {
1435            String JavaDoc s = tok.nextToken().trim();
1436            packages[i++] = s;
1437        }
1438        }
1439    }
1440
1441    if (packages == null)
1442        packages = new String JavaDoc[0];
1443    return packages;
1444    }
1445
1446    /**
1447     * Throws a <code>SecurityException</code> if the
1448     * calling thread is not allowed to access the package specified by
1449     * the argument.
1450     * <p>
1451     * This method is used by the <code>loadClass</code> method of class
1452     * loaders.
1453     * <p>
1454     * This method first gets a list of
1455     * restricted packages by obtaining a comma-separated list from
1456     * a call to
1457     * <code>java.security.Security.getProperty("package.access")</code>,
1458     * and checks to see if <code>pkg</code> starts with or equals
1459     * any of the restricted packages. If it does, then
1460     * <code>checkPermission</code> gets called with the
1461     * <code>RuntimePermission("accessClassInPackage."+pkg)</code>
1462     * permission.
1463     * <p>
1464     * If this method is overridden, then
1465     * <code>super.checkPackageAccess</code> should be called
1466     * as the first line in the overridden method.
1467     *
1468     * @param pkg the package name.
1469     * @exception SecurityException if the calling thread does not have
1470     * permission to access the specified package.
1471     * @exception NullPointerException if the package name argument is
1472     * <code>null</code>.
1473     * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1474     * loadClass
1475     * @see java.security.Security#getProperty getProperty
1476     * @see #checkPermission(java.security.Permission) checkPermission
1477     */
1478    public void checkPackageAccess(String JavaDoc pkg) {
1479    if (pkg == null) {
1480        throw new NullPointerException JavaDoc("package name can't be null");
1481    }
1482
1483    String JavaDoc[] pkgs;
1484    synchronized (packageAccessLock) {
1485        /*
1486         * Do we need to update our property array?
1487         */
1488        if (!packageAccessValid) {
1489        String JavaDoc tmpPropertyStr =
1490            (String JavaDoc) AccessController.doPrivileged(
1491            new PrivilegedAction() {
1492                    public Object JavaDoc run() {
1493                return java.security.Security.getProperty(
1494                    "package.access");
1495                }
1496            }
1497            );
1498        packageAccess = getPackages(tmpPropertyStr);
1499        packageAccessValid = true;
1500        }
1501
1502        // Using a snapshot of packageAccess -- don't care if static field
1503 // changes afterwards; array contents won't change.
1504 pkgs = packageAccess;
1505    }
1506
1507    /*
1508         * Traverse the list of packages, check for any matches.
1509     */
1510    for (int i = 0; i < pkgs.length; i++) {
1511        if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1512        checkPermission(
1513            new RuntimePermission JavaDoc("accessClassInPackage."+pkg));
1514        break; // No need to continue; only need to check this once
1515 }
1516    }
1517    }
1518
1519    /**
1520     * Throws a <code>SecurityException</code> if the
1521     * calling thread is not allowed to define classes in the package
1522     * specified by the argument.
1523     * <p>
1524     * This method is used by the <code>loadClass</code> method of some
1525     * class loaders.
1526     * <p>
1527     * This method first gets a list of restricted packages by
1528     * obtaining a comma-separated list from a call to
1529     * <code>java.security.Security.getProperty("package.definition")</code>,
1530     * and checks to see if <code>pkg</code> starts with or equals
1531     * any of the restricted packages. If it does, then
1532     * <code>checkPermission</code> gets called with the
1533     * <code>RuntimePermission("defineClassInPackage."+pkg)</code>
1534     * permission.
1535     * <p>
1536     * If this method is overridden, then
1537     * <code>super.checkPackageDefinition</code> should be called
1538     * as the first line in the overridden method.
1539     *
1540     * @param pkg the package name.
1541     * @exception SecurityException if the calling thread does not have
1542     * permission to define classes in the specified package.
1543     * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean)
1544     * @see java.security.Security#getProperty getProperty
1545     * @see #checkPermission(java.security.Permission) checkPermission
1546     */
1547    public void checkPackageDefinition(String JavaDoc pkg) {
1548    if (pkg == null) {
1549        throw new NullPointerException JavaDoc("package name can't be null");
1550    }
1551
1552    String JavaDoc[] pkgs;
1553    synchronized (packageDefinitionLock) {
1554        /*
1555         * Do we need to update our property array?
1556         */
1557        if (!packageDefinitionValid) {
1558        String JavaDoc tmpPropertyStr =
1559            (String JavaDoc) AccessController.doPrivileged(
1560            new PrivilegedAction() {
1561                    public Object JavaDoc run() {
1562                return java.security.Security.getProperty(
1563                    "package.definition");
1564                }
1565            }
1566            );
1567        packageDefinition = getPackages(tmpPropertyStr);
1568        packageDefinitionValid = true;
1569        }
1570        // Using a snapshot of packageDefinition -- don't care if static
1571 // field changes afterwards; array contents won't change.
1572 pkgs = packageDefinition;
1573    }
1574
1575    /*
1576     * Traverse the list of packages, check for any matches.
1577     */
1578    for (int i = 0; i < pkgs.length; i++) {
1579        if (pkg.startsWith(pkgs[i]) || pkgs[i].equals(pkg + ".")) {
1580        checkPermission(
1581            new RuntimePermission JavaDoc("defineClassInPackage."+pkg));
1582        break; // No need to continue; only need to check this once
1583 }
1584    }
1585    }
1586
1587    /**
1588     * Throws a <code>SecurityException</code> if the
1589     * calling thread is not allowed to set the socket factory used by
1590     * <code>ServerSocket</code> or <code>Socket</code>, or the stream
1591     * handler factory used by <code>URL</code>.
1592     * <p>
1593     * This method calls <code>checkPermission</code> with the
1594     * <code>RuntimePermission("setFactory")</code> permission.
1595     * <p>
1596     * If you override this method, then you should make a call to
1597     * <code>super.checkSetFactory</code>
1598     * at the point the overridden method would normally throw an
1599     * exception.
1600     * <p>
1601     *
1602     * @exception SecurityException if the calling thread does not have
1603     * permission to specify a socket factory or a stream
1604     * handler factory.
1605     *
1606     * @see java.net.ServerSocket#setSocketFactory(java.net.SocketImplFactory) setSocketFactory
1607     * @see java.net.Socket#setSocketImplFactory(java.net.SocketImplFactory) setSocketImplFactory
1608     * @see java.net.URL#setURLStreamHandlerFactory(java.net.URLStreamHandlerFactory) setURLStreamHandlerFactory
1609     * @see #checkPermission(java.security.Permission) checkPermission
1610     */
1611    public void checkSetFactory() {
1612        checkPermission(new RuntimePermission JavaDoc("setFactory"));
1613    }
1614
1615    /**
1616     * Throws a <code>SecurityException</code> if the
1617     * calling thread is not allowed to access members.
1618     * <p>
1619     * The default policy is to allow access to PUBLIC members, as well
1620     * as access to classes that have the same class loader as the caller.
1621     * In all other cases, this method calls <code>checkPermission</code>
1622     * with the <code>RuntimePermission("accessDeclaredMembers")
1623     * </code> permission.
1624     * <p>
1625     * If this method is overridden, then a call to
1626     * <code>super.checkMemberAccess</code> cannot be made,
1627     * as the default implementation of <code>checkMemberAccess</code>
1628     * relies on the code being checked being at a stack depth of
1629     * 4.
1630     *
1631     * @param clazz the class that reflection is to be performed on.
1632     *
1633     * @param which type of access, PUBLIC or DECLARED.
1634     *
1635     * @exception SecurityException if the caller does not have
1636     * permission to access members.
1637     * @exception NullPointerException if the <code>clazz</code> argument is
1638     * <code>null</code>.
1639     * @see java.lang.reflect.Member
1640     * @since JDK1.1
1641     * @see #checkPermission(java.security.Permission) checkPermission
1642     */
1643    public void checkMemberAccess(Class JavaDoc<?> clazz, int which) {
1644    if (clazz == null) {
1645        throw new NullPointerException JavaDoc("class can't be null");
1646    }
1647    if (which != Member.PUBLIC) {
1648        Class JavaDoc stack[] = getClassContext();
1649        /*
1650         * stack depth of 4 should be the caller of one of the
1651         * methods in java.lang.Class that invoke checkMember
1652         * access. The stack should look like:
1653         *
1654         * someCaller [3]
1655         * java.lang.Class.someReflectionAPI [2]
1656         * java.lang.Class.checkMemberAccess [1]
1657         * SecurityManager.checkMemberAccess [0]
1658         *
1659         */
1660        if ((stack.length<4) ||
1661        (stack[3].getClassLoader() != clazz.getClassLoader())) {
1662        checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
1663        }
1664    }
1665    }
1666
1667    /**
1668     * Determines whether the permission with the specified permission target
1669     * name should be granted or denied.
1670     *
1671     * <p> If the requested permission is allowed, this method returns
1672     * quietly. If denied, a SecurityException is raised.
1673     *
1674     * <p> This method creates a <code>SecurityPermission</code> object for
1675     * the given permission target name and calls <code>checkPermission</code>
1676     * with it.
1677     *
1678     * <p> See the documentation for
1679     * <code>{@link java.security.SecurityPermission}</code> for
1680     * a list of possible permission target names.
1681     *
1682     * <p> If you override this method, then you should make a call to
1683     * <code>super.checkSecurityAccess</code>
1684     * at the point the overridden method would normally throw an
1685     * exception.
1686     *
1687     * @param target the target name of the <code>SecurityPermission</code>.
1688     *
1689     * @exception SecurityException if the calling thread does not have
1690     * permission for the requested access.
1691     * @exception NullPointerException if <code>target</code> is null.
1692     * @exception IllegalArgumentException if <code>target</code> is empty.
1693     *
1694     * @since JDK1.1
1695     * @see #checkPermission(java.security.Permission) checkPermission
1696     */
1697    public void checkSecurityAccess(String JavaDoc target) {
1698    checkPermission(new SecurityPermission(target));
1699    }
1700
1701    private native Class JavaDoc currentLoadedClass0();
1702
1703    /**
1704     * Returns the thread group into which to instantiate any new
1705     * thread being created at the time this is being called.
1706     * By default, it returns the thread group of the current
1707     * thread. This should be overridden by a specific security
1708     * manager to return the appropriate thread group.
1709     *
1710     * @return ThreadGroup that new threads are instantiated into
1711     * @since JDK1.1
1712     * @see java.lang.ThreadGroup
1713     */
1714    public ThreadGroup JavaDoc getThreadGroup() {
1715    return Thread.currentThread().getThreadGroup();
1716    }
1717
1718}
1719
Popular Tags