Accesscontroller. doprivileged note

 

 

Accesscontroller. doprivileged is a static method in the accesscontroller class, allowing the code in a class instance to notify this accesscontroller: its code body is entitled to "privileged (privileged )", it is solely responsible for access requests to its available resources, regardless of the Code that triggers the request.

This means that a caller can be identified as "privileged" when calling the doprivileged method ". When making an access control decision, if the checkpermission method encounters a caller who is represented as "privileged" by calling doprivileged without context variables, the checkpermission method terminates the check. If the caller's domain has a specific license, no further check is performed. The checkpermission returns quietly, indicating that the access request is allowed. If the domain does not have a specific license, normally, an exception is thrown.

I. normal use of the "privileged" feature is as follows:

1. If you do not need to return a value from the "privileged" block, follow the following code:

Somemethod (){

... Normal code here...

Accesscontroller. doprivileged (New privilegedaction (){
Public object run (){
// Privileged code goes here, for example:
System. loadlibrary ("AWT ");
Return NULL; // nothing to return
}
});

... Normal code here...

}

Privilegedaction is an interface with a method called run. This method returns an object. The preceding example shows how to create an anonymous internal class for that interface and provides the specific implementation of a run method.

When called as a doprivileged, an instance implemented by privilegedaction is passed to it. After the doprivileged method takes effect, it calls the run method from the privilegedaction implementation and returns the return value of the run method as the return value of doprivileged. This is ignored in this example.

2. If you need to return a value, you can do it as follows:

Somemethod (){

... Normal code here...

String user = (string) accesscontroller. doprivileged (New privilegedaction (){
Public object run (){
Return System. getproperty ("user. Name ");
}
});

... Normal code here...

}

3. If the action executed using your run method may throw a "check" exception (included in the throws clause list of a method), you need to use the privilegedexceptionaction interface, instead of using the privilegedaction interface:

Somemethod () throws filenotfoundexception {

... Normal code here...

Try {
Fileinputstream FCM = (fileinputstream)
Accesscontroller. doprivileged (New privilegedexceptionaction (){
Public object run () throws filenotfoundexception {
Return new fileinputstream ("somefile ");
}
});
} Catch (privilegedactionexception e ){
// E. getexception () shocould be an instance
// Filenotfoundexception,
// As only "checked" exceptions will be "wrapped" in
// Privilegedactionexception.
Throw (filenotfoundexception) E. getexception ();
}

... Normal code here...

}

Important issues related to the privileges granted:
First, this concept only exists in a single thread. Once the privileged code completes the task, the privileges will be cleared or voided.

Second, in this example, the code body in the run method is granted the privilege. However, if it calls a non-privileged Untrusted code, that code will not receive any privileges; A permission can be granted only when the privileged code is licensed and all subsequent callers in the call chain that are called until the checkpermission call is permitted.

Ii. Use Cases:

Final string name = myclass. Class. getname ();
String classname = accesscontroller. doprivileged (New privilegedaction <string> (){
Public String run (){
Return System. getproperty (name );
}
});