Knowledge about accesscontroller. doprivileged

Accesscontroller. doprivileged is a static method in the accesscontroller class, allowing the code in a class instance to notify this accesscontroller: its code body is entitled to "privileged (privileged )", it is solely responsible for access requests to its available resources, regardless of the Code that triggers the request.

This means that a caller can be identified as "privileged" when calling the doprivileged method ". When making an access control decision, if the checkpermission method encounters a caller who is represented as "privileged" by calling doprivileged without context variables, the checkpermission method terminates the check. If the caller's domain has a specific license, no further check is performed. The checkpermission returns quietly, indicating that the access request is allowed. If the domain does not have a specific license, normally, an exception is thrown.

I. normal use of the "privileged" feature is as follows:

1. If you do not need to return a value from the "privileged" block, follow the following code:

Somemethod (){

... Normal code here...

Accesscontroller. doprivileged (New privilegedaction (){
Public object run (){
// Privileged code goes here, for example:
System. loadlibrary ("AWT ");
Return NULL; // nothing to return
}
});

... Normal code here...

}

Privilegedaction is an interface with a method called run. This method returns an object. The preceding example shows how to create an anonymous internal class for that interface and provides the specific implementation of a run method.

When called as a doprivileged, an instance implemented by privilegedaction is passed to it. After the doprivileged method takes effect, it calls the run method from the privilegedaction implementation and returns the return value of the run method as the return value of doprivileged. This is ignored in this example.

2. If you need to return a value, you can do it as follows:

Somemethod (){

... Normal code here...

String user = (string) accesscontroller. doprivileged (New privilegedaction (){
Public object run (){
Return System. getproperty ("user. Name ");
}
});

... Normal code here...

}

3. If the action executed using your run method may throw a "check" exception (included in the throws clause list of a method), you need to use the privilegedexceptionaction interface, instead of using the privilegedaction interface:

Somemethod () throws filenotfoundexception {

... Normal code here...

Try {
Fileinputstream FCM = (fileinputstream)
Accesscontroller. doprivileged (New privilegedexceptionaction (){
Public object run () throws filenotfoundexception {
Return new fileinputstream ("somefile ");
}
});
} Catch (privilegedactionexception e ){
// E. getexception () shocould be an instance
// Filenotfoundexception,
// As only "checked" exceptions will be "wrapped" in
// Privilegedactionexception.
Throw (filenotfoundexception) E. getexception ();
}

... Normal code here...

}

Important issues related to the privileges granted:
First, this concept only exists in a single thread. Once the privileged code completes the task, the privileges will be cleared or voided.

Second, in this example, the code body in the run method is granted the privilege. However, if it calls a non-privileged Untrusted code, that code will not receive any privileges; A permission can be granted only when the privileged code is licensed and all subsequent callers in the call chain that are called until the checkpermission call is permitted.

Ii. Use Cases:

Final string name = myclass. Class. getname ();
String classname = accesscontroller. doprivileged (New privilegedaction <string> (){
Public String run (){
Return System. getproperty (name );
}
});

 

About accesscontroller. doprivileged --

Code from different locations can be described by a codesource object in its location and signature certificate. Depending on the codesource of the code, the code has different permissions. For example, all the Code provided by the Java SDK has all permissions, while the code in the applet has very limited permissions. You can customize the permissions for the code you write (through securitymanager ).
When executing a piece of code, the stacktrace of this Code contains all the methods that are being called and not terminated from the main. In this call process, there may be a call sequence that spans multiple different codesources. Because codesource is different, these codes usually have different permission sets. A resource can be accessed only when all the code sources passing through the resource have the corresponding permission set.
The doprivileged method is a supplement to this rule. It is similar to the setuid program in UNIX. In UNIX, the login program must access the password file to obtain user authorization information, but users cannot access the password file at will. Therefore, the login program has the setuid bit, which has the root permission no matter which user calls it.
The method that calls doprivileged checks whether the user can access a resource based on the permissions of other methods in stacktrace. That is to say, users can only access resources that they cannot access in a predetermined way.
Pay attention to the use of the doprivileged method and the use of setuid bits. For example, only perform necessary operations. Otherwise, security issues may occur.