Overview Package Class Use Source Tree Index Deprecated About
Prev Class | Next ClassFrames | No Frames
Summary: Nested | Field | Method | ConstrDetail: Nested | Field | Method | Constr

java.lang

Class SecurityManager

Known Direct Subclasses:
RMISecurityManager
public class SecurityManager
extends Object
SecurityManager is a class you can extend to create your own Java security policy. By default, there is no SecurityManager installed in 1.1, which means that all things are permitted to all people. The security manager, if set, is consulted before doing anything with potentially dangerous results, and throws a SecurityException if the action is forbidden.

A typical check is as follows, just before the dangerous operation:

 SecurityManager sm = System.getSecurityManager();
 if (sm != null)
   sm.checkABC(argument, ...);
Note that this is thread-safe, by caching the security manager in a local variable rather than risking a NullPointerException if the mangager is changed between the check for null and before the permission check.

The special method checkPermission is a catchall, and the default implementation calls AccessController.checkPermission. In fact, all the other methods default to calling checkPermission.

Sometimes, the security check needs to happen from a different context, such as when called from a worker thread. In such cases, use getSecurityContext to take a snapshot that can be passed to the worker thread:

 Object context = null;
 SecurityManager sm = System.getSecurityManager();
 if (sm != null)
   context = sm.getSecurityContext(); // defaults to an AccessControlContext
 // now, in worker thread
 if (sm != null)
   sm.checkPermission(permission, context);

Permissions fall into these categories: File, Socket, Net, Security, Runtime, Property, AWT, Reflect, and Serializable. Each of these permissions have a property naming convention, that follows a hierarchical naming convention, to make it easy to grant or deny several permissions at once. Some permissions also take a list of permitted actions, such as "read" or "write", to fine-tune control even more. The permission java.security.AllPermission grants all permissions.

The default methods in this class deny all things to all people. You must explicitly grant permission for anything you want to be legal when subclassing this class.

Since:
1.0
See Also:
ClassLoader, SecurityException, checkTopLevelWindow(Object), System.getSecurityManager(), System.setSecurityManager(SecurityManager), AccessController, AccessControlContext, AccessControlException, Permission, BasicPermission, FilePermission, SocketPermission, PropertyPermission, RuntimePermission, AWTPermission, Policy, SecurityPermission, ProtectionDomain

Field Summary

protected boolean
inCheck
Deprecated. Use checkPermission(Permission) instead.

Constructor Summary

SecurityManager()
Construct a new security manager.

Method Summary

void
checkAccept(String host, int port)
Check if the current thread is allowed to accept a connection from a particular host on a particular port.
void
checkAccess(Thread thread)
Check if the current thread is allowed to modify another Thread.
void
checkAccess(ThreadGroup g)
Check if the current thread is allowed to modify a ThreadGroup.
void
checkAwtEventQueueAccess()
Check if the current thread is allowed to use the AWT event queue.
void
checkConnect(String host, int port)
Check if the current thread is allowed to connect to a given host on a given port.
void
checkConnect(String host, int port, Object context)
Check if the current thread is allowed to connect to a given host on a given port, using the given security context.
void
checkCreateClassLoader()
Check if the current thread is allowed to create a ClassLoader.
void
checkDelete(String filename)
Check if the current thread is allowed to delete the given file.
void
checkExec(String program)
Check if the current thread is allowed to execute the given program.
void
checkExit(int status)
Check if the current thread is allowed to exit the JVM with the given status.
void
checkLink(String filename)
Check if the current thread is allowed to link in the given native library.
void
checkListen(int port)
Check if the current thread is allowed to listen to a specific port for data.
void
checkMemberAccess(Class c, int memberType)
Check if the current thread is allowed to get certain types of Methods, Fields and Constructors from a Class object.
void
checkMulticast(InetAddress addr)
Check if the current thread is allowed to read and write multicast to a particular address.
void
checkMulticast(InetAddress addr, byte ttl)
Deprecated. use checkPermission(Permission) instead
void
checkPackageAccess(String packageName)
Check if the current thread is allowed to access the specified package at all.
void
checkPackageDefinition(String packageName)
Check if the current thread is allowed to define a class into the specified package.
void
checkPermission(Permission perm)
Check if the current thread is allowed to perform an operation that requires the specified Permission.
void
checkPermission(Permission perm, Object context)
Check if the current thread is allowed to perform an operation that requires the specified Permission.
void
checkPrintJobAccess()
Check if the current thread is allowed to create a print job.
void
checkPropertiesAccess()
Check if the current thread is allowed to read or write all the system properties at once.
void
checkPropertyAccess(String key)
Check if the current thread is allowed to read a particular system property (writes are checked directly via checkPermission).
void
checkRead(FileDescriptor desc)
Check if the current thread is allowed to read the given file using the FileDescriptor.
void
checkRead(String filename)
Check if the current thread is allowed to read the given file.
void
checkRead(String filename, Object context)
Check if the current thread is allowed to read the given file. using the given security context.
void
checkSecurityAccess(String action)
Test whether a particular security action may be taken.
void
checkSetFactory()
Check if the current thread is allowed to set the current socket factory.
void
checkSystemClipboardAccess()
Check if the current thread is allowed to use the system clipboard.
boolean
checkTopLevelWindow(Object window)
Check if the current thread is allowed to create a top-level window.
void
checkWrite(FileDescriptor desc)
Check if the current thread is allowed to write the given file using the FileDescriptor.
void
checkWrite(String filename)
Check if the current thread is allowed to write the given file.
protected int
classDepth(String className)
Deprecated. use checkPermission(Permission) instead
protected int
classLoaderDepth()
Deprecated. use checkPermission(Permission) instead
protected ClassLoader
currentClassLoader()
Deprecated. use checkPermission(Permission) instead
protected Class
currentLoadedClass()
Deprecated. use checkPermission(Permission) instead
protected Class<T>[]
getClassContext()
Get a list of all the classes currently executing methods on the Java stack. getClassContext()[0] is the currently executing method (ie. the class that CALLED getClassContext, not SecurityManager).
boolean
getInCheck()
Deprecated. use checkPermission(Permission) instead
Object
getSecurityContext()
Get an implementation-dependent Object that contains enough information about the current environment to be able to perform standard security checks later.
ThreadGroup
getThreadGroup()
Get the ThreadGroup that a new Thread should belong to by default.
protected boolean
inClass(String className)
Deprecated. use checkPermission(Permission) instead
protected boolean
inClassLoader()
Deprecated. use checkPermission(Permission) instead

Methods inherited from class java.lang.Object

clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

inCheck

protected boolean inCheck

Deprecated. Use checkPermission(Permission) instead.

Tells whether or not the SecurityManager is currently performing a security check.

Constructor Details

SecurityManager

public SecurityManager()
Construct a new security manager. There may be a security check, of RuntimePermission("createSecurityManager").
Throws:
SecurityException - if permission is denied

Method Details

checkAccept

public void checkAccept(String host,
                        int port)
Check if the current thread is allowed to accept a connection from a particular host on a particular port. This method is called by ServerSocket.implAccept(). The default implementation checks SocketPermission(host + ":" + port, "accept"). If you override this, call super.checkAccept rather than throwing an exception.
Parameters:
host - the host which wishes to connect
port - the port the connection will be on
Throws:
SecurityException - if permission is denied
NullPointerException - if host is null
See Also:
ServerSocket.accept()

checkAccess

public void checkAccess(Thread thread)
Check if the current thread is allowed to modify another Thread. This is called by Thread.stop(), suspend(), resume(), interrupt(), destroy(), setPriority(), setName(), and setDaemon(). The default implementation checks RuntimePermission("modifyThread") on system threads (ie. threads in ThreadGroup with a null parent), and returns silently on other threads.

If you override this, you must do two things. First, call super.checkAccess(t), to make sure you are not relaxing requirements. Second, if the calling thread has RuntimePermission("modifyThread"), return silently, so that core classes (the Classpath library!) can modify any thread.

Parameters:
thread - the other Thread to check
Throws:
SecurityException - if permission is denied
NullPointerException - if thread is null
See Also:
Thread.stop(), Thread.suspend(), Thread.resume(), Thread.setPriority(int), Thread.setName(String), Thread.setDaemon(boolean)

checkAccess

public void checkAccess(ThreadGroup g)
Check if the current thread is allowed to modify a ThreadGroup. This is called by Thread.Thread() (to add a thread to the ThreadGroup), ThreadGroup.ThreadGroup() (to add this ThreadGroup to a parent), ThreadGroup.stop(), suspend(), resume(), interrupt(), destroy(), setDaemon(), and setMaxPriority(). The default implementation checks RuntimePermission("modifyThread") on the system group (ie. the one with a null parent), and returns silently on other groups.

If you override this, you must do two things. First, call super.checkAccess(t), to make sure you are not relaxing requirements. Second, if the calling thread has RuntimePermission("modifyThreadGroup"), return silently, so that core classes (the Classpath library!) can modify any thread.

Parameters:
g - the ThreadGroup to check
Throws:
SecurityException - if permission is denied
NullPointerException - if g is null
See Also:
Thread.Thread(), ThreadGroup.ThreadGroup(String), ThreadGroup.stop(), ThreadGroup.suspend(), ThreadGroup.resume(), ThreadGroup.interrupt(), ThreadGroup.setDaemon(boolean), ThreadGroup.setMaxPriority(int)

checkAwtEventQueueAccess

public void checkAwtEventQueueAccess()
Check if the current thread is allowed to use the AWT event queue. This method is called by Toolkit.getSystemEventQueue(). The default implementation checks AWTPermission("accessEventQueue"). you override this, call super.checkAwtEventQueueAccess rather than throwing an exception.
Throws:
SecurityException - if permission is denied
Since:
1.1
See Also:
Toolkit.getSystemEventQueue()

checkConnect

public void checkConnect(String host,
                         int port)
Check if the current thread is allowed to connect to a given host on a given port. This method is called from Socket.Socket(). A port number of -1 indicates the caller is attempting to determine an IP address, so the default implementation checks SocketPermission(host, "resolve"). Otherwise, the default implementation checks SocketPermission(host + ":" + port, "connect"). If you override this, call super.checkConnect rather than throwing an exception.
Parameters:
host - the host to connect to
port - the port to connect on
Throws:
SecurityException - if permission is denied
NullPointerException - if host is null
See Also:
Socket.Socket()

checkConnect

public void checkConnect(String host,
                         int port,
                         Object context)
Check if the current thread is allowed to connect to a given host on a given port, using the given security context. The context must be a result of a previous call to getSecurityContext. A port number of -1 indicates the caller is attempting to determine an IP address, so the default implementation checks AccessControlContext.checkPermission(new SocketPermission(host, "resolve")). Otherwise, the default implementation checks AccessControlContext.checkPermission(new SocketPermission(host + ":" + port, "connect")). If you override this, call super.checkConnect rather than throwing an exception.
Parameters:
host - the host to connect to
port - the port to connect on
context - the context to determine access for
Throws:
SecurityException - if permission is denied, or if context is not an AccessControlContext
NullPointerException - if host is null
See Also:
getSecurityContext(), AccessControlContext.checkPermission(Permission)

checkCreateClassLoader

public void checkCreateClassLoader()
Check if the current thread is allowed to create a ClassLoader. This method is called from ClassLoader.ClassLoader(), and checks RuntimePermission("createClassLoader"). If you override this, you should call super.checkCreateClassLoader() rather than throwing an exception.
Throws:
SecurityException - if permission is denied
See Also:
ClassLoader.ClassLoader()

checkDelete

public void checkDelete(String filename)
Check if the current thread is allowed to delete the given file. This method is called from File.delete(). The default implementation checks FilePermission(filename, "delete"). If you override this, call super.checkDelete rather than throwing an exception.
Parameters:
filename - the full name of the file to delete
Throws:
SecurityException - if permission is denied
NullPointerException - if filename is null
See Also:
File.delete()

checkExec

public void checkExec(String program)
Check if the current thread is allowed to execute the given program. This method is called from Runtime.exec(). If the name is an absolute path, the default implementation checks FilePermission(program, "execute"), otherwise it checks FilePermission("<<ALL FILES>>", "execute"). If you override this, call super.checkExec rather than throwing an exception.
Parameters:
program - the name of the program to exec
Throws:
SecurityException - if permission is denied
NullPointerException - if program is null
See Also:
Runtime.exec(String[],String[],File)

checkExit

public void checkExit(int status)
Check if the current thread is allowed to exit the JVM with the given status. This method is called from Runtime.exit() and Runtime.halt(). The default implementation checks RuntimePermission("exitVM"). If you override this, call super.checkExit rather than throwing an exception.
Parameters:
status - the status to exit with
Throws:
SecurityException - if permission is denied
See Also:
Runtime.exit(int), Runtime.halt(int)

checkLink

public void checkLink(String filename)
Check if the current thread is allowed to link in the given native library. This method is called from Runtime.load() (and hence, by loadLibrary() as well). The default implementation checks RuntimePermission("loadLibrary." + filename). If you override this, call super.checkLink rather than throwing an exception.
Parameters:
filename - the full name of the library to load
Throws:
SecurityException - if permission is denied
NullPointerException - if filename is null
See Also:
Runtime.load(String)

checkListen

public void checkListen(int port)
Check if the current thread is allowed to listen to a specific port for data. This method is called by ServerSocket.ServerSocket(). The default implementation checks SocketPermission("localhost:" + (port == 0 ? "1024-" : "" + port), "listen"). If you override this, call super.checkListen rather than throwing an exception.
Parameters:
port - the port to listen on
Throws:
SecurityException - if permission is denied
See Also:
ServerSocket.ServerSocket(int)

checkMemberAccess

public void checkMemberAccess(Class c,
                              int memberType)
Check if the current thread is allowed to get certain types of Methods, Fields and Constructors from a Class object. This method is called by Class.getMethod[s](), Class.getField[s](), Class.getConstructor[s], Class.getDeclaredMethod[s](), Class.getDeclaredField[s](), and Class.getDeclaredConstructor[s](). The default implementation allows PUBLIC access, and access to classes defined by the same classloader as the code performing the reflection. Otherwise, it checks RuntimePermission("accessDeclaredMembers"). If you override this, do not call super.checkMemberAccess, as this would mess up the stack depth check that determines the ClassLoader requesting the access.
Parameters:
c - the Class to check
memberType - either DECLARED or PUBLIC
Throws:
SecurityException - if permission is denied, including when memberType is not DECLARED or PUBLIC
NullPointerException - if c is null
Since:
1.1
See Also:
Class, Member.DECLARED, Member.PUBLIC

checkMulticast

public void checkMulticast(InetAddress addr)
Check if the current thread is allowed to read and write multicast to a particular address. The default implementation checks SocketPermission(addr.getHostAddress(), "accept,connect"). If you override this, call super.checkMulticast rather than throwing an exception.
Parameters:
addr - the address to multicast to
Throws:
SecurityException - if permission is denied
NullPointerException - if host is null
Since:
1.1

checkMulticast

public void checkMulticast(InetAddress addr,
                           byte ttl)

Deprecated. use checkPermission(Permission) instead

Check if the current thread is allowed to read and write multicast to a particular address with a particular ttl (time-to-live) value. The default implementation ignores ttl, and checks SocketPermission(addr.getHostAddress(), "accept,connect"). If you override this, call super.checkMulticast rather than throwing an exception.
Parameters:
addr - the address to multicast to
ttl - value in use for multicast send
Throws:
SecurityException - if permission is denied
NullPointerException - if host is null
Since:
1.1

checkPackageAccess

public void checkPackageAccess(String packageName)
Check if the current thread is allowed to access the specified package at all. This method is called by ClassLoader.loadClass() in user-created ClassLoaders. The default implementation gets a list of all restricted packages, via Security.getProperty("package.access"). Then, if packageName starts with or equals any restricted package, it checks RuntimePermission("accessClassInPackage." + packageName). If you override this, you should call super.checkPackageAccess before doing anything else.
Parameters:
packageName - the package name to check access to
Throws:
SecurityException - if permission is denied
NullPointerException - if packageName is null
See Also:
ClassLoader.loadClass(String,boolean), Security.getProperty(String)

checkPackageDefinition

public void checkPackageDefinition(String packageName)
Check if the current thread is allowed to define a class into the specified package. This method is called by ClassLoader.loadClass() in user-created ClassLoaders. The default implementation gets a list of all restricted packages, via Security.getProperty("package.definition"). Then, if packageName starts with or equals any restricted package, it checks RuntimePermission("defineClassInPackage." + packageName). If you override this, you should call super.checkPackageDefinition before doing anything else.
Parameters:
packageName - the package name to check access to
Throws:
SecurityException - if permission is denied
NullPointerException - if packageName is null
See Also:
ClassLoader.loadClass(String,boolean), Security.getProperty(String)

checkPermission

public void checkPermission(Permission perm)
Check if the current thread is allowed to perform an operation that requires the specified Permission. This defaults to AccessController.checkPermission.
Parameters:
perm - the Permission required
Throws:
SecurityException - if permission is denied
NullPointerException - if perm is null
Since:
1.2

checkPermission

public void checkPermission(Permission perm,
                            Object context)
Check if the current thread is allowed to perform an operation that requires the specified Permission. This is done in a context previously returned by getSecurityContext(). The default implementation expects context to be an AccessControlContext, and it calls AccessControlContext.checkPermission(perm).
Parameters:
perm - the Permission required
context - a security context
Throws:
SecurityException - if permission is denied, or if context is not an AccessControlContext
NullPointerException - if perm is null
Since:
1.2
See Also:
getSecurityContext(), AccessControlContext.checkPermission(Permission)

checkPrintJobAccess

public void checkPrintJobAccess()
Check if the current thread is allowed to create a print job. This method is called by Toolkit.getPrintJob(). The default implementation checks RuntimePermission("queuePrintJob"). If you override this, call super.checkPrintJobAccess rather than throwing an exception.
Throws:
SecurityException - if permission is denied
Since:
1.1
See Also:
Toolkit.getPrintJob(Frame,String,Properties)

checkPropertiesAccess

public void checkPropertiesAccess()
Check if the current thread is allowed to read or write all the system properties at once. This method is called by System.getProperties() and setProperties(). The default implementation checks PropertyPermission("*", "read,write"). If you override this, call super.checkPropertiesAccess rather than throwing an exception.
Throws:
SecurityException - if permission is denied
See Also:
System.getProperties(), System.setProperties(Properties)

checkPropertyAccess

public void checkPropertyAccess(String key)
Check if the current thread is allowed to read a particular system property (writes are checked directly via checkPermission). This method is called by System.getProperty() and setProperty(). The default implementation checks PropertyPermission(key, "read"). If you override this, call super.checkPropertyAccess rather than throwing an exception.
Parameters:
key - the key of the property to check
Throws:
SecurityException - if permission is denied
NullPointerException - if key is null
IllegalArgumentException - if key is ""
See Also:
System.getProperty(String)

checkRead

public void checkRead(FileDescriptor desc)
Check if the current thread is allowed to read the given file using the FileDescriptor. This method is called from FileInputStream.FileInputStream(). The default implementation checks RuntimePermission("readFileDescriptor"). If you override this, call super.checkRead rather than throwing an exception.
Parameters:
desc - the FileDescriptor representing the file to access
Throws:
SecurityException - if permission is denied
NullPointerException - if desc is null
See Also:
FileInputStream.FileInputStream(FileDescriptor)

checkRead

public void checkRead(String filename)
Check if the current thread is allowed to read the given file. This method is called from FileInputStream.FileInputStream(), RandomAccessFile.RandomAccessFile(), File.exists(), canRead(), isFile(), isDirectory(), lastModified(), length() and list(). The default implementation checks FilePermission(filename, "read"). If you override this, call super.checkRead rather than throwing an exception.
Parameters:
filename - the full name of the file to access
Throws:
SecurityException - if permission is denied
NullPointerException - if filename is null
See Also:
File, FileInputStream.FileInputStream(String), RandomAccessFile.RandomAccessFile(String,String)

checkRead

public void checkRead(String filename,
                      Object context)
Check if the current thread is allowed to read the given file. using the given security context. The context must be a result of a previous call to getSecurityContext(). The default implementation checks AccessControlContext.checkPermission(new FilePermission(filename, "read")). If you override this, call super.checkRead rather than throwing an exception.
Parameters:
filename - the full name of the file to access
context - the context to determine access for
Throws:
SecurityException - if permission is denied, or if context is not an AccessControlContext
NullPointerException - if filename is null
See Also:
getSecurityContext(), AccessControlContext.checkPermission(Permission)

checkSecurityAccess

public void checkSecurityAccess(String action)
Test whether a particular security action may be taken. The default implementation checks SecurityPermission(action). If you override this, call super.checkSecurityAccess rather than throwing an exception.
Parameters:
action - the desired action to take
Throws:
SecurityException - if permission is denied
NullPointerException - if action is null
IllegalArgumentException - if action is ""
Since:
1.1

checkSetFactory

public void checkSetFactory()
Check if the current thread is allowed to set the current socket factory. This method is called by Socket.setSocketImplFactory(), ServerSocket.setSocketFactory(), and URL.setURLStreamHandlerFactory(). The default implementation checks RuntimePermission("setFactory"). If you override this, call super.checkSetFactory rather than throwing an exception.
Throws:
SecurityException - if permission is denied
See Also:
Socket.setSocketImplFactory(SocketImplFactory), ServerSocket.setSocketFactory(SocketImplFactory), URL.setURLStreamHandlerFactory(URLStreamHandlerFactory)

checkSystemClipboardAccess

public void checkSystemClipboardAccess()
Check if the current thread is allowed to use the system clipboard. This method is called by Toolkit.getSystemClipboard(). The default implementation checks AWTPermission("accessClipboard"). If you override this, call super.checkSystemClipboardAccess rather than throwing an exception.
Throws:
SecurityException - if permission is denied
Since:
1.1
See Also:
Toolkit.getSystemClipboard()

checkTopLevelWindow

public boolean checkTopLevelWindow(Object window)
Check if the current thread is allowed to create a top-level window. If it is not, the operation should still go through, but some sort of nonremovable warning should be placed on the window to show that it is untrusted. This method is called by Window.Window(). The default implementation checks AWTPermission("showWindowWithoutWarningBanner"), and returns true if no exception was thrown. If you override this, use return super.checkTopLevelWindow rather than returning false.
Parameters:
window - the window to create
Returns:
true if there is permission to show the window without warning
Throws:
NullPointerException - if window is null
See Also:
Window.Window(Frame)

checkWrite

public void checkWrite(FileDescriptor desc)
Check if the current thread is allowed to write the given file using the FileDescriptor. This method is called from FileOutputStream.FileOutputStream(). The default implementation checks RuntimePermission("writeFileDescriptor"). If you override this, call super.checkWrite rather than throwing an exception.
Parameters:
desc - the FileDescriptor representing the file to access
Throws:
SecurityException - if permission is denied
NullPointerException - if desc is null
See Also:
FileOutputStream.FileOutputStream(FileDescriptor)

checkWrite

public void checkWrite(String filename)
Check if the current thread is allowed to write the given file. This method is called from FileOutputStream.FileOutputStream(), RandomAccessFile.RandomAccessFile(), File.canWrite(), mkdir(), and renameTo(). The default implementation checks FilePermission(filename, "write"). If you override this, call super.checkWrite rather than throwing an exception.
Parameters:
filename - the full name of the file to access
Throws:
SecurityException - if permission is denied
NullPointerException - if filename is null
See Also:
File, File.canWrite(), File.mkdir(), File.renameTo(File), FileOutputStream.FileOutputStream(String), RandomAccessFile.RandomAccessFile(String,String)

classDepth

protected int classDepth(String className)

Deprecated. use checkPermission(Permission) instead

Get the depth of a particular class on the execution stack.
Parameters:
className - the fully-qualified name to search for
Returns:
the index of the class on the stack, or -1

classLoaderDepth

protected int classLoaderDepth()

Deprecated. use checkPermission(Permission) instead

Get the depth on the execution stack of the most recent non-system class. A non-system class is one whose ClassLoader is not equal to ClassLoader.getSystemClassLoader() or its ancestors. This will return -1 in three cases:
  • All methods on the stack are from system classes
  • All methods on the stack up to the first "privileged" caller, as created by AccessController.doPrivileged(PrivilegedAction), are from system classes
  • A check of java.security.AllPermission succeeds.
Returns:
the index of the most recent non-system Class on the stack

currentClassLoader

protected ClassLoader currentClassLoader()

Deprecated. use checkPermission(Permission) instead

Find the ClassLoader of the first non-system class on the execution stack. A non-system class is one whose ClassLoader is not equal to ClassLoader.getSystemClassLoader() or its ancestors. This will return null in three cases:
  • All methods on the stack are from system classes
  • All methods on the stack up to the first "privileged" caller, as created by AccessController.doPrivileged(PrivilegedAction), are from system classes
  • A check of java.security.AllPermission succeeds.
Returns:
the most recent non-system ClassLoader on the execution stack

currentLoadedClass

protected Class currentLoadedClass()

Deprecated. use checkPermission(Permission) instead

Find the first non-system class on the execution stack. A non-system class is one whose ClassLoader is not equal to ClassLoader.getSystemClassLoader() or its ancestors. This will return null in three cases:
  • All methods on the stack are from system classes
  • All methods on the stack up to the first "privileged" caller, as created by AccessController.doPrivileged(PrivilegedAction), are from system classes
  • A check of java.security.AllPermission succeeds.
Returns:
the most recent non-system Class on the execution stack

getClassContext

protected Class<T>[] getClassContext()
Get a list of all the classes currently executing methods on the Java stack. getClassContext()[0] is the currently executing method (ie. the class that CALLED getClassContext, not SecurityManager).
Returns:
an array of classes on the Java execution stack

getInCheck

public boolean getInCheck()

Deprecated. use checkPermission(Permission) instead

Tells whether or not the SecurityManager is currently performing a security check.
Returns:
true if the SecurityManager is in a security check
See Also:
inCheck

getSecurityContext

public Object getSecurityContext()
Get an implementation-dependent Object that contains enough information about the current environment to be able to perform standard security checks later. This is used by trusted methods that need to verify that their callers have sufficient access to perform certain operations.

Currently the only methods that use this are checkRead() and checkConnect(). The default implementation returns an AccessControlContext.

Returns:
a security context
See Also:
checkConnect(String,int,Object), checkRead(String,Object), AccessControlContext, AccessController.getContext()

getThreadGroup

public ThreadGroup getThreadGroup()
Get the ThreadGroup that a new Thread should belong to by default. Called by Thread.Thread(). The default implementation returns the current ThreadGroup of the current Thread. Spec Note: it is not clear whether the new Thread is guaranteed to pass the checkAccessThreadGroup() test when using this ThreadGroup, but I presume so.
Returns:
the ThreadGroup to put the new Thread into
Since:
1.1

inClass

protected boolean inClass(String className)

Deprecated. use checkPermission(Permission) instead

Tell whether the specified class is on the execution stack.
Parameters:
className - the fully-qualified name of the class to find
Returns:
whether the specified class is on the execution stack

inClassLoader

protected boolean inClassLoader()

Deprecated. use checkPermission(Permission) instead

Tell whether there is a class loaded with an explicit ClassLoader on the stack.
Returns:
whether a class with an explicit ClassLoader is on the stack
SecurityManager.java -- security checks for privileged actions Copyright (C) 1998, 1999, 2001, 2002, 2004, 2005 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.

Overview Package Class Use Source Tree Index Deprecated About