Class SecurityManager in Java

Class Class in Java

Class SecurityManager in Java:

The SecurityManager in java is an abstract class that allows applications to implement a security policy to run untrusted code.

A hosting environment should define a subclass of SecurityManager that implements an appropriate security policy. To give the subclass of SecurityManager control over security, the hosting environment creates an instance of the class and installs it by passing it to the setSecurityManager() method of the System class. Once a SecurityManager object is installed, it cannot be changed. If the setSecurityManager() method is called any additional time, it throws a SecurityException.

Ads code goes here

The SecurityManager class provides a way of implementing a comprehensive security policy for a Java program. As of this writing, SecurityManager objects are used primarily by Web browsers to establish security policies for applets. However, the use of a SecurityManager object is appropriate in any situation where a hosting environment wants to limit the actions of hosted programs.

The SecurityManager class contains methods that are called by methods in other classes to ask for permission to do something that can affect the security of the system. These permission methods all have names that begin with a check. If a check method does not permit an action, it throws a SecurityException or returns a value that indicates the lack of permission. The SecurityManager class provides default implementations of all of the check methods. These default implementations are the most restrictive possible implementations; they simply deny permission to do anything that can affect the security of the system.

It allows an application to determine, before performing a possibly unsafe or sensitive operation. What the operation is and whether the operation is being performed by a class created by a ClassLoader rather than installed locally.

Classes loaded via ClassLoader (if they have been downloaded over the network) may be less trustworthy than classes from files installed locally. The application has the option of allowing or disallowing the operation by using SecurityManager.

The SecurityManager class contains a large number of methods whose names begin with the word called check. These methods are called by various methods in the java library before those methods perform certain sensitive operations.

The SecurityManager is thereby given an opportunity to prevent completion of the operation by throwing an Exception.

A security manager routine simply returns if the operation is permitted but throws an Exception if the operation is not permitted. The only exception to this convention is to check the top-level window, which returns a boolean value.

The current Security manager is set by the setSecurityManager() method in the class System. The current security manager is obtained by the getSecurityManager() method.

SecurityManager is typically used for Webbrowser based applications or applets where untrusted code needs to run in a controlled environment. It uses a sandbox model of Security which ensures these web browser-based applets do not cause any harm due to security.

It ensures that the applet performs anything within the Sandbox not outside of the constraints of the Sandbox. Any method of the java application can try to access resources outside of the JVM by seeking permission from SecurityManager.

If the access is denied, SecurityManager can throw SecurityException. The set of checkXXX methods are defined in the SecurityManager to get access permission for different resources.

The methods in other classes that want to ask the SecurityManager for permission to do something are able to access the SecurityManager object by calling the getSecurityManager() method of the System class. This method returns the SecurityManager object, or null to indicate that there is no SecurityManager installed.

The structure of the class SecurityManager is given as:

public abstract class java.lang.SecurityManager extends java.lang.Object{
//Member elements
protected boolean inCheck;//this field is true if there is a security check in progress , false otherwise
//constructors
protected SecurityManager();//constructs a new SecurityManager.An application is not allowed to create a new security manager if there is already a current security manager in place.It can throw  SecurityException if a SecurityManager already exists.
//Methods
public void checkAccept(String host,int port); //permission to accept a network connection
public void checkAccess(Thread th);//permission to modify a thread
public void checkAccess(ThreadGroup tg);//permission to modify a ThreadGroup.
public void checkConnect(String host,int port);//permission to establish a network connection or send datagram
public void checkConnect(String host,int port,Object context);//permission to establish a network connection or send datagram
public void checkCreateClassLoader();//permission to create a ClassLoader object
public void checkDelete(String file);//permission to delete a file
public void checkExec(String command);//permission to call an external program
public void checkExit(int status);//permission to stop the JVM and exit the java environment.
public void checkLink(String lib);//permission to dynamically link an external library to java environment.
public void checkListen(int port);//permission to listen for a network connection
public void checkPackageAccess(String pkg);//permission to access a class in a package
public void checkPackageDefinition(String pkg);//permission to define classes in a package
public void checkPropertiesAccess();//permission to get or set Properties object that defines all of the system properties
public void checkPropertyAccess(String key);//permission to get or set any one System Property
public void checkPrintJobAccess();//permission to initiate a print job request
public void checkRead(FileDescriptor fd);//permission to read from a file descriptor
public void checkRead(String file);//permission to read a file
public void checkRead(String file,Object context);//permission to read a file with context
public void checkSecurityAccess(String action);//permission to perform a security action
public void checkSetFactory();//permission to set a factory class that determines classes to be used for managing network connections and their content.
public void checkSystemClipboardAccess();//permission to access System Clipboard
public boolean checkTopLevelWindow(Object window);//permission to create a top level window on the screen
public void checkWrite(FileDescriptor fd);//permission to write to a file descriptor
public void checkWrite(String file);//permission to write to a file
public boolean getInCheck();
public ThreadGroup getThreadGroup();
public void checkMulticast(InetAddress address,byte tl);//permission to use a multicast connection
public void checkMulticast(InetAddress address);//permission to use a multicast connection
public void checkMemberAccess(Class class,int whichMember);//permission to access a member of the class
public void checkAwtEventQueueAccess();//permission to access the AWT event queue.
protected native int classDepth(String name);
protected native int classLoaderDepth();
protected native ClassLoader currentClassLoader();
protected native class[] getClassContext();
public Object getSecurityContext();
protected boolean inClass(String name);
protected boolean inClassLoader();
protected Class currentLoaderClass();
}
 

The details of the class structure are given as follows:

protected SecurityManager();

protected SecurityManager() constructor creates a new SecurityManager object. This constructor cannot be called if there is already a current SecurityManager installed for the program.

protected boolean inCheck;

protected boolean inCheck indicates whether or not a security check is in progress. A subclass of SecurityManager should set this variable to true while a security check is in progress.

READ  Constant Concept Simplified in Java

This variable can be useful for security checks that require access to resources that a hosted program may not be permitted to access. For example, a security policy might be based on the contents of a permissions file.

This means that the various check methods need to read information from a file to decide what to do. Even though a hosted program may not be allowed to read files, the check methods can allow such reads when inCheck is true to support this style of security policy.

public void checkAccept(String host, int port);

public void checkAccept(String host, int port) method decides whether or not to allow a connection from the given host on the given port to be accepted. An implementation of the method should throw a SecurityException to deny permission to accept the connection. The method is called by the accept() method of the java.net.ServerSocket class.

The checkAccept() method of SecurityManager always throws a SecurityException

Parameter
host – The name of the host machine.
port – A port number.

public void checkAccess(Thread t);

public void checkAccess(Thread t) method decides whether or not to allow the current thread to modify the specified Thread. An implementation of the method should throw a SecurityException to deny permission to modify the thread. Methods of the Thread class that call this method include stop(), suspend(), resume(), setPriority(), setName(), and setDaemon().

Parameter
t – A reference to a Thread object.

public void checkAccess(ThreadGroup g);

public void checkAccess(ThreadGroup g) method decides whether or not to allow the current thread to modify the specified ThreadGroup.

An implementation of the method should throw a SecurityException to deny permission to modify the thread group. Methods of the ThreadGroup class that call this method include setDaemon(), setMaxPriority(), stop(), suspend(), resume(), and destroy().

The checkAccess() method of SecurityManager always throws a SecurityException.

Parameter
g – A reference to a ThreadGroup object.

public void checkAwtEventQueueAccess(); 

public void checkAwtEventQueueAccess(); method decides whether or not to allow access to the AWT event queue. An implementation of the method should throw a SecurityException to deny permission to access the event queue.

The method is called by the getSystemEventQueue() method of the java.awt.Toolkit class.
The checkAwtEventQueueAccess() method of SecurityManager always throws a SecurityException.

public void checkConnect(String host, int port);

public void checkConnect(String host, int port) method decides whether or not to allow a socket connection to the given host on the given port to be opened. An implementation of the method should throw a SecurityException to deny permission to open the connection.

The method is called by the constructors of the java.net.Socket class, the send() and receive() methods of the java.net.DatagramSocket class, and the getByName() and getAllByName() methods of the java.net.InetAddress class.

The checkConnect() method of SecurityManager always throws a SecurityException.

Parameter
host – The name of the host.
port – A port number. A value of -1 indicates an attempt to determine the IP address of given
hostname.

public void checkConnect(String host, int port, Object context);

public void checkConnect(String host, int port, Object context) method decides whether or not to allow a socket connection to the given host on the given port to be opened for the specified security context. An implementation of the method should throw a SecurityException to deny permission to open the connection.

The checkConnect() method of SecurityManager always throws a SecurityException.

Parameter
host – The name of the host.
port – A port number. A value of -1 indicates an attempt to determine the IP address of a given hostname.
context -A security context object returned by this object’s getSecurityContext() method.

public void checkCreateClassLoader();

public void checkCreateClassLoader() method decides whether or not to allow a ClassLoader object to be created. An implementation of the method should throw a SecurityException to deny permission to create a ClassLoader.

The method is called by the constructor of the ClassLoader class. The checkCreateClassLoader() method of SecurityManager always throws a SecurityException.

public void checkDelete(String file);

public void checkDelete(String file) method decides whether or not to allow a file to be deleted. An implementation of the method should throw a SecurityException to deny permission to delete the specified file.

The method is called by the delete() method of the java.io.File class. The checkDelete() method of SecurityManager always throws a SecurityException.

Parameter
file – The name of a file.

public void checkExec(String cmd);

public void checkExec(String cmd) method decides whether or not to allow an external command to be executed. An implementation of the method should throw a SecurityException to deny permission to execute the specified command.

The method is called by the exec() methods of the Runtime and System classes. The checkExec() method of SecurityManager always throws a SecurityException.

Parameter
cmd – The name of an external command.

public void checkExit(int status);

public void checkExit(int status) method decides whether or not to allow the Java virtual machine to exit with the given status code. An implementation of the method should throw a SecurityException to deny permission to exit with the specified status code. The method is called by the exit() methods of the Runtime and System classes.

The checkExit() method of SecurityManager always throws a SecurityException.

Parameter
status – An exit status code.

public void checkLink(String libname);

public void checkLink(String libname) method decides whether to allow the specified library to be loaded. An implementation of the method should throw a SecurityException to deny permission to load the specified library.

The method is called by the load() and loadLibrary() methods of the Runtime and System classes.

The checkLink() method of SecurityManager always throws a SecurityException.

Parameter
libname – The name of a library.

public void checkListen(int port);

public void checkListen(int port) method decides whether or not to allow the caller to listen on the specified port. An implementation of the method should throw a SecurityException to deny permission to listen on the specified port.

The method is called by the constructors of the java.net.ServerSocket class and by the constructor of the java.net.DatagramSocket class that takes one argument.

The checkListen() method of SecurityManager always throws a SecurityException.

Parameter
port– A port number.

public void checkMemberAccess(Class clazz, int which);

public void checkMemberAccess(Class clazz, int which) method decides whether or not to allow access to the members of the specified Class object. An implementation of the method should throw a SecurityException to deny permission to access the members. Methods of the Class class that call this method include getField(), getFields(), getDeclaredField(), getDeclaredFields(), getMethod(), getMethods(), getDeclaredMethod(), getDeclaredMethods(), getConstructor(), getConstructors(), getDeclaredConstructor(), getDeclaredConstructors(), and getDeclaredClasses().

READ  Garbage Collector Simplified in Java

The checkMemberAccess() method of SecurityManager always throws a SecurityException.

Parameter
clazz – A Class object.
which – The value Member.PUBLIC for the set of all public members including inherited members or the value Member.DECLARED for the set of all declared members of the specified class or interface.

public void checkMulticast(InetAddress maddr); 

public void checkMulticast(InetAddress maddr); method decides whether or not to allow the current thread to use the specified multicast InetAddress. An implementation of the method should throw a SecurityException to deny permission to use the multicast address. The method is called by the send() method of java.net.DatagramSocket if the packet is being sent to a multicast address.

The method is also called by the joinGroup() and leaveGroup() methods of java.net.MulticastSocket.

The checkMulticast() method of SecurityManager always throws a SecurityException.

Parameter
maddr – An InetAddress object that represents a multicast address.

public void checkMulticast(InetAddress maddr, byte ttl); 

public void checkMulticast(InetAddress maddr, byte ttl); method decides whether or not to allow the current thread to use the specified multicast InetAddress and TTL value.

An implementation of the method should throw a SecurityException to deny permission to use the multicast address. The method is called by the send() method of java.net.MulticastSocket.

The checkMulticast() method of SecurityManager always throws a SecurityException.

Parameter
maddr – An InetAddress object that represents a multicast address.
ttl – The time-to-live (TTL) value.

public void checkPackageAccess(String pkg);

public void checkPackageAccess(String pkg) method decides whether or not to allow the specified package to be accessed.

An implementation of the method should throw a SecurityException to deny permission to access the specified package. The method is intended to be called by implementations of the loadClass() method in subclasses of the ClassLoader class.

The checkPackageAccess() method of SecurityManager always throws a SecurityException.

Parameter
pkg – The name of a package.

public void checkPackageDefinition(String pkg);

public void checkPackageDefinition(String pkg) method decides whether or not to allow the caller to define classes in the specified package.

An implementation of the method should throw a SecurityException to deny permission to create classes in the specified package. The method is intended to be called by implementations of the loadClass() method in subclasses of the ClassLoader class.

The checkPackageDefinition() method of SecurityManager always throws a securityException.

Parameter
pkg – The name of a package.

public void checkPrintJobAccess();

public void checkPrintJobAccess() method decides whether or not to allow the caller to initiate a print job request.

An implementation of the method should throw a SecurityException to deny permission to initiate the request.

The checkPrintJobAccess() method of SecurityManager always throws a SecurityException.

public void checkPropertiesAccess();

public void checkPropertiesAccess() method decides whether or not to allow the caller to access and modify the system properties.

An implementation of the method should throw a SecurityException to deny permission to access and modify the properties. Methods of the System class that call this method include
getProperties() and setProperties().

The checkPropertiesAccess() method of SecurityManager always throws a SecurityException.

public void checkPropertyAccess(String key);

public void checkPropertyAccess(String key) method decides whether or not to allow the caller to access the specified system property.

An implementation of the method should throw a SecurityException to deny permission to access the property. The method is called by the getProperty() method of the System class.

The checkPropertyAccess() method of SecurityManager always throws a SecurityException.

Parameter
key – The name of an individual system property.

public void checkRead(FileDescriptor fd);

public void checkRead(FileDescriptor fd) method decides whether or not to allow the caller to read from the specified file descriptor.

An implementation of the method should throw a SecurityException to deny permission to read from the file descriptor. The method is called by the constructor of the java.io.FileInputStream class that takes a FileDescriptor argument.

The checkRead() method of SecurityManager always throws a SecurityException.

Parameter
fd – A reference to a FileDescriptor object.

public void checkRead(String file);

public void checkRead(String file) method decides whether or not to allow the caller to read from the named file. An implementation of the method should throw a SecurityException to deny permission to read from the file.

The method is called by constructors of the java.io.FileInputStream and java.io.RandomAccessFile classes, as well as by the canRead(), exists(), isDirectory(), isFile(), lastModified(), length(), and list() methods of the java.io.File class.

The checkRead() method of SecurityManager always throws a SecurityException.

Parameter
file – The name of a file.

public void checkRead(String file, Object context);

public void checkRead(String file, Object context) method decides whether or not to allow the specified security context to read from the named file.

An implementation of the method should throw a SecurityException to deny permission to read from the file.

The checkRead() method of SecurityManager always throws a SecurityException.

Parameter
file – The name of a file.
context – A security context object returned by this object’s getSecurityContext() method.

public void checkSecurityAccess(String action);

public void checkSecurityAccess(String action) method decides whether to allow the caller to perform the specified security action.

An implementation of the method should throw a SecurityException to deny permission to perform the action. The method is called by many of the methods in the  Java.security.Identity and java.security.Security classes.

The checkSecurityAccess() method of SecurityManager always throws a SecurityException.

Parameter
action – A string that specifies a security action.

public void checkSetFactory();

public void checkSetFactory() method decides whether to allow the caller to set the factory class to be used by another class.

An implementation of the method should throw a SecurityException to deny permission to set the factory class. The method is called by the setSocketFactory() method of the
java.net.ServerSocket class, the setSocketImplFactory() method of the java.net.Socket class, the setURLStreamHandlerFactory() method of the java.net.URL class, and the setContentHandlerFactory() method of the java.net.URLConnection class.

The checkSetFactory() method of SecurityManager always throws a SecurityException.

public void checkSystemClipboardAccess();

public void checkSystemClipboardAccess() method decides whether or not to allow the caller to access the system clipboard.

An implementation of the method should throw a SecurityException to deny permission to access the system clipboard.

The checkSystemClipboardAccess() method of SecurityManager always throws a SecurityException.

public boolean checkTopLevelWindow(Object window);

public boolean checkTopLevelWindow(Object window) method decides whether or not to trust the caller to put up the specified top-level window.

READ  Static Keyword Simplified in Java

An implementation of the method should return false to indicate that the caller is not trusted. In this case, the hosting environment can still decide to display the window, but the window should include a visual indication that it is not trusted. If the caller is trusted, the method should return true, and the window can be displayed without any special indication.

The checkTopLevelWindow() method of SecurityManager always returns false.

This method returns true if the caller is trusted to put up the specified top-level window; otherwise false.

Parameter
window – A window object.

public void checkWrite(FileDescriptor fd);

public void checkWrite(FileDescriptor fd) method decides whether or not to allow the caller to write to the specified file descriptor.

An implementation of the method should throw a SecurityException to deny permission to write to the file descriptor. The method is called by the constructor of the  Java.io.FileOutputStream class that takes a FileDescriptor argument.

The checkWrite() method of SecurityManager always throws a SecurityException.

Parameter
fd – A FileDescriptor object.

public void checkWrite(String file);

public void checkWrite(String file) method decides whether or not to allow the caller to write to the named file.
An implementation of the method should throw a SecurityException to deny permission to write to the file.

The method is called by constructors of the java.io.FileOutputStream and java.io.RandomAccessFile classes, as well as by the canWrite(), mkdir(), and renameTo() methods of the java.io.File class.

The checkWrite() method of SecurityManager always throws a SecurityException.

Parameter
file -The name of a file.

public boolean getInCheck();

public boolean getInCheck() method returns the value of the SecurityManager object’s inCheck variable, which is true if a security check is in progress and false otherwise.

This method returns true if a security check is in progress; otherwise false.

public Object getSecurityContext();

public Object getSecurityContext() method is meant to create an object that encapsulates information about the current execution environment. The resulting security context object is used by specific versions of the checkConnect() and checkRead() methods. The intent is that such a security context object can be used by a trusted method to determine whether or not another, the untrusted method can perform a particular operation.

The getSecurityContext() method of SecurityManager simply returns null. This method should be overridden to return an appropriate security context object for the security policy that is being implemented.

This method returns an implementation-dependent object that contains enough information about the current execution environment to perform security checks at a later time.

public ThreadGroup getThreadGroup();

public ThreadGroup getThreadGroup() method returns the appropriate parent ThreadGroup for any threads that are created when the method is called. The getThreadGroup() method of SecurityManager simply returns the ThreadGroup of the current thread. This method should be overridden to return an appropriate ThreadGroup.

This method returns a ThreadGroup in which to place any threads that are created when this method is called.

protected native int classDepth(String name);

protected native int classDepth(String name) method returns the number of pending method invocations between this method invocation and an invocation of a method associated with the named class.

This method returns the number of pending method invocations from the top of the stack to a call to a method of the given class; -1 if no stack frame in the current thread is associated with a call to a method in the given class.

Parameter
name – The fully qualified name of a class.

protected native int classLoaderDepth();

protected native int classLoaderDepth() method returns the number of pending method invocations between this method invocation and an invocation of a method associated with a class that was loaded by a ClassLoader object.

This method returns the number of pending method invocations from the top of the stack to a call to a method that is associated with a class that was loaded by a ClassLoader object; -1 if no stack frame in the current thread is associated with a call to such a method.

protected nagtive ClassLoader currentClassLoader();

protected native ClassLoader currentClassLoader() method finds the most recent pending invocation of a method associated with a class that was loaded by a ClassLoader object. The method then returns the ClassLoader object that loaded that class.

This method returns the most recent ClassLoader object executing on the stack.

protected Class currentLoadedClass();

protected Class currentLoadedClass() method finds the most recent pending invocation of a method associated with a class that was loaded by a ClassLoader object. The method then returns the Class object for that class.

This method returns the most recent Class object loaded by a ClassLoader.

protected Class[] getClassContext();

protected Class[] getClassContext() method returns an array of Class objects that represents the current execution stack. The length of the array is the number of pending method calls on the current thread’s stack, not including the call to getClassContext(). Each element of the array references a Class object that describes the class associated with the corresponding method call. The first element of the array corresponds to the most recently called method, the second element is that method’s caller, and so on.

This method returns an array of Class objects that represents the current execution stack.

protected boolean inClass(String name);

protected boolean inClass(String name) method determines whether or not there is a pending method invocation that is associated with the named class.

This method returns true if there is a pending method invocation on the stack for a method of the given class; otherwise false.

Parameter
name – The fully qualified name of a class.

protected boolean inClassLoader();

protected boolean inClassLoader() method determines whether or not there is a pending method invocation that is associated with a class that was loaded by a ClassLoader object. The method returns true only if the currentClassLoader() method does not return null.

This method returns true if there is a pending method invocation on the stack for a method of a class that was loaded by a ClassLoader object; otherwise false.

Apart from these SecurityManager class also has inherited methods from class- Object. They are as follows:

  • clone()
  • finalize()
  • hashCode()
  • notifyAll()
  • wait()
  • wait(long, int)
  • equals(Object)
  • getClass()
  • notify()
  • toString()
  • wait(long)

Share and Enjoy !

Leave a Comment

Your email address will not be published. Required fields are marked *