CONTENTS | PREV | NEXT Java Remote Method Invocation


5.6 The RMISecurityManager Class

package java.rmi;

public class RMISecurityManager extends java.lang.SecurityManager {

// Constructor
public RMISecurityManager();

// Returns implementation specific security context
public Object getSecurityContext();

// Disallow creating classloaders or execute ClassLoader methods
public synchronized void checkCreateClassLoader()
throws RMISecurityException;

// Disallow thread manipulation
public synchronized void checkAccess(Thread t)
throws RMISecurityException;

// Disallow thread group manipulation.
public synchronized void checkAccess(ThreadGroup g)
throws RMISecurityException;

// Disallow exiting the VM
public synchronized void checkExit(int status)
throws RMISecurityException;

// Disallow forking of processes
public synchronized void checkExec(String cmd)
throws RMISecurityException;

// Disallow linking dynamic libraries
public synchronized void checkLink(String lib)
throws RMISecurityException;

// Disallow accessing of all properties except those labeled OK
public synchronized void checkPropertiesAccess()
throws RMISecurityException;

// Access system property key only if key.stub is set to true
public synchronized void checkPropertyAccess(String key)
throws RMISecurityException;

// Check if a stub can read a particular file.
public synchronized void checkRead(String file)
throws RMISecurityException;

// No file reads are valid from a stub
public void checkRead(String file, Object context)
throws RMISecurityException;

// Check if a Stub can write a particular file.
public synchronized void checkWrite(String file)
throws RMISecurityException;

// Check if the specified system dependent file can be deleted.
public void checkDelete(String file)
throws RMISecurityException;

// Disllow opening file descriptor for reading unless via socket
public synchronized void checkRead(FileDescriptor fd)
throws RMISecurityException;

// Disallow opening file descriptor for writing unless via socket
public synchronized void checkWrite(FileDescriptor fd)
throws RMISecurityException;

// Disallow listening on any port.
public synchronized void checkListen(int port)
throws RMISecurityException;

// Disallow accepting connections on any port.
public synchronized void checkAccept(String host, int port)
throws RMISecurityException;

// Disallow stubs from using IP multicast.
public void checkMulticast(InetAddress maddr)
throws RMISecurityException;

// Disallow stubs from using IP multicast
public void checkMulticast(InetAddress maddr, byte ttl)
throws RMISecurityException;

// Downloaded classes (including stubs) can make connections if
// called through the RMI transport.
public synchronized void checkConnect(String host, int port)
throws RMISecurityException;

// Downloaded classes (including stubs) can make connections if
// called through the RMI transport.
public void checkConnect(String host, int port, Object context)
throws RMISecurityException;

// Allow caller to create top-level windows.
// Allow stubs to create windows with warnings.
public synchronized boolean checkTopLevelWindow(Object window)
throws RMISecurityException;

// Check if a stub can access a package.
public synchronized void checkPackageAccess(String pkg)
throws RMISecurityException;

// Check if a stub can define classes in a package.
public synchronized void checkPackageDefinition(String pkg)
throws RMISecurityException;

// Check if a stub can set a networking-related object factory.
public synchronized void checkSetFactory()
throws RMISecurityException;

// Disallow printing from stubs.
public void checkPrintJobAccess()
throws RMISecurityException;

// Disallow stubs from accessing system clipboard.
public void checkSystemClipboardAccess()
throws RMISecurityException;

// Disallow stubs from accessing AWT event queue.
public void checkAwtEventQueueAccess()
throws RMISecurityException;

// Checks to see if client code can access class members.
// Allow access to all public information. Allow non-stubs to
// access default, package, and private declarations and data).
public void checkMemberAccess(Class clazz, int which)
throws RMISecurityException;

// Stubs cannot perform security provider operations.
public void checkSecurityAccess(String provider)
throws RMISecurityException;
}
The RMISecurityManager can be used when the application does not require specialized security functions but does need the protection it provides. This simple security manger disables all functions except class definition and access, so that other classes for remote objects, their arguments, and returns can be loaded as needed. A downloaded class is allowed to make a connection if the connection was initiated via the RMI transport.

If no security manager has been set, stub loading is disabled. This ensures that some security manager is responsible for the actions of loaded stubs and classes as part of any remote method invocation. A security manager is set using System.setSecurityManager.



CONTENTS | PREV | NEXT
Copyright © 1997-1998 Sun Microsystems, Inc. All Rights Reserved.