Class java.rmi.RMISecurityManager
All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class java.rmi.RMISecurityManager

Object
   |
   +----SecurityManager
           |
           +----java.rmi.RMISecurityManager

public class RMISecurityManager
extends SecurityManager
This class defines a default security policy for RMI applications (not applets). For code loaded from a class loader, the security manager disables all functions except class definition and access. This class may be subclassed to implement a different policy. To set a RMISecurityManager, add the following to an application's main() method:
System.setSecurityManager(new RMISecurityManager()); If no security manager has been set, RMI will only load classes from local system files as defined by CLASSPATH.

Version:
1.13, 09/02/98
Author:
Roger Riggs

Constructor Index

 o java.rmi.RMISecurityManager()
Construct and initialize.

Method Index

 o checkAccept(String, int)
For now loaded classes can't accept connections on any port.
 o checkAccess(Thread)
Loaded classes are not allowed to manipulate threads.
 o checkAccess(ThreadGroup)
Loaded classes are not allowed to manipulate thread groups.
 o checkAwtEventQueueAccess()
Checks to see if an client can get access to the AWT event queue (disallowed from loaded classes).
 o checkConnect(String, int)
Loaded classes can make connections if called through the RMI transport.
 o checkConnect(String, int, Object)
Loaded classes can make connections if called through the RMI transport.
 o checkCreateClassLoader()
Loaded classes are not allowed to create class loaders, or even execute any of ClassLoader's methods.
 o checkDelete(String)
Check if a file with the specified system dependent file name can be deleted.
 o checkExec(String)
Loaded classes are not allowed to fork processes.
 o checkExit(int)
Loaded classes are not allowed to exit the VM.
 o checkLink(String)
Loaded classes are not allowed to link dynamic libraries.
 o checkListen(int)
For now loaded classes can't listen on any port.
 o checkMemberAccess(Class, int)
Check if client is allowed reflective access to a member or a set of members for the specified class.
 o checkMulticast(InetAddress)
Checks to see if current execution context is allowed to use (join/leave/send/receive) IP multicast (disallowed from loaded classes).
 o checkMulticast(InetAddress, byte)
Checks to see if current execution context is allowed to use (join/leave/send/receive) IP multicast (disallowed from loaded classes).
 o checkPackageAccess(String)
Check if a loaded class can access a package.
 o checkPackageDefinition(String)
Check if a loaded class can define classes in a package.
 o checkPrintJobAccess()
Disallow printing from loaded classes.
 o checkPropertiesAccess()
Loaded classes are not allowed to access the system properties list.
 o checkPropertyAccess(String)
Loaded classes can access the system property named by key only if its twin key.rmi property is set to true.
 o checkRead(String)
Check if a loaded class can read a particular file.
 o checkRead(String, Object)
No file reads are valid from a loaded class.
 o checkRead(FileDescriptor)
Loaded classes are not allowed to open descriptors for reading unless it is done through a socket, in which case other access restrictions still apply.
 o checkSecurityAccess(String)
Loaded classes cannot perform security provider operations.
 o checkSetFactory()
Check if a loaded class can set a networking-related object factory.
 o checkSystemClipboardAccess()
Checks to see if an client can get access to the System Clipboard (disallowed from loaded classes).
 o checkTopLevelWindow(Object)
Allow caller to create top-level windows.
 o checkWrite(String)
Check if a loaded class can write a particular file.
 o checkWrite(FileDescriptor)
Loaded classes are not allowed to open descriptors for writing unless it is done through a socket, in which case other access restrictions still apply.
 o getSecurityContext()
Returns the security context (e.g., a URL).

Constructors

 o RMISecurityManager
public RMISecurityManager()
Construct and initialize.

Methods

 o checkAccept
public synchronized void checkAccept(String host,
                                     int port)
For now loaded classes can't accept connections on any port.

Overrides:
checkAccept in class SecurityManager
 o checkAccess
public synchronized void checkAccess(Thread t)
Loaded classes are not allowed to manipulate threads.

Overrides:
checkAccess in class SecurityManager
 o checkAccess
public synchronized void checkAccess(ThreadGroup g)
Loaded classes are not allowed to manipulate thread groups.

Overrides:
checkAccess in class SecurityManager
 o checkAwtEventQueueAccess
public void checkAwtEventQueueAccess()
Checks to see if an client can get access to the AWT event queue (disallowed from loaded classes).

Overrides:
checkAwtEventQueueAccess in class SecurityManager
 o checkConnect
public synchronized void checkConnect(String host,
                                      int port)
Loaded classes can make connections if called through the RMI transport.

Overrides:
checkConnect in class SecurityManager
 o checkConnect
public void checkConnect(String host,
                         int port,
                         Object context)
Loaded classes can make connections if called through the RMI transport.

Overrides:
checkConnect in class SecurityManager
 o checkCreateClassLoader
public synchronized void checkCreateClassLoader()
Loaded classes are not allowed to create class loaders, or even execute any of ClassLoader's methods.

Overrides:
checkCreateClassLoader in class SecurityManager
 o checkDelete
public void checkDelete(String file)
Check if a file with the specified system dependent file name can be deleted.

Parameters:
file - the system dependent file name
Throws: RMISecurityException
If the file is not found.
Overrides:
checkDelete in class SecurityManager
 o checkExec
public synchronized void checkExec(String cmd)
Loaded classes are not allowed to fork processes.

Overrides:
checkExec in class SecurityManager
 o checkExit
public synchronized void checkExit(int status)
Loaded classes are not allowed to exit the VM.

Overrides:
checkExit in class SecurityManager
 o checkLink
public synchronized void checkLink(String lib)
Loaded classes are not allowed to link dynamic libraries.

Overrides:
checkLink in class SecurityManager
 o checkListen
public synchronized void checkListen(int port)
For now loaded classes can't listen on any port.

Overrides:
checkListen in class SecurityManager
 o checkMemberAccess
public void checkMemberAccess(Class clazz,
                              int which)
Check if client is allowed reflective access to a member or a set of members for the specified class. Once initial access is granted, the reflected members can be queried for identifying information, but can only be used (via get, set, invoke, or newInstance) with standard Java language access control.

The policy is to dent untrusted clients access to declared members of classes other than those loaded via the same class loader. All other accesses are granted.

Overrides:
checkMemberAccess in class SecurityManager
 o checkMulticast
public void checkMulticast(InetAddress maddr)
Checks to see if current execution context is allowed to use (join/leave/send/receive) IP multicast (disallowed from loaded classes).

Overrides:
checkMulticast in class SecurityManager
 o checkMulticast
public void checkMulticast(InetAddress maddr,
                           byte ttl)
Checks to see if current execution context is allowed to use (join/leave/send/receive) IP multicast (disallowed from loaded classes).

Overrides:
checkMulticast in class SecurityManager
 o checkPackageAccess
public synchronized void checkPackageAccess(String pkg)
Check if a loaded class can access a package.

Overrides:
checkPackageAccess in class SecurityManager
 o checkPackageDefinition
public synchronized void checkPackageDefinition(String pkg)
Check if a loaded class can define classes in a package.

Overrides:
checkPackageDefinition in class SecurityManager
 o checkPrintJobAccess
public void checkPrintJobAccess()
Disallow printing from loaded classes.

Overrides:
checkPrintJobAccess in class SecurityManager
 o checkPropertiesAccess
public synchronized void checkPropertiesAccess()
Loaded classes are not allowed to access the system properties list.

Overrides:
checkPropertiesAccess in class SecurityManager
 o checkPropertyAccess
public synchronized void checkPropertyAccess(String key)
Loaded classes can access the system property named by key only if its twin key.rmi property is set to true. For example, the property java.home can be read by loaded classes only if java.home.rmi is true.

Overrides:
checkPropertyAccess in class SecurityManager
 o checkRead
public synchronized void checkRead(String file)
Check if a loaded class can read a particular file.

Overrides:
checkRead in class SecurityManager
 o checkRead
public void checkRead(String file,
                      Object context)
No file reads are valid from a loaded class.

Throws: RMISecurityException
If called from a loaded class.
Overrides:
checkRead in class SecurityManager
 o checkRead
public synchronized void checkRead(FileDescriptor fd)
Loaded classes are not allowed to open descriptors for reading unless it is done through a socket, in which case other access restrictions still apply.

Overrides:
checkRead in class SecurityManager
 o checkSecurityAccess
public void checkSecurityAccess(String provider)
Loaded classes cannot perform security provider operations.

Overrides:
checkSecurityAccess in class SecurityManager
 o checkSetFactory
public synchronized void checkSetFactory()
Check if a loaded class can set a networking-related object factory.

Overrides:
checkSetFactory in class SecurityManager
 o checkSystemClipboardAccess
public void checkSystemClipboardAccess()
Checks to see if an client can get access to the System Clipboard (disallowed from loaded classes).

Overrides:
checkSystemClipboardAccess in class SecurityManager
 o checkTopLevelWindow
public synchronized boolean checkTopLevelWindow(Object window)
Allow caller to create top-level windows. Allow loaded classes to create windows with warnings.

Overrides:
checkTopLevelWindow in class SecurityManager
 o checkWrite
public synchronized void checkWrite(String file)
Check if a loaded class can write a particular file.

Throws: RMISecurityException
If called from a loaded class.
Overrides:
checkWrite in class SecurityManager
 o checkWrite
public synchronized void checkWrite(FileDescriptor fd)
Loaded classes are not allowed to open descriptors for writing unless it is done through a socket, in which case other access restrictions still apply.

Overrides:
checkWrite in class SecurityManager
 o getSecurityContext
public java.lang.Object getSecurityContext()
Returns the security context (e.g., a URL).

Overrides:
getSecurityContext in class SecurityManager

All Packages  Class Hierarchy  This Package  Previous  Next  Index