...
This compliant solution suppresses the exception, using leaving the array to contain a single null return value to indicate that the file does not exist. It uses the simpler PrivilegedAction class rather than PrivilegedExceptionAction to prevent exceptions from propagating out of the doPrivileged() block. The Void return type is recommended for privileged actions that return no value.
| Code Block | ||
|---|---|---|
| ||
class PasswordManager {
public static void changePassword() {
FileInputStream fin = openPasswordFile();
if (fin == null) {
// no password file; handle error
}
// test old password with password in file contents; change password
}
private static FileInputStream openPasswordFile() {
final String password_file = "password";
final FileInputStream fin[] = { null };
AccessController.doPrivileged( new PrivilegedActionPrivilegedAction<Void>() {
public ObjectVoid run() {
try {
// Sensitive action; can't be done outside
// doPrivileged() block
fin[0] = new FileInputStream(password_file);
} catch (FileNotFoundException x) {
// report to handler
}
return null;
}
});
return fin[0];
}
}
|
Risk Assessment
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9001893c59da32dc-f641e65a-41d14c30-aa468a3e-4d424b06c1c5a98aad6ea8a7"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method doPrivileged() | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5f5adf1b27b4c601-35768445-46624842-b33d8fe3-a26ea41d5dcb399793eb1c44"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | Sections 6.4, AccessController and 9.5 Privileged Code | ]]></ac:plain-text-body></ac:structured-macro> |
...