...
| Code Block | ||
|---|---|---|
| ||
public class Password {
public static void changePassword(final String password_file) throws FileNotFoundException {
FileInputStream fin;
fin = openPasswordFile(password_file);
}
public static FileInputStream openPasswordFile(String password_file) throws FileNotFoundException {
// Declare as final and assign before the body of the anonymous inner class
// Array f[] is used to maintain language semantics while using final
final FileInputStream f[]={null};
// Use own privilege to open the sensitive password file
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
f[0] = new FileInputStream("c:\\" + passowrd_file); //Perform privileged action
}catch(FileNotFoundException cnf) { System.err.println(cnf.getMessage()); }
return null; //Still mandatory to return from run()
}
});
return f[0]; //Returns a reference to privileged objects (inappropriate)
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
class Password {
private static void changePassword() {
// Use own privilege to open the sensitive password file
final String password_file = "password";
final FileInputStream f[] = {null};
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
f[0] = openPasswordFile(password_file); // call the privileged method here
}catch(FileNotFoundException cnf) {
System.err.println("Error: Operation could not be performed");
}
return null;
}
});
//Perform other operations such as password verification
}
private static FileInputStream openPasswordFile(String password_file) throws FileNotFoundException {
FileInputStream f = new FileInputStream("c:\\" + password_file);
// Perform read/write operations on password file
return f;
}
}
|
...