...
Code Block | ||
---|---|---|
| ||
class SensitiveClass implements Cloneable { protected SensitiveClass(String passwd) { // perform security manager check System.out.println("SensitiveClass construction done!"); } protected void use(){ System.out.println("In method use()"); } public SensitiveClass Clone() { // well-behaved clone() method SensitiveClass s = null; try { s = (SensitiveClass)super.clone(); }catch(Exception e) { System.out.println("not cloneable"); } return s; } } class Foo { protected void privileged() { final SensitiveClass[] sc = new SensitiveClass[2]; AccessController.doPrivileged(new PrivilegedAction() { public Object run() { sc[0] = new SensitiveClass("password"); // object creation with the password sc[0].use(); //allowed return null; } }); sc[1] = sc[0].Clone(); // object creation without the password sc[01].use(); // this should not be allowed } public static void main(String[] args) { Foo f = new Foo(); f.privileged(); } } |
...