SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 24

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 25

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
According to the Class {{SecurityManager}} documentation \[[API 06|AA. Java References#API 06]\], Class {{SecurityManager}} documentation:

The security manager is a class that allows applications to implement a security policy. It allows an application to determine, before performing a possibly unsafe or sensitive operation, what the operation is and whether it is being attempted in a security context that allows the operation to be performed. The application can allow or disallow the operation.

...

The security manager is closely related to the AccessController. The former is used as a hub for access control whereas the latter is the implementer of a particular access control algorithm. Two requirements necessitate the use of the security manager -:

  • Providing backward compatibility: Legacy code often contains custom implementations of the security manager class since because it was originally abstract.

...

  • The checkPermission methods eliminated the need for hardcoding names of the checks in the call.
  • They utilized used only one copy of the complicated algorithms and code for examining the Java runtime by using a common checkPermission method.
  • Newer permissions for resources could be easily added by encapsulating them in a new Permission class.

...

For local applications, the security manager can be installed using the flags as shown next. Note that the setSecurityManager method must be replaced by getSecurityManager in this case since the manager has already been installed using the command line flag.follows:

Code Block
bgColor#ccccff
java -Djava.security.manager -Djava.security.policy=policyURL LocalJavaApp

The default policy file java.policy grants a few permissions (reading system properties, binding to unprivileged ports and so onnote that the setSecurityManager method must be replaced by getSecurityManager in this case since the manager has already been installed using the command line flag.) and can be found in the ~/java.home/lib/security directory on *nix based Unix-like systems and its equivalent on Microsoft Windows systems. There is also a user specific policy file in the user's home directory. The union of both these policy files defines the permissions given to a program.

...