...
| Code Block | ||
|---|---|---|
| ||
public final class SecureCreditCard implements Serializable {
// Private internal state
private String credit_card;
private static final String DEFAULT = "DEFAULT";
public SecureCreditCard() {
// Initialize credit_card to default value
credit_card = DEFAULT;
}
//allows callers to modify (private) internal state
public void changeCC(String newCC) {
if (credit_card.equals(newCC)) {
// No change
return;
} else {
// Check permissions to modify credit_card
performSecurityManagerCheck();
validateInput(newCC);
credit_card = newCC;
}
}
// readObject() correctly enforces checks during deserialization
private void readObject(ObjectInputStream in) throws IOException {
in.defaultReadObject();
// If the deserialized name does not match the default value normally
// created at construction time, duplicate the checks
if (!DEFAULT.equals(credit_card)) {
performSecurityManagerCheck();
validateInput(credit_card);
}
}
// Allows callers to retrieve internal state
public String getValue() {
// Check permission to get value
performSecurityManagerCheck();
return somePublicValue;
}
// writeObject() correctly enforces checks during serialization
private void writeObject(ObjectOutputStream out) throws IOException {
// Duplicate check from getValue()
performSecurityManagerCheck();
out.writeObject(credit_card);
}
}
|
Refer to the guideline SEC36SEC08-J. Enforce security checks in code that performs sensitive operations to learn about implementing the performSecurityManagerCheck() method.
...