All Packages Class Hierarchy This Package Previous Next Index
Class java.rmi.RMISecurityManager
java.lang.Object
|
+----java.lang.SecurityManager
|
+----java.rmi.RMISecurityManager
- public class RMISecurityManager
- extends SecurityManager
This class defines a default security policy for RMI applications (not
applets). For code loaded from a class loader, the security manager
disables all functions except class definition and access. This class
may be subclassed to implement a different policy. To set a
RMISecurityManager, add the following to an application's main()
method:
System.setSecurityManager(new RMISecurityManager()); If no security
manager has been set, RMI will only load classes from local system
files as defined by CLASSPATH.
-
RMISecurityManager()
- Construct and initialize.
-
checkAccept(String, int)
- For now loaded classes can't accept connections on any port.
-
checkAccess(Thread)
- Loaded classes are not allowed to manipulate threads.
-
checkAccess(ThreadGroup)
- Loaded classes are not allowed to manipulate thread groups.
-
checkAwtEventQueueAccess()
- Checks to see if an client can get access to the AWT event queue
(disallowed from loaded classes).
-
checkConnect(String, int)
- Loaded classes can make connections if called through the RMI transport.
-
checkConnect(String, int, Object)
- Loaded classes can make connections if
called through the RMI transport.
-
checkCreateClassLoader()
- Loaded classes are not allowed to create class loaders, or even
execute any of ClassLoader's methods.
-
checkDelete(String)
- Check if a file with the specified system dependent
file name can be deleted.
-
checkExec(String)
- Loaded classes are not allowed to fork processes.
-
checkExit(int)
- Loaded classes are not allowed to exit the VM.
-
checkLink(String)
- Loaded classes are not allowed to link dynamic libraries.
-
checkListen(int)
- For now loaded classes can't listen on any port.
-
checkMemberAccess(Class, int)
- Check if client is allowed reflective access to a member or a set
of members for the specified class.
-
checkMulticast(InetAddress)
- Checks to see if current execution context is allowed to use
(join/leave/send/receive) IP multicast (disallowed from loaded classes).
-
checkMulticast(InetAddress, byte)
- Checks to see if current execution context is allowed to use
(join/leave/send/receive) IP multicast (disallowed from loaded classes).
-
checkPackageAccess(String)
- Check if a loaded class can access a package.
-
checkPackageDefinition(String)
- Check if a loaded class can define classes in a package.
-
checkPrintJobAccess()
- Disallow printing from loaded classes.
-
checkPropertiesAccess()
- Loaded classes are not allowed to access the system properties list.
-
checkPropertyAccess(String)
- Loaded classes can access the system property named by key
only if its twin key.rmi property is set to true.
-
checkRead(FileDescriptor)
- Loaded classes are not allowed to open descriptors for reading unless
it is done through a socket, in which case other access
restrictions still apply.
-
checkRead(String)
- Check if a loaded class can read a particular file.
-
checkRead(String, Object)
- No file reads are valid from a loaded class.
-
checkSecurityAccess(String)
- Loaded classes cannot perform security provider operations.
-
checkSetFactory()
- Check if a loaded class can set a networking-related object factory.
-
checkSystemClipboardAccess()
- Checks to see if an client can get access to the System Clipboard
(disallowed from loaded classes).
-
checkTopLevelWindow(Object)
- Allow caller to create top-level windows.
-
checkWrite(FileDescriptor)
- Loaded classes are not allowed to open descriptors for writing unless
it is done through a socket, in which case other access
restrictions still apply.
-
checkWrite(String)
- Check if a loaded class can write a particular file.
-
getSecurityContext()
- Returns the security context (e.g., a URL).
RMISecurityManager
public RMISecurityManager()
- Construct and initialize.
getSecurityContext
public Object getSecurityContext()
- Returns the security context (e.g., a URL).
- Overrides:
- getSecurityContext in class SecurityManager
checkCreateClassLoader
public synchronized void checkCreateClassLoader()
- Loaded classes are not allowed to create class loaders, or even
execute any of ClassLoader's methods.
- Overrides:
- checkCreateClassLoader in class SecurityManager
checkAccess
public synchronized void checkAccess(Thread t)
- Loaded classes are not allowed to manipulate threads.
- Overrides:
- checkAccess in class SecurityManager
checkAccess
public synchronized void checkAccess(ThreadGroup g)
- Loaded classes are not allowed to manipulate thread groups.
- Overrides:
- checkAccess in class SecurityManager
checkExit
public synchronized void checkExit(int status)
- Loaded classes are not allowed to exit the VM.
- Overrides:
- checkExit in class SecurityManager
checkExec
public synchronized void checkExec(String cmd)
- Loaded classes are not allowed to fork processes.
- Overrides:
- checkExec in class SecurityManager
checkLink
public synchronized void checkLink(String lib)
- Loaded classes are not allowed to link dynamic libraries.
- Overrides:
- checkLink in class SecurityManager
checkPropertiesAccess
public synchronized void checkPropertiesAccess()
- Loaded classes are not allowed to access the system properties list.
- Overrides:
- checkPropertiesAccess in class SecurityManager
checkPropertyAccess
public synchronized void checkPropertyAccess(String key)
- Loaded classes can access the system property named by key
only if its twin key.rmi property is set to true.
For example, the property
java.home
can be read by
loaded classes only if java.home.rmi
is true
.
- Overrides:
- checkPropertyAccess in class SecurityManager
checkRead
public synchronized void checkRead(String file)
- Check if a loaded class can read a particular file.
- Overrides:
- checkRead in class SecurityManager
checkRead
public void checkRead(String file,
Object context)
- No file reads are valid from a loaded class.
- Throws: RMISecurityException
- If called from a loaded class.
- Overrides:
- checkRead in class SecurityManager
checkWrite
public synchronized void checkWrite(String file)
- Check if a loaded class can write a particular file.
- Throws: RMISecurityException
- If called from a loaded class.
- Overrides:
- checkWrite in class SecurityManager
checkDelete
public void checkDelete(String file)
- Check if a file with the specified system dependent
file name can be deleted.
- Parameters:
- file - the system dependent file name
- Throws: RMISecurityException
- If the file is not found.
- Overrides:
- checkDelete in class SecurityManager
checkRead
public synchronized void checkRead(FileDescriptor fd)
- Loaded classes are not allowed to open descriptors for reading unless
it is done through a socket, in which case other access
restrictions still apply.
- Overrides:
- checkRead in class SecurityManager
checkWrite
public synchronized void checkWrite(FileDescriptor fd)
- Loaded classes are not allowed to open descriptors for writing unless
it is done through a socket, in which case other access
restrictions still apply.
- Overrides:
- checkWrite in class SecurityManager
checkListen
public synchronized void checkListen(int port)
- For now loaded classes can't listen on any port.
- Overrides:
- checkListen in class SecurityManager
checkAccept
public synchronized void checkAccept(String host,
int port)
- For now loaded classes can't accept connections on any port.
- Overrides:
- checkAccept in class SecurityManager
checkMulticast
public void checkMulticast(InetAddress maddr)
- Checks to see if current execution context is allowed to use
(join/leave/send/receive) IP multicast (disallowed from loaded classes).
- Overrides:
- checkMulticast in class SecurityManager
checkMulticast
public void checkMulticast(InetAddress maddr,
byte ttl)
- Checks to see if current execution context is allowed to use
(join/leave/send/receive) IP multicast (disallowed from loaded classes).
- Overrides:
- checkMulticast in class SecurityManager
checkConnect
public synchronized void checkConnect(String host,
int port)
- Loaded classes can make connections if called through the RMI transport.
- Overrides:
- checkConnect in class SecurityManager
checkConnect
public void checkConnect(String host,
int port,
Object context)
- Loaded classes can make connections if
called through the RMI transport.
- Overrides:
- checkConnect in class SecurityManager
checkTopLevelWindow
public synchronized boolean checkTopLevelWindow(Object window)
- Allow caller to create top-level windows.
Allow loaded classes to create windows with warnings.
- Overrides:
- checkTopLevelWindow in class SecurityManager
checkPackageAccess
public synchronized void checkPackageAccess(String pkg)
- Check if a loaded class can access a package.
- Overrides:
- checkPackageAccess in class SecurityManager
checkPackageDefinition
public synchronized void checkPackageDefinition(String pkg)
- Check if a loaded class can define classes in a package.
- Overrides:
- checkPackageDefinition in class SecurityManager
checkSetFactory
public synchronized void checkSetFactory()
- Check if a loaded class can set a networking-related object factory.
- Overrides:
- checkSetFactory in class SecurityManager
checkPrintJobAccess
public void checkPrintJobAccess()
- Disallow printing from loaded classes.
- Overrides:
- checkPrintJobAccess in class SecurityManager
checkSystemClipboardAccess
public void checkSystemClipboardAccess()
- Checks to see if an client can get access to the System Clipboard
(disallowed from loaded classes).
- Overrides:
- checkSystemClipboardAccess in class SecurityManager
checkAwtEventQueueAccess
public void checkAwtEventQueueAccess()
- Checks to see if an client can get access to the AWT event queue
(disallowed from loaded classes).
- Overrides:
- checkAwtEventQueueAccess in class SecurityManager
checkMemberAccess
public void checkMemberAccess(Class clazz,
int which)
- Check if client is allowed reflective access to a member or a set
of members for the specified class. Once initial access is granted,
the reflected members can be queried for identifying information, but
can only be used (via get, set, invoke, or
newInstance) with standard Java language access control.
The policy is to dent untrusted clients access to
declared members of classes other than those loaded via
the same class loader. All other accesses are granted.
- Overrides:
- checkMemberAccess in class SecurityManager
checkSecurityAccess
public void checkSecurityAccess(String provider)
- Loaded classes cannot perform security provider operations.
- Overrides:
- checkSecurityAccess in class SecurityManager
All Packages Class Hierarchy This Package Previous Next Index