Using Access Control

As mentioned in Chapter 26, the J2SDK has integrated JAAS. With this integration the java.security.Policy API handles principal-based queries, which allows you to determine who is running the code; so access control now can be based on what code is running and who is running it.

The integration of JAAS also added support for dynamic policies where classes are bound with permissions until a security check is necessary. This binding lasts through the lifetime of the security policy.

The java.security.Permission class implements the java.security.Guard interface. The Guard interface provides the checkGuard method to perform security checks on an object (which is passed as an argument). The class AccessControlContext can be used when access control decisions need to be made in a different context. However, when the resource supplier and consumer are not in the same thread, the access control context may not be available - as when the context is security-sensitive.

The resource supplier can create a java.security.GuardedObject . The supplier embeds the resource inside (the guarded object) with security checks that must be satisfied in order for the resource to be accessed. The supplier can then provide the GuardedObject to the consumer.

In the following code snippet, the resource to be protected is the finance.txt file. The supplier creates a GuardedObject that contains the file and its permission information:

 FileInputStream fFile = new FileInputStream("finance.txt"); FilePermission fPerm = new FilePermission("finance.txt", "read"); GuardedObject myGuardedObj = new GuardedObject(fFile, fPerm); 

The thread then passes myGuardedObj to the consumer, which accesses it via the following line of code:

 FileInputStream theResource = (FileInputStream) myGardedObj.getObject(); 

The getObject method calls the checkGuard method of the Guarded interface, which in turn calls the SecurityManager.checkPermission method. If access is not permitted, an exception is thrown.