All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class java.rmi.RMISecurityManager

java.lang.Object
   |
   +----java.lang.SecurityManager
           |
           +----java.rmi.RMISecurityManager

public class RMISecurityManager
extends SecurityManager
This class defines a default security policy for RMI applications (not applets). For code loaded from a class loader, the security manager disables all functions except class definition and access. This class may be subclassed to implement a different policy. To set a RMISecurityManager, add the following to an application's main() method:
System.setSecurityManager(new RMISecurityManager()); If no security manager has been set, RMI will only load classes from local system files as defined by CLASSPATH.


Constructor Index

 o RMISecurityManager()
Construct and initialize.

Method Index

 o checkAccept(String, int)
For now loaded classes can't accept connections on any port.
 o checkAccess(Thread)
Loaded classes are not allowed to manipulate threads.
 o checkAccess(ThreadGroup)
Loaded classes are not allowed to manipulate thread groups.
 o checkAwtEventQueueAccess()
Checks to see if an client can get access to the AWT event queue (disallowed from loaded classes).
 o checkConnect(String, int)
Loaded classes can make connections if called through the RMI transport.
 o checkConnect(String, int, Object)
Loaded classes can make connections if called through the RMI transport.
 o checkCreateClassLoader()
Loaded classes are not allowed to create class loaders, or even execute any of ClassLoader's methods.
 o checkDelete(String)
Check if a file with the specified system dependent file name can be deleted.
 o checkExec(String)
Loaded classes are not allowed to fork processes.
 o checkExit(int)
Loaded classes are not allowed to exit the VM.
 o checkLink(String)
Loaded classes are not allowed to link dynamic libraries.
 o checkListen(int)
For now loaded classes can't listen on any port.
 o checkMemberAccess(Class, int)
Check if client is allowed reflective access to a member or a set of members for the specified class.
 o checkMulticast(InetAddress)
Checks to see if current execution context is allowed to use (join/leave/send/receive) IP multicast (disallowed from loaded classes).
 o checkMulticast(InetAddress, byte)
Checks to see if current execution context is allowed to use (join/leave/send/receive) IP multicast (disallowed from loaded classes).
 o checkPackageAccess(String)
Check if a loaded class can access a package.
 o checkPackageDefinition(String)
Check if a loaded class can define classes in a package.
 o checkPrintJobAccess()
Disallow printing from loaded classes.
 o checkPropertiesAccess()
Loaded classes are not allowed to access the system properties list.
 o checkPropertyAccess(String)
Loaded classes can access the system property named by key only if its twin key.rmi property is set to true.
 o checkRead(FileDescriptor)
Loaded classes are not allowed to open descriptors for reading unless it is done through a socket, in which case other access restrictions still apply.
 o checkRead(String)
Check if a loaded class can read a particular file.
 o checkRead(String, Object)
No file reads are valid from a loaded class.
 o checkSecurityAccess(String)
Loaded classes cannot perform security provider operations.
 o checkSetFactory()
Check if a loaded class can set a networking-related object factory.
 o checkSystemClipboardAccess()
Checks to see if an client can get access to the System Clipboard (disallowed from loaded classes).
 o checkTopLevelWindow(Object)
Allow caller to create top-level windows.
 o checkWrite(FileDescriptor)
Loaded classes are not allowed to open descriptors for writing unless it is done through a socket, in which case other access restrictions still apply.
 o checkWrite(String)
Check if a loaded class can write a particular file.
 o getSecurityContext()
Returns the security context (e.g., a URL).

Constructors

 o RMISecurityManager
 public RMISecurityManager()
Construct and initialize.

Methods

 o getSecurityContext
 public Object getSecurityContext()
Returns the security context (e.g., a URL).

Overrides:
getSecurityContext in class SecurityManager
 o checkCreateClassLoader
 public synchronized void checkCreateClassLoader()
Loaded classes are not allowed to create class loaders, or even execute any of ClassLoader's methods.

Overrides:
checkCreateClassLoader in class SecurityManager
 o checkAccess
 public synchronized void checkAccess(Thread t)
Loaded classes are not allowed to manipulate threads.

Overrides:
checkAccess in class SecurityManager
 o checkAccess
 public synchronized void checkAccess(ThreadGroup g)
Loaded classes are not allowed to manipulate thread groups.

Overrides:
checkAccess in class SecurityManager
 o checkExit
 public synchronized void checkExit(int status)
Loaded classes are not allowed to exit the VM.

Overrides:
checkExit in class SecurityManager
 o checkExec
 public synchronized void checkExec(String cmd)
Loaded classes are not allowed to fork processes.

Overrides:
checkExec in class SecurityManager
 o checkLink
 public synchronized void checkLink(String lib)
Loaded classes are not allowed to link dynamic libraries.

Overrides:
checkLink in class SecurityManager
 o checkPropertiesAccess
 public synchronized void checkPropertiesAccess()
Loaded classes are not allowed to access the system properties list.

Overrides:
checkPropertiesAccess in class SecurityManager
 o checkPropertyAccess
 public synchronized void checkPropertyAccess(String key)
Loaded classes can access the system property named by key only if its twin key.rmi property is set to true. For example, the property java.home can be read by loaded classes only if java.home.rmi is true.

Overrides:
checkPropertyAccess in class SecurityManager
 o checkRead
 public synchronized void checkRead(String file)
Check if a loaded class can read a particular file.

Overrides:
checkRead in class SecurityManager
 o checkRead
 public void checkRead(String file,
                       Object context)
No file reads are valid from a loaded class.

Throws: RMISecurityException
If called from a loaded class.
Overrides:
checkRead in class SecurityManager
 o checkWrite
 public synchronized void checkWrite(String file)
Check if a loaded class can write a particular file.

Throws: RMISecurityException
If called from a loaded class.
Overrides:
checkWrite in class SecurityManager
 o checkDelete
 public void checkDelete(String file)
Check if a file with the specified system dependent file name can be deleted.

Parameters:
file - the system dependent file name
Throws: RMISecurityException
If the file is not found.
Overrides:
checkDelete in class SecurityManager
 o checkRead
 public synchronized void checkRead(FileDescriptor fd)
Loaded classes are not allowed to open descriptors for reading unless it is done through a socket, in which case other access restrictions still apply.

Overrides:
checkRead in class SecurityManager
 o checkWrite
 public synchronized void checkWrite(FileDescriptor fd)
Loaded classes are not allowed to open descriptors for writing unless it is done through a socket, in which case other access restrictions still apply.

Overrides:
checkWrite in class SecurityManager
 o checkListen
 public synchronized void checkListen(int port)
For now loaded classes can't listen on any port.

Overrides:
checkListen in class SecurityManager
 o checkAccept
 public synchronized void checkAccept(String host,
                                      int port)
For now loaded classes can't accept connections on any port.

Overrides:
checkAccept in class SecurityManager
 o checkMulticast
 public void checkMulticast(InetAddress maddr)
Checks to see if current execution context is allowed to use (join/leave/send/receive) IP multicast (disallowed from loaded classes).

Overrides:
checkMulticast in class SecurityManager
 o checkMulticast
 public void checkMulticast(InetAddress maddr,
                            byte ttl)
Checks to see if current execution context is allowed to use (join/leave/send/receive) IP multicast (disallowed from loaded classes).

Overrides:
checkMulticast in class SecurityManager
 o checkConnect
 public synchronized void checkConnect(String host,
                                       int port)
Loaded classes can make connections if called through the RMI transport.

Overrides:
checkConnect in class SecurityManager
 o checkConnect
 public void checkConnect(String host,
                          int port,
                          Object context)
Loaded classes can make connections if called through the RMI transport.

Overrides:
checkConnect in class SecurityManager
 o checkTopLevelWindow
 public synchronized boolean checkTopLevelWindow(Object window)
Allow caller to create top-level windows. Allow loaded classes to create windows with warnings.

Overrides:
checkTopLevelWindow in class SecurityManager
 o checkPackageAccess
 public synchronized void checkPackageAccess(String pkg)
Check if a loaded class can access a package.

Overrides:
checkPackageAccess in class SecurityManager
 o checkPackageDefinition
 public synchronized void checkPackageDefinition(String pkg)
Check if a loaded class can define classes in a package.

Overrides:
checkPackageDefinition in class SecurityManager
 o checkSetFactory
 public synchronized void checkSetFactory()
Check if a loaded class can set a networking-related object factory.

Overrides:
checkSetFactory in class SecurityManager
 o checkPrintJobAccess
 public void checkPrintJobAccess()
Disallow printing from loaded classes.

Overrides:
checkPrintJobAccess in class SecurityManager
 o checkSystemClipboardAccess
 public void checkSystemClipboardAccess()
Checks to see if an client can get access to the System Clipboard (disallowed from loaded classes).

Overrides:
checkSystemClipboardAccess in class SecurityManager
 o checkAwtEventQueueAccess
 public void checkAwtEventQueueAccess()
Checks to see if an client can get access to the AWT event queue (disallowed from loaded classes).

Overrides:
checkAwtEventQueueAccess in class SecurityManager
 o checkMemberAccess
 public void checkMemberAccess(Class clazz,
                               int which)
Check if client is allowed reflective access to a member or a set of members for the specified class. Once initial access is granted, the reflected members can be queried for identifying information, but can only be used (via get, set, invoke, or newInstance) with standard Java language access control.

The policy is to dent untrusted clients access to declared members of classes other than those loaded via the same class loader. All other accesses are granted.

Overrides:
checkMemberAccess in class SecurityManager
 o checkSecurityAccess
 public void checkSecurityAccess(String provider)
Loaded classes cannot perform security provider operations.

Overrides:
checkSecurityAccess in class SecurityManager

All Packages  Class Hierarchy  This Package  Previous  Next  Index

Submit a bug or feature