SecurityManager

Table: SecurityManager public methods

In the current release of Java (beta), the SecurityManager is not well documented. Nevertheless, from examining the code released with the Java beta release and reading what documentation does exist, a good deal can be determined about what the SecurityManager is intended to do. The SecurityManager contains a number of methods which are intended to be called to check specific types of actions. Figure 3.2.2 provides a full list of the public methods with their intended uses. The SecurityManager class itself is not intended to be used directly (each of the checks defaults to throwing a security exception), instead it is intended to be subclassed and installed as the System SecurityManager. The subclassed SecurityManager can be used to instantiate the desired security policy.

The SecurityManager provides an extremely flexible and powerful mechanism for conditionally allowing access to resources. The SecurityManager methods which check access are passed arguments which are necessary to implement conditional access policies, as well as having the ability to check the execution stack to determine if the code has been called by local or downloaded code.

The standard metaphor for creating library code for a potentially dangerous system resource is to only provide access to operations that are not dangerous, and to wrap a security check (via the SecurityManager) around calls that access is provided to on a limited basis.

Figure: Example of security check. This example shows the basic metaphor: the public method mkdir checks the system SecurityManager (which will throw an exception if the check does not pass) and then calls the low level private method mkdir0.