Skip navigation links
java.lang

Class SecurityManager

Returns:
the index of the most recent non-system Class on the stack
  • checkExit

    public void checkExit(int status)
    Check if the current thread is allowed to exit the JVM with the given status. This method is called from Runtime.exit() and Runtime.halt(). The default implementation checks RuntimePermission("exitVM"). If you override this, call super.checkExit rather than throwing an exception.
    Parameters:
    status - the status to exit with
    Throws:
    SecurityException - if permission is denied
    See Also:
    Runtime.exit(int), Runtime.halt(int)
  • checkExec

    public void checkExec(String program)
    Check if the current thread is allowed to execute the given program. This method is called from Runtime.exec(). If the name is an absolute path, the default implementation checks FilePermission(program, "execute"), otherwise it checks FilePermission("<<ALL FILES>>", "execute"). If you override this, call super.checkExec rather than throwing an exception.
    Parameters:
    program - the name of the program to exec
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if program is null
    See Also:
    Runtime#exec(String[], String[], File)
  • checkLink

    public void checkLink(String filename)
    Check if the current thread is allowed to link in the given native library. This method is called from Runtime.load() (and hence, by loadLibrary() as well). The default implementation checks RuntimePermission("loadLibrary." + filename). If you override this, call super.checkLink rather than throwing an exception.
    Parameters:
    filename - the full name of the library to load
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if filename is null
    See Also:
    Runtime.load(String)
  • checkRead

    public void checkRead(String filename)
    Check if the current thread is allowed to read the given file. This method is called from FileInputStream.FileInputStream(), RandomAccessFile.RandomAccessFile(), File.exists(), canRead(), isFile(), isDirectory(), lastModified(), length() and list(). The default implementation checks FilePermission(filename, "read"). If you override this, call super.checkRead rather than throwing an exception.
    Parameters:
    filename - the full name of the file to access
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if filename is null
    See Also:
    File, FileInputStream#FileInputStream(String), RandomAccessFile#RandomAccessFile(String)
  • checkRead

    public void checkRead(String filename,
                          Object context)
    Check if the current thread is allowed to read the given file. using the given security context. The context must be a result of a previous call to getSecurityContext(). The default implementation checks AccessControlContext.checkPermission(new FilePermission(filename, "read")). If you override this, call super.checkRead rather than throwing an exception.
    Parameters:
    filename - the full name of the file to access
    context - the context to determine access for
    Throws:
    SecurityException - if permission is denied, or if context is not an AccessControlContext
    NullPointerException - if filename is null
    See Also:
    getSecurityContext(), AccessControlContext#checkPermission(Permission)
  • checkWrite

    public void checkWrite(String filename)
    Check if the current thread is allowed to write the given file. This method is called from FileOutputStream.FileOutputStream(), RandomAccessFile.RandomAccessFile(), File.canWrite(), mkdir(), and renameTo(). The default implementation checks FilePermission(filename, "write"). If you override this, call super.checkWrite rather than throwing an exception.
    Parameters:
    filename - the full name of the file to access
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if filename is null
    See Also:
    File, File#canWrite(), File#mkdir(), File#renameTo(), FileOutputStream#FileOutputStream(String), RandomAccessFile#RandomAccessFile(String)
  • checkDelete

    public void checkDelete(String filename)
    Check if the current thread is allowed to delete the given file. This method is called from File.delete(). The default implementation checks FilePermission(filename, "delete"). If you override this, call super.checkDelete rather than throwing an exception.
    Parameters:
    filename - the full name of the file to delete
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if filename is null
    See Also:
    File#delete()
  • checkConnect

    public void checkConnect(String host,
                             int port)
    Check if the current thread is allowed to connect to a given host on a given port. This method is called from Socket.Socket(). A port number of -1 indicates the caller is attempting to determine an IP address, so the default implementation checks SocketPermission(host, "resolve"). Otherwise, the default implementation checks SocketPermission(host + ":" + port, "connect"). If you override this, call super.checkConnect rather than throwing an exception.
    Parameters:
    host - the host to connect to
    port - the port to connect on
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if host is null
    See Also:
    Socket#Socket()
  • checkConnect

    public void checkConnect(String host,
                             int port,
                             Object securityContext)
    Check if the current thread is allowed to connect to a given host on a given port, using the given security context. The context must be a result of a previous call to getSecurityContext. A port number of -1 indicates the caller is attempting to determine an IP address, so the default implementation checks AccessControlContext.checkPermission(new SocketPermission(host, "resolve")). Otherwise, the default implementation checks AccessControlContext.checkPermission(new SocketPermission(host + ":" + port, "connect")). If you override this, call super.checkConnect rather than throwing an exception.
    Parameters:
    host - the host to connect to
    port - the port to connect on
    context - the context to determine access for
    Throws:
    SecurityException - if permission is denied, or if context is not an AccessControlContext
    NullPointerException - if host is null
    See Also:
    getSecurityContext(), AccessControlContext#checkPermission(Permission)
  • checkListen

    public void checkListen(int port)
    Check if the current thread is allowed to listen to a specific port for data. This method is called by ServerSocket.ServerSocket(). The default implementation checks SocketPermission("localhost:" + (port == 0 ? "1024-" : "" + port), "listen"). If you override this, call super.checkListen rather than throwing an exception.
    Parameters:
    port - the port to listen on
    Throws:
    SecurityException - if permission is denied
    See Also:
    ServerSocket#ServerSocket(int)
  • checkAccept

    public void checkAccept(String host,
                            int port)
    Check if the current thread is allowed to accept a connection from a particular host on a particular port. This method is called by ServerSocket.implAccept(). The default implementation checks SocketPermission(host + ":" + port, "accept"). If you override this, call super.checkAccept rather than throwing an exception.
    Parameters:
    host - the host which wishes to connect
    port - the port the connection will be on
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if host is null
    See Also:
    ServerSocket#accept()
  • checkPropertiesAccess

    public void checkPropertiesAccess()
    Check if the current thread is allowed to read or write all the system properties at once. This method is called by System.getProperties() and setProperties(). The default implementation checks PropertyPermission("*", "read,write"). If you override this, call super.checkPropertiesAccess rather than throwing an exception.
    Throws:
    SecurityException - if permission is denied
    See Also:
    System.getProperties(), System#setProperties(Properties)
  • checkPropertyAccess

    public void checkPropertyAccess(String key)
    Check if the current thread is allowed to read a particular system property (writes are checked directly via checkPermission). This method is called by System.getProperty() and setProperty(). The default implementation checks PropertyPermission(key, "read"). If you override this, call super.checkPropertyAccess rather than throwing an exception.
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if key is null
    IllegalArgumentException - if key is ""
    See Also:
    System.getProperty(String)
  • checkTopLevelWindow

    public boolean checkTopLevelWindow(Object window)
    Check if the current thread is allowed to create a top-level window. If it is not, the operation should still go through, but some sort of nonremovable warning should be placed on the window to show that it is untrusted. This method is called by Window.Window().
    Parameters:
    window - the window to create
    Returns:
    true if there is permission to show the window without warning
    Throws:
    NullPointerException - if window is null
    See Also:
    WindowSurface#Window(Frame)
  • checkPrintJobAccess

    public void checkPrintJobAccess()
    Check if the current thread is allowed to create a print job. This method is called by Toolkit.getPrintJob(). The default implementation checks RuntimePermission("queuePrintJob"). If you override this, call super.checkPrintJobAccess rather than throwing an exception.
    Throws:
    SecurityException - if permission is denied
    Since:
    1.1
    See Also:
    Toolkit#getPrintJob(Frame, String, Properties)
  • checkSystemClipboardAccess

    public void checkSystemClipboardAccess()
    Check if the current thread is allowed to use the system clipboard. This method is called by Toolkit.getSystemClipboard(). The default implementation checks AWTPermission("accessClipboard"). If you override this, call super.checkSystemClipboardAccess rather than throwing an exception.
    Throws:
    SecurityException - if permission is denied
    Since:
    1.1
    See Also:
    Toolkit#getSystemClipboard()
  • checkPackageAccess

    public void checkPackageAccess(String packageName)
    Check if the current thread is allowed to access the specified package at all. This method is called by ClassLoader.loadClass() in user-created ClassLoaders. The default implementation gets a list of all restricted packages, via Security.getProperty("package.access"). Then, if packageName starts with or equals any restricted package, it checks RuntimePermission("accessClassInPackage." + packageName). If you override this, you should call super.checkPackageAccess before doing anything else.
    Parameters:
    packageName - the package name to check access to
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if packageName is null
    See Also:
    ClassLoader.loadClass(String, boolean), Security#getProperty(String)
  • checkPackageDefinition

    public void checkPackageDefinition(String packageName)
    Check if the current thread is allowed to define a class into the specified package. This method is called by ClassLoader.loadClass() in user-created ClassLoaders. The default implementation gets a list of all restricted packages, via Security.getProperty("package.definition"). Then, if packageName starts with or equals any restricted package, it checks RuntimePermission("defineClassInPackage." + packageName). If you override this, you should call super.checkPackageDefinition before doing anything else.
    Parameters:
    packageName - the package name to check access to
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if packageName is null
    See Also:
    ClassLoader.loadClass(String, boolean), Security#getProperty(String)
  • checkSetFactory

    public void checkSetFactory()
    Check if the current thread is allowed to set the current socket factory. This method is called by Socket.setSocketImplFactory(), ServerSocket.setSocketFactory(), and URL.setURLStreamHandlerFactory(). The default implementation checks RuntimePermission("setFactory"). If you override this, call super.checkSetFactory rather than throwing an exception.
    Throws:
    SecurityException - if permission is denied
    See Also:
    Socket#setSocketImplFactory(SocketImplFactory), ServerSocket#setSocketFactory(SocketImplFactory), URL#setURLStreamHandlerFactory(URLStreamHandlerFactory)
  • checkMemberAccess

    public void checkMemberAccess(Class c,
                                  int memberType)
    Check if the current thread is allowed to get certain types of Methods, Fields and Constructors from a Class object. This method is called by Class.getMethod[s](), Class.getField[s](), Class.getConstructor[s], Class.getDeclaredMethod[s](), Class.getDeclaredField[s](), and Class.getDeclaredConstructor[s](). The default implementation allows PUBLIC access, and access to classes defined by the same classloader as the code performing the reflection. Otherwise, it checks RuntimePermission("accessDeclaredMembers"). If you override this, do not call super.checkMemberAccess, as this would mess up the stack depth check that determines the ClassLoader requesting the access.
    Parameters:
    c - the Class to check
    memberType - either DECLARED or PUBLIC
    Throws:
    SecurityException - if permission is denied, including when memberType is not DECLARED or PUBLIC
    NullPointerException - if c is null
    Since:
    1.1
    See Also:
    Class, Member#DECLARED, Member#PUBLIC
  • checkSecurityAccess

    public void checkSecurityAccess(String action)
    Test whether a particular security action may be taken. The default implementation checks SecurityPermission(action). If you override this, call super.checkSecurityAccess rather than throwing an exception.
    Parameters:
    action - the desired action to take
    Throws:
    SecurityException - if permission is denied
    NullPointerException - if action is null
    IllegalArgumentException - if action is ""
    Since:
    1.1
  • getThreadGroup

    public ThreadGroup getThreadGroup()
    Get the ThreadGroup that a new Thread should belong to by default. Called by Thread.Thread(). The default implementation returns the current ThreadGroup of the current Thread. Spec Note: it is not clear whether the new Thread is guaranteed to pass the checkAccessThreadGroup() test when using this ThreadGroup, but I presume so.
    Returns:
    the ThreadGroup to put the new Thread into
    Since:
    1.1