org.apache.river.api.security

Class CombinerSecurityManager

java.lang.Object

java.lang.SecurityManager

org.apache.river.api.security.CombinerSecurityManager

All Implemented Interfaces:

CachingSecurityManager

Direct Known Subclasses:

DelegateSecurityManager

public class CombinerSecurityManager
extends SecurityManager
implements CachingSecurityManager

CombinerSecurityManager, is intended to be a highly scalable SecurityManager implementation that caches the results of security checks for each context, which may be an instance of SecurityContext or AccessControlContext. Stale records are pruned from the cache. This SecurityManager should be tuned for garbage collection for a large young generation heap, since many young objects are created and discarded. It is recommended that this SecurityManager be installed from the command line in order to load as early as possible. Apart from Permission objects and java.security.Policy.getPolicy() class lock (Bug ID: 7093090 fixed in jdk8(b15), this SecurityManager is non blocking, including the cache it keeps to prevent repeat security checks. Note: this security manager is not compatible with the jvm option -Djava.security.manager=

Since:

3.0.0

Author:

Peter Firmstone

See Also:

Security, SecurityContext, AccessControlContext

Field Summary

Fields inherited from class java.lang.SecurityManager

inCheck

Constructor Summary

Constructors

Constructor and Description
CombinerSecurityManager()

Method Summary

Modifier and Type	Method and Description
void	checkPermission(Permission perm) Throws a SecurityException if the requested access, specified by the given permission, is not permitted based on the security policy currently in effect.
void	checkPermission(Permission perm, Object context) Throws a SecurityException if the requested access, specified by the given permission and context, is not permitted based on the security policy currently in effect.
protected boolean	checkPermission(ProtectionDomain pd, Permission p) Enables customisation of permission check.
void	clearCache() This method is intended to be called only by a Policy.
Object	getSecurityContext()

Methods inherited from class java.lang.SecurityManager

checkAccept, checkAccess, checkAccess, checkAwtEventQueueAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkExit, checkLink, checkListen, checkMemberAccess, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkSystemClipboardAccess, checkTopLevelWindow, checkWrite, checkWrite, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getThreadGroup, inClass, inClassLoader

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CombinerSecurityManager

public CombinerSecurityManager()

Method Detail

getSecurityContext

public Object getSecurityContext()

Overrides:

getSecurityContext in class SecurityManager

checkPermission

public void checkPermission(Permission perm)
                     throws SecurityException

Throws a SecurityException if the requested access, specified by the given permission, is not permitted based on the security policy currently in effect. This method obtains the current SecurityContext and checks the give permission in that context.

Overrides:

checkPermission in class SecurityManager

Parameters:

perm -

Throws:

SecurityException

See Also:

SecurityContext, Security

checkPermission

public final void checkPermission(Permission perm,
                                  Object context)
                           throws SecurityException

Throws a SecurityException if the requested access, specified by the given permission and context, is not permitted based on the security policy currently in effect. It is absolutely essential that the SecurityContext override equals and hashCode.

Overrides:

checkPermission in class SecurityManager

Parameters:

perm - permission to be checked

context - - AccessControlContext or SecurityContext

Throws:

SecurityException - if context doesn't have permission.

clearCache

public void clearCache()
                throws SecurityException

This method is intended to be called only by a Policy. To clear the cache of checked Permissions requires the following Permission: java.security.SecurityPermission("getPolicy");

Specified by:

clearCache in interface CachingSecurityManager

Throws:

SecurityException - if caller isn't permitted to clear cache.

checkPermission

protected boolean checkPermission(ProtectionDomain pd,
                                  Permission p)

Enables customisation of permission check.

Parameters:

pd - protection domain to be checked.

p - permission to be checked.

Returns:

true if ProtectionDomain pd has Permission p.