java.lang.Object | +--java.lang.SecurityManager
ClassLoaderSecurityExceptioncheckTopLevelWindow(Object)System#getSecurityManager()System#setSecurityManager(SecurityManager)AccessControllerAccessControlContextAccessControlExceptionPermissionBasicPermissionjava.io.FilePermission
java.net.SocketPermission
java.util.PropertyPermission
RuntimePermissionjava.awt.AWTPermission
PolicySecurityPermissionProtectionDomainboolean | inCheckTells whether or not the SecurityManager is currently performing a security check. |
SecurityManager()Construct a new security manager. |
void | checkAccept(java.lang.String host, int port)Check if the current thread is allowed to accept a connection from a particular host on a particular port. |
void | checkAccess(java.lang.Thread t)Check if the current thread is allowed to modify another Thread. |
void | checkAccess(java.lang.ThreadGroup g)Check if the current thread is allowed to modify a ThreadGroup. |
void | checkAwtEventQueueAccess()Check if the current thread is allowed to use the AWT event queue. |
void | checkConnect(java.lang.String host, int port)Check if the current thread is allowed to connect to a given host on a given port. |
void | checkConnect(java.lang.String host, int port, java.lang.Object securityContext)Check if the current thread is allowed to connect to a given host on a given port, using the given security context. |
void | checkCreateClassLoader()Check if the current thread is allowed to create a ClassLoader. |
void | checkDelete(java.lang.String filename)Check if the current thread is allowed to delete the given file. |
void | checkExec(java.lang.String program)Check if the current thread is allowed to execute the given program. |
void | checkExit(int status)Check if the current thread is allowed to exit the JVM with the given status. |
void | checkLink(java.lang.String filename)Check if the current thread is allowed to link in the given native library. |
void | checkListen(int port)Check if the current thread is allowed to listen to a specific port for data. |
void | checkMemberAccess(java.lang.Class c, int memberType)Check if the current thread is allowed to get certain types of Methods, Fields and Constructors from a Class object. |
void | checkMulticast(java.net.InetAddress addr)Check if the current thread is allowed to read and write multicast to a particular address. |
void | checkMulticast(java.net.InetAddress addr, byte ttl)Check if the current thread is allowed to read and write multicast to a particular address with a particular ttl (time-to-live) value. |
void | checkPackageAccess(java.lang.String packageName)Check if the current thread is allowed to access the specified package at all. |
void | checkPackageDefinition(java.lang.String packageName)Check if the current thread is allowed to define a class into the specified package. |
void | checkPermission(java.security.Permission perm) Check if the current thread is allowed to perform an operation that
requires the specified |
void | checkPermission(java.security.Permission perm, java.lang.Object context) Check if the current thread is allowed to perform an operation that
requires the specified |
void | checkPrintJobAccess()Check if the current thread is allowed to create a print job. |
void | checkPropertiesAccess()Check if the current thread is allowed to read or write all the system properties at once. |
void | checkPropertyAccess(java.lang.String key)Check if the current thread is allowed to read a particular system property (writes are checked directly via checkPermission). |
void | checkRead(java.io.FileDescriptor desc)Check if the current thread is allowed to read the given file using the FileDescriptor. |
void | checkRead(java.lang.String filename)Check if the current thread is allowed to read the given file. |
void | checkRead(java.lang.String filename, java.lang.Object context)Check if the current thread is allowed to read the given file. |
void | checkSecurityAccess(java.lang.String action)Test whether a particular security action may be taken. |
void | checkSetFactory()Check if the current thread is allowed to set the current socket factory. |
void | checkSystemClipboardAccess()Check if the current thread is allowed to use the system clipboard. |
boolean | checkTopLevelWindow(java.lang.Object window)Check if the current thread is allowed to create a top-level window. |
void | checkWrite(java.io.FileDescriptor desc)Check if the current thread is allowed to write the given file using the FileDescriptor. |
void | checkWrite(java.lang.String filename)Check if the current thread is allowed to write the given file. |
int | classDepth(java.lang.String className)Get the depth of a particular class on the execution stack. |
int | classLoaderDepth()Get the depth on the execution stack of the most recent non-system class. |
java.lang.ClassLoader | currentClassLoader()Find the ClassLoader of the first non-system class on the execution stack. |
java.lang.Class | currentLoadedClass()Find the first non-system class on the execution stack. |
java.lang.Class[] | getClassContext()Get a list of all the classes currently executing methods on the Java stack. |
boolean | getInCheck()Tells whether or not the SecurityManager is currently performing a security check. |
java.lang.Object | getSecurityContext()Get an implementation-dependent Object that contains enough information about the current environment to be able to perform standard security checks later. |
java.lang.ThreadGroup | getThreadGroup()Get the ThreadGroup that a new Thread should belong to by default. |
boolean | inClass(java.lang.String className)Tell whether the specified class is on the execution stack. |
boolean | inClassLoader()Tell whether there is a class loaded with an explicit ClassLoader on the stack. |
protected boolean inCheckpublic SecurityManager()RuntimePermission("createSecurityManager").
SecurityException - if permission is deniedpublic void checkAccept(java.lang.String host, int port)SocketPermission(host + ":" + port, "accept"). If you
override this, call super.checkAccept rather than throwing
an exception.
host - the host which wishes to connectport - the port the connection will be onSecurityException - if permission is deniedNullPointerException - if host is nullpublic void checkAccess(java.lang.Thread t)RuntimePermission("modifyThread") on system threads (ie.
threads in ThreadGroup with a null parent), and returns silently on
other threads.
If you override this, you must do two things. First, call
super.checkAccess(t), to make sure you are not relaxing
requirements. Second, if the calling thread has
RuntimePermission("modifyThread"), return silently, so that
core classes (the Classpath library!) can modify any thread.
t - the other Thread to checkSecurityException - if permission is deniedNullPointerException - if t is nullThread#stop()Thread#suspend()Thread#resume()Thread#setPriority(int)Thread#setName(String)Thread#setDaemon(boolean)public void checkAccess(java.lang.ThreadGroup g)RuntimePermission("modifyThread") on the system group (ie.
the one with a null parent), and returns silently on other groups.
If you override this, you must do two things. First, call
super.checkAccess(t), to make sure you are not relaxing
requirements. Second, if the calling thread has
RuntimePermission("modifyThreadGroup"), return silently,
so that core classes (the Classpath library!) can modify any thread.
g - the ThreadGroup to checkSecurityException - if permission is deniedNullPointerException - if g is nullThread#Thread()ThreadGroup#ThreadGroup()ThreadGroup#stop()ThreadGroup#suspend()ThreadGroup#resume()ThreadGroup#interrupt()ThreadGroup#setDaemon(boolean)ThreadGroup#setMaxPriority(int)public void checkAwtEventQueueAccess()AWTPermission("accessEventQueue").
you override this, call super.checkAwtEventQueueAccess
rather than throwing an exception.
SecurityException - if permission is deniedpublic void checkConnect(java.lang.String host, int port)SocketPermission(host, "resolve"). Otherwise, the default
implementation checks
SocketPermission(host + ":" + port, "connect"). If you
override this, call super.checkConnect rather than throwing
an exception.
host - the host to connect toport - the port to connect onSecurityException - if permission is deniedNullPointerException - if host is nullpublic void checkConnect(java.lang.String host, int port, java.lang.Object securityContext)getSecurityContext. A port
number of -1 indicates the caller is attempting to determine an IP
address, so the default implementation checks
AccessControlContext.checkPermission(new SocketPermission(host,
"resolve")). Otherwise, the default implementation checks
AccessControlContext.checkPermission(new SocketPermission(host
+ ":" + port, "connect")). If you override this, call
super.checkConnect rather than throwing an exception.
host - the host to connect toport - the port to connect onsecurityContext - the context to determine access forSecurityException - if permission is denied, or if context is
not an AccessControlContextNullPointerException - if host is nullpublic void checkCreateClassLoader()RuntimePermission("createClassLoader"). If you override
this, you should call super.checkCreateClassLoader() rather
than throwing an exception.
SecurityException - if permission is deniedpublic void checkDelete(java.lang.String filename)FilePermission(filename, "delete"). If you override this,
call super.checkDelete rather than throwing an exception.
filename - the full name of the file to deleteSecurityException - if permission is deniedNullPointerException - if filename is nullpublic void checkExec(java.lang.String program)FilePermission(program, "execute"), otherwise it checks
FilePermission("<<ALL FILES>>", "execute"). If
you override this, call super.checkExec rather than
throwing an exception.
program - the name of the program to execSecurityException - if permission is deniedNullPointerException - if program is nullRuntime#exec(String[], String[], File)
public void checkExit(int status)RuntimePermission("exitVM"). If you override this, call
super.checkExit rather than throwing an exception.
status - the status to exit withSecurityException - if permission is deniedRuntime#exit(int)
Runtime#halt(int)
public void checkLink(java.lang.String filename)RuntimePermission("loadLibrary." + filename). If you
override this, call super.checkLink rather than throwing
an exception.
filename - the full name of the library to loadSecurityException - if permission is deniedNullPointerException - if filename is nullRuntime#load(String)
public void checkListen(int port)SocketPermission("localhost:" + (port == 0 ? "1024-" : "" + port),
"listen"). If you override this, call
super.checkListen rather than throwing an exception.
port - the port to listen onSecurityException - if permission is deniedpublic void checkMemberAccess(java.lang.Class c, int memberType)RuntimePermission("accessDeclaredMembers"). If you override
this, do not call super.checkMemberAccess, as this would
mess up the stack depth check that determines the ClassLoader requesting
the access.
c - the Class to checkmemberType - either DECLARED or PUBLICSecurityException - if permission is denied, including when
memberType is not DECLARED or PUBLICNullPointerException - if c is nullpublic void checkMulticast(java.net.InetAddress addr)SocketPermission(addr.getHostAddress(), "accept,connect").
If you override this, call super.checkMulticast rather than
throwing an exception.
addr - the address to multicast toSecurityException - if permission is deniedNullPointerException - if host is nullpublic void checkMulticast(java.net.InetAddress addr, byte ttl)SocketPermission(addr.getHostAddress(), "accept,connect").
If you override this, call super.checkMulticast rather than
throwing an exception.
addr - the address to multicast tottl - value in use for multicast sendSecurityException - if permission is deniedNullPointerException - if host is nullpublic void checkPackageAccess(java.lang.String packageName)Security.getProperty("package.access"). Then,
if packageName starts with or equals any restricted package, it checks
RuntimePermission("accessClassInPackage." + packageName).
If you override this, you should call
super.checkPackageAccess before doing anything else.
packageName - the package name to check access toSecurityException - if permission is deniedNullPointerException - if packageName is nullpublic void checkPackageDefinition(java.lang.String packageName)Security.getProperty("package.definition"). Then, if
packageName starts with or equals any restricted package, it checks
RuntimePermission("defineClassInPackage." + packageName).
If you override this, you should call
super.checkPackageDefinition before doing anything else.
packageName - the package name to check access toSecurityException - if permission is deniedNullPointerException - if packageName is nullpublic void checkPermission(java.security.Permission perm)Permission. This defaults to
AccessController.checkPermission.
perm - the Permission requiredSecurityException - if permission is deniedNullPointerException - if perm is nullpublic void checkPermission(java.security.Permission perm, java.lang.Object context)Permission. This is done in a
context previously returned by getSecurityContext(). The
default implementation expects context to be an AccessControlContext,
and it calls AccessControlContext.checkPermission(perm).
perm - the Permission requiredcontext - a security contextSecurityException - if permission is denied, or if context is
not an AccessControlContextNullPointerException - if perm is nullpublic void checkPrintJobAccess()RuntimePermission("queuePrintJob"). If you override
this, call super.checkPrintJobAccess rather than throwing
an exception.
SecurityException - if permission is deniedpublic void checkPropertiesAccess()PropertyPermission("*", "read,write"). If you override
this, call super.checkPropertiesAccess rather than
throwing an exception.
SecurityException - if permission is deniedpublic void checkPropertyAccess(java.lang.String key)PropertyPermission(key, "read"). If
you override this, call super.checkPropertyAccess rather
than throwing an exception.
key - SecurityException - if permission is deniedNullPointerException - if key is nullIllegalArgumentException - if key is ""public void checkRead(java.io.FileDescriptor desc)RuntimePermission("readFileDescriptor"). If you override
this, call super.checkRead rather than throwing an
exception.
desc - the FileDescriptor representing the file to accessSecurityException - if permission is deniedNullPointerException - if desc is nullpublic void checkRead(java.lang.String filename)FilePermission(filename, "read"). If
you override this, call super.checkRead rather than
throwing an exception.
filename - the full name of the file to accessSecurityException - if permission is deniedNullPointerException - if filename is nullpublic void checkRead(java.lang.String filename, java.lang.Object context)getSecurityContext(). The default implementation checks
AccessControlContext.checkPermission(new FilePermission(filename,
"read")). If you override this, call super.checkRead
rather than throwing an exception.
filename - the full name of the file to accesscontext - the context to determine access forSecurityException - if permission is denied, or if context is
not an AccessControlContextNullPointerException - if filename is nullpublic void checkSecurityAccess(java.lang.String action)SecurityPermission(action). If you
override this, call super.checkSecurityAccess rather than
throwing an exception.
action - the desired action to takeSecurityException - if permission is deniedNullPointerException - if action is nullIllegalArgumentException - if action is ""public void checkSetFactory()RuntimePermission("setFactory"). If you override this, call
super.checkSetFactory rather than throwing an exception.
SecurityException - if permission is deniedSocket#setSocketImplFactory(SocketImplFactory)ServerSocket#setSocketFactory(SocketImplFactory)URL#setURLStreamHandlerFactory(URLStreamHandlerFactory)public void checkSystemClipboardAccess()AWTPermission("accessClipboard"). If
you override this, call super.checkSystemClipboardAccess
rather than throwing an exception.
SecurityException - if permission is deniedpublic boolean checkTopLevelWindow(java.lang.Object window)AWTPermission("showWindowWithoutWarningBanner"), and returns
true if no exception was thrown. If you override this, use
return super.checkTopLevelWindow rather than returning
false.
window - the window to createNullPointerException - if window is nullpublic void checkWrite(java.io.FileDescriptor desc)RuntimePermission("writeFileDescriptor"). If you override
this, call super.checkWrite rather than throwing an
exception.
desc - the FileDescriptor representing the file to accessSecurityException - if permission is deniedNullPointerException - if desc is nullpublic void checkWrite(java.lang.String filename)FilePermission(filename, "write"). If you override this,
call super.checkWrite rather than throwing an exception.
filename - the full name of the file to accessSecurityException - if permission is deniedNullPointerException - if filename is nullFileFile#canWrite()File#mkdir()File#renameTo()FileOutputStream#FileOutputStream(String)RandomAccessFile#RandomAccessFile(String)protected int classDepth(java.lang.String className)className - the fully-qualified name to search forprotected int classLoaderDepth()java.security.AllPermission succeeds.protected ClassLoader currentClassLoader()java.security.AllPermission succeeds.protected Class currentLoadedClass()java.security.AllPermission succeeds.protected Class[] getClassContext()public boolean getInCheck()public Object getSecurityContext()Currently the only methods that use this are checkRead() and
checkConnect(). The default implementation returns an
AccessControlContext.
checkConnect(String, int, Object)checkRead(String, Object)AccessControlContextAccessController#getContext()public ThreadGroup getThreadGroup()protected boolean inClass(java.lang.String className)className - the fully-qualified name of the class to findprotected boolean inClassLoader()
SecurityExceptionif the action is forbidden.A typical check is as follows, just before the dangerous operation:
Note that this is thread-safe, by caching the security manager in a local variable rather than risking a NullPointerException if the mangager is changed between the check for null and before the permission check.The special method
checkPermissionis a catchall, and the default implementation callsAccessController.checkPermission. In fact, all the other methods default to calling checkPermission.Sometimes, the security check needs to happen from a different context, such as when called from a worker thread. In such cases, use
getSecurityContextto take a snapshot that can be passed to the worker thread: