Module java.base
Package java.security

Class AccessController


  • public final class AccessController
    extends Object
    Checks access to system resources. Supports marking of code as privileged. Makes context snapshots to allow checking from other contexts.
    • Method Detail

      • checkPermission

        public static void checkPermission​(Permission perm)
                                    throws AccessControlException
        Checks whether the running program is allowed to access the resource being guarded by the given Permission argument.
        Parameters:
        perm - the permission to check
        Throws:
        AccessControlException - if access is not allowed. NullPointerException if perm is null
      • getContext

        public static AccessControlContext getContext()
        Answers the access controller context of the current thread, including the inherited ones. It basically retrieves all the protection domains from the calling stack and creates an AccessControlContext with them.
        Returns:
        an AccessControlContext which captures the current state
        See Also:
        AccessControlContext
      • doPrivileged

        public static <T> T doPrivileged​(PrivilegedAction<T> action)
        Performs the privileged action specified by action.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted. In other words, the check stops here. Any unchecked exception generated by this method will propagate up the chain.

        Type Parameters:
        T - the type of value returned by PrivilegedAction.run
        Parameters:
        action - The PrivilegedAction to performed
        Returns:
        the result of the PrivilegedAction
        Throws:
        NullPointerException - if action is null
        See Also:
        doPrivileged(PrivilegedAction)
      • doPrivileged

        public static <T> T doPrivileged​(PrivilegedAction<T> action,
                                         AccessControlContext context)
        Performs the privileged action specified by action.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted iff it is granted by the AccessControlContext context. In other words, no more checking of the current stack is performed. Instead, the passed in context is checked. Any unchecked exception generated by this method will propagate up the chain.

        Type Parameters:
        T - the type of value returned by PrivilegedAction.run
        Parameters:
        action - The PrivilegedAction to performed
        context - The AccessControlContext to check
        Returns:
        the result of the PrivilegedAction
        Throws:
        NullPointerException - if action is null
        See Also:
        doPrivileged(PrivilegedAction)
      • doPrivileged

        public static <T> T doPrivileged​(PrivilegedExceptionAction<T> action)
                                  throws PrivilegedActionException
        Performs the privileged action specified by action.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted. In other words, the check stops here. Any unchecked exception generated by this method will propagate up the chain. However, checked exceptions will be caught an re-thrown as PrivilegedActionExceptions

        Type Parameters:
        T - the type of value returned by PrivilegedExceptionAction.run
        Parameters:
        action - The PrivilegedExceptionAction to performed
        Returns:
        the result of the PrivilegedExceptionAction
        Throws:
        PrivilegedActionException - when a checked exception occurs when performing the action NullPointerException if action is null
        See Also:
        doPrivileged(PrivilegedAction)
      • doPrivileged

        public static <T> T doPrivileged​(PrivilegedExceptionAction<T> action,
                                         AccessControlContext context)
                                  throws PrivilegedActionException
        Performs the privileged action specified by action.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted iff it is granted by the AccessControlContext context. In other words, no more checking of the current stack is performed. Instead, the passed in context is checked. Any unchecked exception generated by this method will propagate up the chain. However, checked exceptions will be caught an re-thrown as PrivilegedActionExceptions

        Type Parameters:
        T - the type of value returned by PrivilegedExceptionAction.run
        Parameters:
        action - The PrivilegedExceptionAction to performed
        context - The AccessControlContext to check
        Returns:
        the result of the PrivilegedExceptionAction
        Throws:
        PrivilegedActionException - when a checked exception occurs when performing the action NullPointerException if action is null
        See Also:
        doPrivileged(PrivilegedAction)
      • doPrivilegedWithCombiner

        public static <T> T doPrivilegedWithCombiner​(PrivilegedAction<T> action)
        Performs the privileged action specified by action, retaining any current DomainCombiner.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted. In other words, the check stops here. Any unchecked exception generated by this method will propagate up the chain.

        Type Parameters:
        T - the type of value returned by PrivilegedAction.run
        Parameters:
        action - The PrivilegedAction to performed
        Returns:
        the result of the PrivilegedAction
        See Also:
        doPrivileged(PrivilegedAction)
      • doPrivilegedWithCombiner

        public static <T> T doPrivilegedWithCombiner​(PrivilegedExceptionAction<T> action)
                                              throws PrivilegedActionException
        Performs the privileged action specified by action, retaining any current DomainCombiner.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted. In other words, the check stops here. Any unchecked exception generated by this method will propagate up the chain. However, checked exceptions will be caught an re-thrown as PrivilegedActionExceptions

        Type Parameters:
        T - the type of value returned by PrivilegedExceptionAction.run
        Parameters:
        action - The PrivilegedExceptionAction to performed
        Returns:
        the result of the PrivilegedExceptionAction
        Throws:
        PrivilegedActionException - when a checked exception occurs when performing the action
        See Also:
        doPrivileged(PrivilegedAction)
      • doPrivileged

        public static <T> T doPrivileged​(PrivilegedAction<T> action,
                                         AccessControlContext context,
                                         Permission... perms)
        Performs the privileged action specified by action.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted iff it is granted by the AccessControlContext context and also granted by one of the permissions arguments. Any unchecked exception generated by this method will propagate up the chain.

        Type Parameters:
        T - the type of value returned by PrivilegedAction.run
        Parameters:
        action - The PrivilegedAction to performed
        context - The AccessControlContext to check
        perms - The Permission arguments to limit the scope of the caller's privileges.
        Returns:
        the result of the PrivilegedAction
        Throws:
        NullPointerException - if action is null
        Since:
        1.8
        See Also:
        doPrivileged(PrivilegedAction), doPrivileged(PrivilegedAction, AccessControlContext)
      • doPrivilegedWithCombiner

        public static <T> T doPrivilegedWithCombiner​(PrivilegedAction<T> action,
                                                     AccessControlContext context,
                                                     Permission... perms)
        Performs the privileged action specified by action, retaining any current DomainCombiner.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted iff it is granted by one of the permissions arguments. Any unchecked exception generated by this method will propagate up the chain.

        Type Parameters:
        T - the type of value returned by PrivilegedAction.run
        Parameters:
        action - The PrivilegedAction to performed
        context - The AccessControlContext to check
        perms - The Permission arguments to limit the scope of the caller's privileges.
        Returns:
        the result of the PrivilegedAction
        Since:
        1.8
        See Also:
        doPrivileged(PrivilegedAction), doPrivileged(PrivilegedAction, AccessControlContext)
      • doPrivileged

        public static <T> T doPrivileged​(PrivilegedExceptionAction<T> action,
                                         AccessControlContext context,
                                         Permission... perms)
                                  throws PrivilegedActionException
        Performs the privileged action specified by action.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted iff it is granted by the AccessControlContext context and also granted by one of the permissions arguments. Any unchecked exception generated by this method will propagate up the chain. However, checked exceptions will be caught an re-thrown as PrivilegedActionExceptions

        Type Parameters:
        T - the type of value returned by PrivilegedExceptionAction.run
        Parameters:
        action - The PrivilegedExceptionAction to performed
        context - The AccessControlContext to check
        perms - The Permission arguments to limit the scope of the caller's privileges.
        Returns:
        the result of the PrivilegedExceptionAction
        Throws:
        PrivilegedActionException - when a checked exception occurs when performing the action NullPointerException if action is null
        Since:
        1.8
        See Also:
        doPrivileged(PrivilegedAction), doPrivileged(PrivilegedAction, AccessControlContext)
      • doPrivilegedWithCombiner

        public static <T> T doPrivilegedWithCombiner​(PrivilegedExceptionAction<T> action,
                                                     AccessControlContext context,
                                                     Permission... perms)
                                              throws PrivilegedActionException
        Performs the privileged action specified by action, retaining any current DomainCombiner.

        When permission checks are made, if the permission has been granted by all frames below and including the one representing the call to this method, then the permission is granted and also granted by one of the permissions arguments. Any unchecked exception generated by this method will propagate up the chain. However, checked exceptions will be caught an re-thrown as PrivilegedActionExceptions

        Type Parameters:
        T - the type of value returned by PrivilegedExceptionAction.run
        Parameters:
        action - The PrivilegedExceptionAction to performed
        context - The AccessControlContext to check
        perms - The Permission arguments to limit the scope of the caller's privileges.
        Returns:
        the result of the PrivilegedExceptionAction
        Throws:
        PrivilegedActionException - when a checked exception occurs when performing the action
        Since:
        1.8
        See Also:
        doPrivileged(PrivilegedAction), doPrivileged(PrivilegedAction, AccessControlContext)