java.rmi
Class Security

java.lang.Object
  |
  +--java.rmi.Security

public final class Security
extends java.lang.Object

Provides methods for executing actions with contextual client security constraints, and for verifying trust in downloaded stubs and proxies. This class cannot be instantiated.

Since:
1.4

Method Summary
static java.lang.Object doConstrained(java.security.PrivilegedAction action, SecurityConstraints constraints)
          Sets the specified contextual client constraints, executes the specified action's run method, and returns the object returned by the action's run method.
static java.lang.Object doConstrained(java.security.PrivilegedExceptionAction action, SecurityConstraints constraints)
          Sets the specified contextual client constraints, executes the specified action's run method, and returns the object returned by the action's run method.
static SecurityConstraints getContextConstraints()
          Returns the combined contextual client constraints for all active doConstrained calls for this thread, as a non-null instance.
static void verifyProxyTrust(java.lang.Object proxy, SecurityConstraints constraints)
          Verifies trust in a proxy object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

doConstrained

public static java.lang.Object doConstrained(java.security.PrivilegedAction action,
                                             SecurityConstraints constraints)
Sets the specified contextual client constraints, executes the specified action's run method, and returns the object returned by the action's run method. If the action's run method throws an unchecked exception, that exception is thrown by this method. The constraints value can be null, which is treated the same as a constraints instance containing no constraints.

Constraints set in this way are added to any existing contextual constraints for this thread for the duration of the call and are applied to all secure RMI calls made by this thread during execution of the action's run method. For example, contextual constraints are applied to calls made "under the covers" to secure activation system daemons when activating secure activatable objects. As such, care should be taken to ensure that contextual constraints are neither too strong nor too weak.

Note that contextual constraints are not automatically inherited by child threads.

Parameters:
action - the action to be executed
constraints - the contextual client constraints, or null
Returns:
the object returned by the action's run method
Throws:
NullPointerException - if the action is null

doConstrained

public static java.lang.Object doConstrained(java.security.PrivilegedExceptionAction action,
                                             SecurityConstraints constraints)
                                      throws java.security.PrivilegedActionException
Sets the specified contextual client constraints, executes the specified action's run method, and returns the object returned by the action's run method. If the action's run method throws an unchecked exception, that exception is thrown by this method. The constraints value can be null, which is treated the same as a constraints instance containing no constraints.

Constraints set in this way are added to any existing contextual constraints for this thread for the duration of the call and are applied to all secure RMI calls made by this thread during execution of the action's run method. For example, contextual constraints are applied to calls made "under the covers" to secure activation system daemons when activating secure activatable objects. As such, care should be taken to ensure that contextual constraints are neither too strong nor too weak.

Note that contextual constraints are not automatically inherited by child threads.

Parameters:
action - the action to be executed
constraints - the contextual client constraints, or null
Returns:
the object returned by the action's run method
Throws:
java.security.PrivilegedActionException - if the action's run method throws a checked exception
NullPointerException - if the action is null

getContextConstraints

public static SecurityConstraints getContextConstraints()
Returns the combined contextual client constraints for all active doConstrained calls for this thread, as a non-null instance.
Returns:
the combined contextual client constraints for all active doConstrained calls for this thread, as a non-null instance

verifyProxyTrust

public static void verifyProxyTrust(java.lang.Object proxy,
                                    SecurityConstraints constraints)
                             throws java.rmi.RemoteException
Verifies trust in a proxy object. This method should be called by a client with a downloaded proxy, before the client makes any other use of the proxy, in order to verify basic trust in the proxy to correctly implement the RemoteSecurity interface.

This method first checks to see if the proxy implements RemoteSecurity. If it does not, a SecurityException is thrown.

A proxy is a secure RMI stub if Proxy.isProxyClass(proxy.getClass()) is true, and if its InvocationHandler instance is an instance of a class trusted by the secure RMI implementation. If the proxy is a secure RMI stub for a server exported as a SecureUnicastRemoteObject, the proxy is trusted. In this case, no remote communication takes place, and the constraints parameter is not used.

If the proxy is a secure RMI stub for a server exported as a SecureActivatable the following checks are made:

If these checks do not succeed, SecurityException is thrown. If the remote call to getActivatorVerifier or the call to the verifyActivatorTrust or equals method of the verifier throws an exception, that exception is thrown to the caller.

If the proxy is not a secure RMI stub, but the proxy's class has a non-static non-public declared method with signature

ProxyTrust getSecureProxy();
the following checks are made: If these checks do not succeed, a SecurityException is thrown. If the initial calls to getSecureProxy or verifyProxyTrust, the remote call to getProxyVerifier, or the calls to the verifyProxyTrust or equalsIgnoreConstraints method of the verifier throws an exception, that exception is thrown to the caller.

If the proxy is not a secure RMI stub, and does not have the appropriate getSecureProxy method, then an ordered list of TrustVerifier instances is obtained. The trustedProxy method of each one is called (in order) with the proxy and the constraints parameter passed to verifyProxyTrust. If any method returns true, verifyProxyTrust returns normally. If any method throws an exception, that exception is thrown to the caller. If none of the methods returns true, a SecurityException is thrown.

Parameters:
proxy - the proxy object in which to verify trust
constraints - constraints to use for calls to the remote server, or null
Throws:
java.lang.SecurityException - if the proxy does not implement RemoteSecurity or cannot be trusted
java.rmi.RemoteException - if a remote call throws RemoteException
NullPointerException - if the proxy object is null


Copyright © 2000 Sun Microsystems, Inc. All rights reserved