|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.rmi.Security
Provides methods for executing actions with contextual client security constraints, and for verifying trust in downloaded stubs and proxies. This class cannot be instantiated.
Method Summary | |
static java.lang.Object |
doConstrained(java.security.PrivilegedAction action,
SecurityConstraints constraints)
Sets the specified contextual client constraints, executes the specified action's run method, and returns the object returned by the
action's run method. |
static java.lang.Object |
doConstrained(java.security.PrivilegedExceptionAction action,
SecurityConstraints constraints)
Sets the specified contextual client constraints, executes the specified action's run method, and returns the object returned by the
action's run method. |
static SecurityConstraints |
getContextConstraints()
Returns the combined contextual client constraints for all active doConstrained calls for this thread, as a
non-null instance. |
static void |
verifyProxyTrust(java.lang.Object proxy,
SecurityConstraints constraints)
Verifies trust in a proxy object. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
public static java.lang.Object doConstrained(java.security.PrivilegedAction action, SecurityConstraints constraints)
run
method, and returns the object returned by the
action's run
method. If the action's run
method throws an unchecked exception, that exception is thrown by this
method. The constraints value can be null
, which is
treated the same as a constraints instance containing no constraints.
Constraints set in this way are added to any existing contextual
constraints for this thread for the duration of the call and are
applied to all secure RMI calls made by this thread during
execution of the action's run
method. For example,
contextual constraints are applied to calls made "under the covers" to
secure activation system daemons when activating secure activatable
objects. As such, care should be taken to ensure that contextual
constraints are neither too strong nor too weak.
Note that contextual constraints are not automatically inherited by child threads.
action
- the action to be executedconstraints
- the contextual client constraints, or
null
run
methodNullPointerException
- if the action is null
public static java.lang.Object doConstrained(java.security.PrivilegedExceptionAction action, SecurityConstraints constraints) throws java.security.PrivilegedActionException
run
method, and returns the object returned by the
action's run
method. If the action's run
method throws an unchecked exception, that exception is thrown by this
method. The constraints value can be null
, which is
treated the same as a constraints instance containing no constraints.
Constraints set in this way are added to any existing contextual
constraints for this thread for the duration of the call and are
applied to all secure RMI calls made by this thread during
execution of the action's run
method. For example,
contextual constraints are applied to calls made "under the covers" to
secure activation system daemons when activating secure activatable
objects. As such, care should be taken to ensure that contextual
constraints are neither too strong nor too weak.
Note that contextual constraints are not automatically inherited by child threads.
action
- the action to be executedconstraints
- the contextual client constraints, or
null
run
methodjava.security.PrivilegedActionException
- if the action's run
method throws a checked exceptionNullPointerException
- if the action is null
public static SecurityConstraints getContextConstraints()
doConstrained
calls for this thread, as a
non-null
instance.doConstrained
calls for this thread, as a
non-null
instancepublic static void verifyProxyTrust(java.lang.Object proxy, SecurityConstraints constraints) throws java.rmi.RemoteException
RemoteSecurity
interface.
This method first checks to see if the proxy implements
RemoteSecurity
. If it does not,
a SecurityException
is thrown.
A proxy is a secure RMI stub if
is
Proxy.isProxyClass
(proxy.getClass())true
, and if its
InvocationHandler
instance
is an instance of a class trusted by the secure RMI implementation. If
the proxy is a secure RMI stub for a server exported as a
SecureUnicastRemoteObject
, the proxy is trusted. In this case, no
remote communication takes place, and the constraints
parameter is not used.
If the proxy is a secure RMI stub for a server exported as a
SecureActivatable
the
following checks are made:
InvocationHandler
instance for the
ActivatorTrust.getActivatorVerifier
method,
activating the server as necessary. This call must return a
TrustVerifierData
instance.
The constraints
parameter passed to
verifyProxyTrust
is used as the client constraints for the
call. If the client wants the server to be authenticated, the client is
responsible for specifying
ServerAuthentication.YES
and any appropriate
ServerMinPrincipal
instance as requirements.
TrustVerifierData
instance is used to verify that the
correct code for the verifier itself is being used, by calling the
instance's checkVerifier
method.
ActivatorTrust.Verifier
, a call to the
verifyActivatorTrust
method of the verifier, passing the activation
identifier as a parameter, must return normally. If the verifier is any
other type of object, a call to the equals
method of the
verifier, passing the activation identifier as a parameter, must return
true
.
SecurityException
is
thrown. If the remote call to getActivatorVerifier
or the
call to the verifyActivatorTrust
or equals
method of the verifier throws an exception, that exception is thrown
to the caller.
If the proxy is not a secure RMI stub, but the proxy's class has a non-static non-public declared method with signature
ProxyTrust
getSecureProxy();
the following checks are made:
getSecureProxy
method is called, and the
returned ProxyTrust
instance must itself be trusted; that
is, a recursive call to verifyProxyTrust
, passing that
ProxyTrust
instance and the same constraints
parameter, must return normally.
ProxyTrust
instance's
getProxyVerifier
method, passing the name of the proxy's class as a parameter, must
return a TrustVerifierData
instance. The
constraints
parameter passed to
verifyProxyTrust
is used as the client constraints for the
call. If the client wants the server to be authenticated, the client is
responsible for specifying ServerAuthentication.YES
and an
appropriate ServerMinPrincipal
instance as requirements.
TrustVerifierData
instance is used to verify that the
correct code for the verifier itself is being used, by calling the
instance's checkVerifier
method.
ProxyTrust.Verifier
,
a call to the
verifyProxyTrust
method of the verifier, passing the proxy as a
parameter, must return normally. Otherwise, the verifier must be an
instance of RemoteSecurity
, and a call to the
equalsIgnoreConstraints
method of the verifier, passing the proxy as
a parameter, must return true
.
SecurityException
is
thrown. If the initial calls to getSecureProxy
or
verifyProxyTrust
, the remote call to
getProxyVerifier
, or the calls to the
verifyProxyTrust
or equalsIgnoreConstraints
method of the verifier throws an exception, that exception is thrown to
the caller.
If the proxy is not a secure RMI stub, and does not have the
appropriate getSecureProxy
method, then an ordered list of
TrustVerifier
instances is obtained.
The trustedProxy
method
of each one is called (in order) with the proxy and the
constraints
parameter passed to
verifyProxyTrust
. If any method returns true
,
verifyProxyTrust
returns normally. If any method throws an
exception, that exception is thrown to the caller. If none of the
methods returns true
, a SecurityException
is
thrown.
proxy
- the proxy object in which to verify trustconstraints
- constraints to use for calls to the remote server,
or null
java.lang.SecurityException
- if the proxy does not implement
RemoteSecurity
or cannot be trustedjava.rmi.RemoteException
- if a remote call throws
RemoteException
NullPointerException
- if the proxy object is null
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |