Class sun.server.http.ServletSecurity 
All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class sun.server.http.ServletSecurity 

java.lang.Object
   |
   +----java.lang.SecurityManager
           |
           +----sun.server.http.ServerSecurity
                   |
                   +----sun.server.http.ServletSecurity
public class ServletSecurity
extends ServerSecurity
This class defines and implements a servlet security policy for the http server. It extends ServerSecurity, which itself extends java.lang.SecurityManager. The server sandbox protects access to these Jeeves resources:
  1. HTTP request objects
  2. HTTP response objects
  3. Files served by Jeeves
  4. Jeeves' own configuration files
  5. ACL entries
  6. Threads controlled by other servlets
  7. Capabilities context of other servlets
  8. Networking APIs

Constructor Index

o ServletSecurity()
Construct and initialize.

Method Index

o checkAccept(String, int)
For now servlets can't accept connections on any port.
o checkAccess(Thread)
Servlets are not allowed to manipulate threads outside servlet thread groups.
o checkAccess(ThreadGroup)
Servlets are not allowed to manipulate thread groups outside servlet thread groups.
o checkACLaccess(Principal, Acl, String)
Check if a principal can get, set or delete the ACL for an object.
o checkConnect(String, int)
Check if a servlet can connect to the given host:port.
o checkConnect(String, int, Object)
Checks to see if the servlet and the indicated execution context are both allowed to connect to the indicated host and port.
o checkConnect(String, String)
Check if a servlet from a host can connect to another host.
o checkCreateClassLoader()
Servlets are not allowed to create class loaders, or even execute any of ClassLoader's methods.
o checkExec(String)
Servlets are not allowed to fork processes.
o checkExit(int)
Servlets are not allowed to exit the VM.
o checkLink(String)
Servlets are not allowed to link dynamic libraries.
o checkListen(int)
For now servlets can't listen on any port.
o checkPackageAccess(String)
Check if a servlet can access a package.
o checkPackageDefinition(String)
Check if a servlet can define classes in a package.
o checkPropertiesAccess()
Servlets are not allowed to access the entire system properties list, only properties explicitly labeled as accessible to servlets.
o checkPropertyAccess(String)
Servlets can access the system property named by key only if its twin key.servlet property is set to true.
o checkRead(FileDescriptor)
Servlets are not allowed to open file descriptors unless it is done through a socket, in which case other access restrictions still apply.
o checkRead(String)
Check if an servlet can read a particular file.
o checkRead(String, Object)
Checks to see if the current context or the indicated context are both allowed to read the given file name.
o checkRead(String, URL)
o checkSetFactory()
Check if a servlet can set a networking-related object factory.
o checkWrite(FileDescriptor)
Servlets are not allowed to open file descriptors unless it is done through a socket, in which case other access restrictions still apply.
o checkWrite(String)
Check if a servlet can write a particular file.
o getSecurityContext()
The only variable that currently affects whether a servlet can perform certain operations is the host it came from.
o reset()
Reset from Properties

Constructors

o ServletSecurity 
  public ServletSecurity()
Construct and initialize.

Methods

o reset 
  public void reset()
Reset from Properties
o getSecurityContext 
  public Object getSecurityContext()
The only variable that currently affects whether a servlet can perform certain operations is the host it came from.
Overrides:
getSecurityContext in class SecurityManager
o checkCreateClassLoader 
  public synchronized void checkCreateClassLoader()
Servlets are not allowed to create class loaders, or even execute any of ClassLoader's methods.
Overrides:
checkCreateClassLoader in class SecurityManager
o checkAccess 
  public synchronized void checkAccess(Thread t)
Servlets are not allowed to manipulate threads outside servlet thread groups.
Overrides:
checkAccess in class SecurityManager
o checkAccess 
  public synchronized void checkAccess(ThreadGroup g)
Servlets are not allowed to manipulate thread groups outside servlet thread groups.
Overrides:
checkAccess in class SecurityManager
o checkExit 
  public synchronized void checkExit(int status)
Servlets are not allowed to exit the VM.
Overrides:
checkExit in class SecurityManager
o checkExec 
  public synchronized void checkExec(String cmd)
Servlets are not allowed to fork processes.
Overrides:
checkExec in class SecurityManager
o checkLink 
  public synchronized void checkLink(String lib)
Servlets are not allowed to link dynamic libraries.
Overrides:
checkLink in class SecurityManager
o checkPropertiesAccess 
  public synchronized void checkPropertiesAccess()
Servlets are not allowed to access the entire system properties list, only properties explicitly labeled as accessible to servlets.
Overrides:
checkPropertiesAccess in class SecurityManager
o checkPropertyAccess 
  public synchronized void checkPropertyAccess(String key)
Servlets can access the system property named by key only if its twin key.servlet property is set to true. For example, the property java.home can be read by servlets only if java.home.servlet is true.
Overrides:
checkPropertyAccess in class SecurityManager
o checkRead 
  public synchronized void checkRead(String file)
Check if an servlet can read a particular file.
Overrides:
checkRead in class SecurityManager
o checkRead 
  public synchronized void checkRead(String file,
                                     URL base)
o checkRead 
  public void checkRead(String file,
                        Object context)
Checks to see if the current context or the indicated context are both allowed to read the given file name.
Parameters:
file - the system dependent file name
context - the alternate execution context which must also be checked
Throws: SecurityException
If the file is not found.
Overrides:
checkRead in class SecurityManager
o checkWrite 
  public synchronized void checkWrite(String file)
Check if a servlet can write a particular file.
Overrides:
checkWrite in class SecurityManager
o checkRead 
  public synchronized void checkRead(FileDescriptor fd)
Servlets are not allowed to open file descriptors unless it is done through a socket, in which case other access restrictions still apply.
Overrides:
checkRead in class SecurityManager
o checkWrite 
  public synchronized void checkWrite(FileDescriptor fd)
Servlets are not allowed to open file descriptors unless it is done through a socket, in which case other access restrictions still apply.
Overrides:
checkWrite in class SecurityManager
o checkListen 
  public synchronized void checkListen(int port)
For now servlets can't listen on any port.
Overrides:
checkListen in class SecurityManager
o checkAccept 
  public synchronized void checkAccept(String host,
                                       int port)
For now servlets can't accept connections on any port.
Overrides:
checkAccept in class SecurityManager
o checkConnect 
  public synchronized void checkConnect(String host,
                                        int port)
Check if a servlet can connect to the given host:port.
Overrides:
checkConnect in class SecurityManager
o checkConnect 
  public void checkConnect(String host,
                           int port,
                           Object context)
Checks to see if the servlet and the indicated execution context are both allowed to connect to the indicated host and port.
Overrides:
checkConnect in class SecurityManager
o checkConnect 
  public synchronized void checkConnect(String fromHost,
                                        String toHost)
Check if a servlet from a host can connect to another host. This usually means that you need to determine whether the hosts are inside or outside the firewall. For now servlets can only access the host they came from.
o checkPackageAccess 
  public synchronized void checkPackageAccess(String pkg)
Check if a servlet can access a package.
Overrides:
checkPackageAccess in class SecurityManager
o checkPackageDefinition 
  public synchronized void checkPackageDefinition(String pkg)
Check if a servlet can define classes in a package.
Overrides:
checkPackageDefinition in class SecurityManager
o checkSetFactory 
  public synchronized void checkSetFactory()
Check if a servlet can set a networking-related object factory.
Overrides:
checkSetFactory in class SecurityManager
o checkACLaccess 
  public synchronized void checkACLaccess(Principal principal,
                                          Acl acl,
                                          String access)
Check if a principal can get, set or delete the ACL for an object.
Overrides:
checkACLaccess in class ServerSecurity 
All Packages  Class Hierarchy  This Package  Previous  Next  Index