Skip to main content

Doubt regarding AccessController.doPrivileged() usage -Need Help

No replies
Paul_Erric
Offline
Joined: 2011-03-15
Points: 0

Hi All,

I am trying understand the basics of java security and AccessController.doPrivileged() usage
i started with a sample program

[prettifyclass="jive-code jive-java"]<font color="navy"><b>import</b></font> java.security.AccessController;<br /><font color="navy"><b>import</b></font> java.security.PrivilegedAction;<br /><font color="navy"><b>public</b></font> <font color="navy"><b>class</b></font> AccessSystemProperty <font color="navy">{</font><br />   <font color="navy"><b>public</b></font> <font color="navy"><b>static</b></font> <font color="navy"><b>void</b></font> main(String[] args) <font color="navy">{</font><br />   System.out.println(System.getSecurityManager());<br />    AccessController.doPrivileged(<br /> <font color="navy"><b>new</b></font> PrivilegedAction<Boolean>()<font color="navy">{</font><br />    <font color="navy"><b>public</b></font> Boolean run()<font color="navy">{</font><br />    System.out.println(System.getProperty(<font color="red">"java.home"</font>));<br />    <font color="navy"><b>return</b></font> Boolean.TRUE;<br />    <font color="navy">}</font><br />     <font color="navy">}</font><br />    );<br />   <font color="navy">}</font><br /><font color="navy">}</font><br />[/prettify]

if i try to run above code using default security manage i am getting AccessControlException

My stacktrace is

[prettifyclass="jive-code jive-java"]C:\>java -Djava.security.manager AccessSystemProperty<br />java.lang.SecurityManager@923e30<br />Exception in thread <font color="red">"main"</font> java.security.AccessControlException: access denied (<br />java.util.PropertyPermission java.home read)<br />        at java.security.AccessControlContext.checkPermission(Unknown Source)<br />        at java.security.AccessController.checkPermission(Unknown Source)<br />        at java.lang.SecurityManager.checkPermission(Unknown Source)<br />        at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)<br />        at java.lang.System.getProperty(Unknown Source)<br />        at AccessSystemProperty$1.run(AccessSystemProperty.java:9)<br />        at AccessSystemProperty$1.run(AccessSystemProperty.java:8)<br />        at java.security.AccessController.doPrivileged(Native Method)<br />        at AccessSystemProperty.main(AccessSystemProperty.java:6)<br />[/prettify]

from one other forum , i saw one comment
"When you use AccessController.doPrivileged to invoke those operations, the operation is executed with all the rights(permissions) of your protection domain. Hence if your code has enough rights only then it could execute those operations."

http://stackoverflow.com/questions/2233761/when-should-accesscontroller-doprivileged-be-used

What i understood from above is ,if we try to access system property from AccessController.doPrivileged() it should work ,Please correct me .. i think i am wrong ..

Kindly help me to get a clear picture of

1)when we need to use AccessController.doPrivileged() ?.(if SecurityManager is present we use AccessController.doPrivileged why this is failing in above example )
2) what is the real advantage we are getting by using AccessController and PrivilegedAction?.
3) Do we need custom policy file for above example to work ?

Thanks,
Paul