Message-Id: <199710270642.AA09246@interlock.gartner.com>
From: Clark Evans <clark.evans@gartner.com>
To: "'gong@games.Eng.Sun.COM'" <gong@games.eng.sun.com>
Subject: RE: java.securty.AccessControlContext
Date: Mon, 27 Oct 1997 01:43:57 -0500
Two more question, if you have time.
#1) If I create a AccessControlContext in thread A and
pass this Context to thread B is there a way
for thread A to specify some sort of expiration criteria?
This context should not last "forever". Perhaps an
expiration object is needed (an object can be called
to see if the context is still valid)?
#2) AccessController.beginPrivleged(), endPrivleged()
seem to be handling the same kind of problem
from a different angle. Are these things one and the
same? (Where the System thread is loaning an
AccessControlContext to the Application thread
by using the begin/end privileged?)
Thanks tons for your time!
Clark
My Previous e-mail:
With reference to page:
http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-spec.doc11.html
Say you have two threads of execution A and B.
Thread A is currently running method a() of object ObA.
Thread B is currently running method b() of object ObB.
Resource X requires a permission P to invoke x().
If a() posts an event to ObB (in a different thread)
then ObB uses the security context of thread B
and not the context of thread A. Suppose resource X.x()
is required to do the work. Delemma.
B is doing the work, A has the permissions.
Solution: Create a java.security.AccessControlContext
"acc" and pass it from thread A to thread B ?
Hmmm. In the code for X.x() would have something like this:
{
if( ! java.securty.AccessController.checkPermission( myPermission) )
raise SecurityException;
// rest of code goes here.
}
Assume that this code is part of the JDK or a compiled version
is supplied by a third party. How is ObB.b() going to tell X.x()
that it has thread A's security? The AccessController will only
return thread B's security. Sure ObB has a AccessControlContext
object with A's security, but how does this information make its way
down to X.x()?
Another question, suppose that thread A only wanted to give permission P
to thread B and not Permission N,M,or O. Is this possible?
Thank you for your time! :)
Clark
P.S. I cannot see the FAQ for this:
http://jserv.javasoft.com/hypermail/java-security-archive-1/index.html
(It is a blank page).