RE: java.securty.AccessControlContext

Clark Evans (clark.evans@gartner.com)
Mon, 27 Oct 1997 15:02:11 -0500

Message-Id: <199710272000.AA05923@interlock.gartner.com>
From: Clark Evans <clark.evans@gartner.com>
To: "'Roland.Schemers@Eng.Sun.COM'" <Roland.Schemers@Eng>
Subject: RE: java.securty.AccessControlContext
Date: Mon, 27 Oct 1997 15:02:11 -0500

Thank you once again for your reply.

> AccessControlContext is only useful in certain cases, and you
> have to specifically design your server/application to use
> it correctly (we'll hopefully have some docs that show how to use it
> at some point).

Great! I do not see how it is useful yet. I cannot wait to see
the docs.

You wrote:
> Another way to do what you want is to pass the "search" applet an
> object that you write, which will open up only the files the search
> applet is supposed to be able to accesss.
>
> For example:
>
> public FileInputStream openFileForSearching(String filename) {
>
> if (fileIsOk(filename)) {
> try {
> AccessController.beginPrivileged();
> return new FileInputStream(filename);
> } finally {
> AccessController.endPrivileged();
> }
> }
> }
>

Question:

The openFileForSearching is part of the explorer class, which
has the approprate permissions, it is on the top of the stack:

system.startapp(),explorer.main(),explorer.click(),explorer.startsearcher(),
searcher.run(),explorer.openFileForSearching()

Why is a begin privleged required?

You also wrote earlier:
> If the current object on the top of the stack has permissions, then
> there is no need to do a begin/endPrivileged.

I don't get it.... explorer object has the permissions....

When do you need a begin/endPrivileged? Is there an example
for this as well. It would really help to motivate the necessity of
the function.

Thanks again!

Clark