Date: Wed, 24 Jun 1998 10:21:24 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: Security Manager in JDK 1.2 environment
To: java-security@java0.javasoft.com, rri0054@ibm.net
JDK 1.2 security is described at
http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
The JDK packages (File, Net, ...) still call SecurityManager, but the
implementation of SecurityManager changed. SecurityManager creates
a new permission object representing the requested action, and calls
the AccessController.
For example, java.lang.SecurityManager.checkRead(String file) basically looks
like
public void checkRead(String file) {
java.security.AccessController.checkPermission(new FilePermission(file,
"read"));
}
The AccessController compares the permissions held by the calling protection
domain with the permission requested. If the permissions that are held
allow the requested permission, it returns quietly. Else, it throws an
AccessControlException.