[Q] Security Manager extensibility

Tabrez Syed (tabrez@cs.utexas.edu)
Tue, 8 Jul 1997 13:38:35 -0500 (CDT)

Date: Tue, 8 Jul 1997 13:38:35 -0500 (CDT)
From: Tabrez Syed <tabrez@cs.utexas.edu>
To: java-security@web2.javasoft.com
Subject: [Q] Security Manager extensibility

Hello,

I've been looking through the functioning of the Security Manager and Java
security in general and have the following observations. I hope someone can
correct me if I am wrong, or shed some light on the unclear portions.

Currently all Security Sensitive calls are checked in the Security Manager.
The Security Manager has methods like checkRead() etc which verify if that
function call can proceed.

My concern is: Supposing I were to write a program to control a resource that
is very specific to my situation. I would like to use the Security Manager to
control access to the resource. That is: in my program I would like to do
something like

SecurityManager SM = System.getSecurityManager();
try{
SM.checkfoo();
}
catch (SecurityException se)
{}

My problem is that checkfoo() is not part of the SecurityManager. I would have
to subclass the SecurityManager and provide ,say TabrezSecurityManager which
would implement checkfoo(), to my customers. And say if my competitor had a
competing program that needed to call checkbar() in the SecurityManager, he is
unlikely to distribute a SecurityManger which implements both checkfoo() and
checkbar(). As a result there are now two different SecurityManagers; one that
can support my program and one that can support my competitors program.

The only thing that makes sense to me is that if say the JDK specs evolve to
support the resource in the original SecurityManager itself. This however is
unlikely, especially if my resource is very specific and unlikely to be used
by more than a few people.

It is quite possible that my understanding is flawed and there might be a way
to extend the security manager. As of now I can only protect the system
libraries with the SecurityManager. I dont know much about specifics behind
browsers, but I do recall reading that system applets (ones that have system
privileges) in Netscape 3.x had to call SecurityManager.setScopeManager() and
SecurityManager.unsetScopePermission() to enable and disable their powers. I
doubt Microsoft would be very keen on supporting the same convention in
Internet Explorer.

I welcome ANY comments or suggestions you may have.

Thank you in Advance

Tabrez

________________________________________________________________
Anything worth doing is worth overdoing.
________________________________________________________________
Tabrez Syed
Dept. of Computer Sciences UPE Events Chair
University of Texas at Austin
URL: http://www.cs.utexas.edu/users/tabrez