Book Home Java Security Search this book

5.6. Guarded Objects

The notion of permissions and the access controller can be encapsulated into a single object: a guarded object, which is implemented by the GuardedObject class (java.security.GuardedObject). This class allows you to embed another object within it in such a way that all access to the object will first have to go through a guard (which, typically, is the access controller).

There are two methods in the GuardedObject class:

public GuardedObject(Object o, Guard g) figure

Create a guarded object. The given object is embedded within the guarded object; access to the embedded object will not be granted unless the guard allows it.

public Object getObject() figure

Return the embedded object. The checkGuard() method of the guard is first called; if the guard prohibits access to the embedded object, an AccessControlException will be thrown. Otherwise, the embedded object is returned.

The guard can be any class that implements the Guard interface (java.security.Guard). This interface has a single method:

public void checkGuard(Object o) figure

See if access to the given object should be granted. If access is not granted, this method should throw an AccessControlException; otherwise it should silently return.

Although you can write your own guards, the Permission class already implements the guard interface. Hence, any permission can be used to guard an object as follows:

Class Definition

public class GuardTest {
	public static void main(String args[]) {
		GuardedObject go = new GuardedObject(new XYZPayrollRequest(),
						 new XYZPayrollPermission("sdo", "view"));
		try {
			Object o = go.getObject();
			System.out.println("Got access to object");
		} catch (AccessControlException ace) {
			System.out.println("Can't access object");
		}
	}
}

When the getObject() method is called, it in turn calls the checkGuard() method of the XYZPayrollPermission class, which (as it inherits from the Permission class) will call the checkPermission() method of the access controller, passing the XYZ payroll request object as an argument.



Library Navigation Links

Copyright © 2001 O'Reilly & Associates. All rights reserved.