Class SecurityUtil

java.lang.Object
org.apache.catalina.security.SecurityUtil

public final class SecurityUtil extends Object
This utility class associates a Subject to the current AccessControlContext. When a SecurityManager is used, the container will always associate the called thread with an AccessControlContext containing only the principal of the requested Servlet/Filter. This class uses reflection to invoke the methods.
  • Constructor Details

    • SecurityUtil

      public SecurityUtil()
  • Method Details

    • doAsPrivilege

      public static void doAsPrivilege(String methodName, Servlet targetObject) throws Exception
      Perform work as a particular Subject. Here the work will be granted to a null subject.
      Parameters:
      methodName - the method to apply the security restriction
      targetObject - the Servlet on which the method will be called.
      Throws:
      Exception - an execution error occurred
    • doAsPrivilege

      public static void doAsPrivilege(String methodName, Servlet targetObject, Class<?>[] targetType, Object[] targetArguments) throws Exception
      Perform work as a particular Subject. Here the work will be granted to a null subject.
      Parameters:
      methodName - the method to apply the security restriction
      targetObject - the Servlet on which the method will be called.
      targetType - Class array used to instantiate a Method object.
      targetArguments - Object array contains the runtime parameters instance.
      Throws:
      Exception - an execution error occurred
    • doAsPrivilege

      public static void doAsPrivilege(String methodName, Servlet targetObject, Class<?>[] targetParameterTypes, Object[] targetArguments, Principal principal) throws Exception
      Perform work as a particular Subject. Here the work will be granted to a null subject.
      Parameters:
      methodName - the method to apply the security restriction
      targetObject - the Servlet on which the method will be called.
      targetParameterTypes - Class array used to instantiate a Method object.
      targetArguments - Object array contains the runtime parameters instance.
      principal - the Principal to which the security privilege applies
      Throws:
      Exception - an execution error occurred
    • doAsPrivilege

      public static void doAsPrivilege(String methodName, Filter targetObject) throws Exception
      Perform work as a particular Subject. Here the work will be granted to a null subject.
      Parameters:
      methodName - the method to apply the security restriction
      targetObject - the Filter on which the method will be called.
      Throws:
      Exception - an execution error occurred
    • doAsPrivilege

      public static void doAsPrivilege(String methodName, Filter targetObject, Class<?>[] targetType, Object[] targetArguments) throws Exception
      Perform work as a particular Subject. Here the work will be granted to a null subject.
      Parameters:
      methodName - the method to apply the security restriction
      targetObject - the Filter on which the method will be called.
      targetType - Class array used to instantiate a Method object.
      targetArguments - Object array contains the runtime parameters instance.
      Throws:
      Exception - an execution error occurred
    • doAsPrivilege

      public static void doAsPrivilege(String methodName, Filter targetObject, Class<?>[] targetParameterTypes, Object[] targetParameterValues, Principal principal) throws Exception
      Perform work as a particular Subject. Here the work will be granted to a null subject.
      Parameters:
      methodName - the method to apply the security restriction
      targetObject - the Filter on which the method will be called.
      targetParameterTypes - Class array used to instantiate a Method object.
      targetParameterValues - Object array contains the runtime parameters instance.
      principal - the Principal to which the security privilege applies
      Throws:
      Exception - an execution error occurred
    • remove

      public static void remove(Object cachedObject)
      Remove the object from the cache.
      Parameters:
      cachedObject - The object to remove
    • isPackageProtectionEnabled

      public static boolean isPackageProtectionEnabled()
      Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.
      Returns:
      true if package level protection is enabled