Package org.apache.catalina.security

Class SecurityUtil

  • public final class SecurityUtil
extends java.lang.Object
    This utility class associates a Subject to the current AccessControlContext. When a SecurityManager is used, the container will always associate the called thread with an AccessControlContext containing only the principal of the requested Servlet/Filter. This class uses reflection to invoke the methods.

    • Constructor Summary

      Constructors 
      Constructor Description
      SecurityUtil()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static void doAsPrivilege​(java.lang.String methodName, Filter targetObject)
      Perform work as a particular Subject.
      static void doAsPrivilege​(java.lang.String methodName, Filter targetObject, java.lang.Class<?>[] targetType, java.lang.Object[] targetArguments)
      Perform work as a particular Subject.
      static void doAsPrivilege​(java.lang.String methodName, Filter targetObject, java.lang.Class<?>[] targetParameterTypes, java.lang.Object[] targetParameterValues, java.security.Principal principal)
      Perform work as a particular Subject.
      static void doAsPrivilege​(java.lang.String methodName, Servlet targetObject)
      Perform work as a particular Subject.
      static void doAsPrivilege​(java.lang.String methodName, Servlet targetObject, java.lang.Class<?>[] targetType, java.lang.Object[] targetArguments)
      Perform work as a particular Subject.
      static void doAsPrivilege​(java.lang.String methodName, Servlet targetObject, java.lang.Class<?>[] targetParameterTypes, java.lang.Object[] targetArguments, java.security.Principal principal)
      Perform work as a particular Subject.
      static boolean isPackageProtectionEnabled()
      Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.
      static void remove​(java.lang.Object cachedObject)
      Remove the object from the cache.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SecurityUtil

        public SecurityUtil()

    • Method Detail

      • doAsPrivilege

        public static void doAsPrivilege​(java.lang.String methodName,
                                 Servlet targetObject)
                          throws java.lang.Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Servlet on which the method will be called.
        Throws:
        java.lang.Exception - an execution error occurred

      • doAsPrivilege

        public static void doAsPrivilege​(java.lang.String methodName,
                                 Servlet targetObject,
                                 java.lang.Class<?>[] targetType,
                                 java.lang.Object[] targetArguments)
                          throws java.lang.Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Servlet on which the method will be called.
        targetType - Class array used to instantiate a Method object.
        targetArguments - Object array contains the runtime parameters instance.
        Throws:
        java.lang.Exception - an execution error occurred

      • doAsPrivilege

        public static void doAsPrivilege​(java.lang.String methodName,
                                 Servlet targetObject,
                                 java.lang.Class<?>[] targetParameterTypes,
                                 java.lang.Object[] targetArguments,
                                 java.security.Principal principal)
                          throws java.lang.Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Servlet on which the method will be called.
        targetParameterTypes - Class array used to instantiate a Method object.
        targetArguments - Object array contains the runtime parameters instance.
        principal - the Principal to which the security privilege applies
        Throws:
        java.lang.Exception - an execution error occurred

      • doAsPrivilege

        public static void doAsPrivilege​(java.lang.String methodName,
                                 Filter targetObject)
                          throws java.lang.Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Filter on which the method will be called.
        Throws:
        java.lang.Exception - an execution error occurred

      • doAsPrivilege

        public static void doAsPrivilege​(java.lang.String methodName,
                                 Filter targetObject,
                                 java.lang.Class<?>[] targetType,
                                 java.lang.Object[] targetArguments)
                          throws java.lang.Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Filter on which the method will be called.
        targetType - Class array used to instantiate a Method object.
        targetArguments - Object array contains the runtime parameters instance.
        Throws:
        java.lang.Exception - an execution error occurred

      • doAsPrivilege

        public static void doAsPrivilege​(java.lang.String methodName,
                                 Filter targetObject,
                                 java.lang.Class<?>[] targetParameterTypes,
                                 java.lang.Object[] targetParameterValues,
                                 java.security.Principal principal)
                          throws java.lang.Exception
        Perform work as a particular Subject. Here the work will be granted to a null subject.
        Parameters:
        methodName - the method to apply the security restriction
        targetObject - the Filter on which the method will be called.
        targetParameterTypes - Class array used to instantiate a Method object.
        targetParameterValues - Object array contains the runtime parameters instance.
        principal - the Principal to which the security privilege applies
        Throws:
        java.lang.Exception - an execution error occurred

      • remove

        public static void remove​(java.lang.Object cachedObject)
        Remove the object from the cache.
        Parameters:
        cachedObject - The object to remove

      • isPackageProtectionEnabled

        public static boolean isPackageProtectionEnabled()
        Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.
        Returns:
        true if package level protection is enabled