Re: Threads - the problem area

Wed, 09 Aug 2000 07:22:02 -0700 

Rickard,
I will take a look at the security specs for more info.

Thanks

-----Original Message-----
From: Rickard �berg [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 09, 2000 9:05 AM
To: [EMAIL PROTECTED]
Subject: Re: Threads - the problem area


On Wed, 9 Aug 2000 08:28:50 -0500, Bono, Chris <[EMAIL PROTECTED]>
wrote:
>What exactly is a privileged section? I have never heard of that.

A privileged action is a piece of code that executes some set of methods
that it is allowed to do, but which its caller is not allowed to do.

For example, if an EJB calls a JDBC driver, the JDBC driver may do file
I/O, whereas the EJB don't. Hence, the JDBC drivers attempt to do file
I/O will fail. This is normal security permission semantics.

However, if the JDBC driver executes the file I/O inside a privileged
action, then the security checks will stop there (they are done for all
classes on the call-stack BTW), and hence come to the conclusion that
everything is in order, and allow the file I/O to be done.

As Scott showed:
>class Helper
>{
> public void doWork(int noofprocess)
> {
>  AccessController.doPrivileged(new PrivilegedAction()
>  {
>   public Object run()
>   {
>    internalDoWork(noofprocess);
>    return null;
>   }
>  });
> }

The helped may create threads or whatever since it is doing so from
within a doPrivileged block. If the EJB tries to do the same thing it
will, of course, fail, since the EJB does not have the right permissions
in the first place (Note: this only applies to EJB containers that
actually enforce these restrictions).

Have I been clear? Ask away otherwise. You will probably want to read
the Security API docs for more details:
http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-specTOC.fm.html

/Rickard

--
Rickard �berg

Email: [EMAIL PROTECTED]
http://www.telkel.com
http://www.jboss.org
http://www.dreambean.com

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

Reply via email to