public class ProfilingSecurityManager extends SecurityManager
ProfilingSecurityManager is a Java security manager that profiles
what resources an application accesses, and in what manner --- e.g., read, write, etc. It does not enforce a
security policy, but rather produces a starting point for crafting one.
It extends java.lang.SecurityManager and overrides the two forms of the checkPermission() method.
For each call to checkPermission(), ProfilingSecurityManager first guards against the
condition that it itself induced the call to checkPermission(), which would result in
unterminated recursion. If a call to checkPermission() resulted from a call outside
ProfilingSecurityManager, the current context is examined and each class found therein is
profiled as needing access to the java.security.Permission in question.
Profiling is manifested as a writing to System.out a "grant" rule for each java.security.Permission requested
on a per CodeBase basis.
The implementation here does some very simple rule caching. If a rule has been seen previously, it is not output to System.out.
The caching cannot prevent a security check, but it can reduce I/O during profiling.
| Modifier and Type | Field and Description |
|---|---|
private ArrayList<String> |
cacheList |
private String |
psmMsg |
private String |
thisClassName |
private String |
thisCodeSourceURLString |
inCheck| Constructor and Description |
|---|
ProfilingSecurityManager() |
| Modifier and Type | Method and Description |
|---|---|
private void |
buildRules(Permission permission,
AccessControlContext ctx) |
void |
checkPermission(Permission permission) |
void |
checkPermission(Permission permission,
Object context) |
private String |
formatRule(Permission permission,
ProtectionDomain pd) |
private ProtectionDomain[] |
getProtectionDomains(AccessControlContext context) |
private boolean |
isCached(String candidate) |
private boolean |
isRecur(StackTraceElement[] st) |
String |
toString() |
checkAccept, checkAccess, checkAccess, checkAwtEventQueueAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkExit, checkLink, checkListen, checkMemberAccess, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkSystemClipboardAccess, checkTopLevelWindow, checkWrite, checkWrite, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoaderprivate final String thisClassName
private final String thisCodeSourceURLString
private final String psmMsg
public void checkPermission(Permission permission)
checkPermission in class SecurityManagerpublic void checkPermission(Permission permission, Object context)
checkPermission in class SecurityManagerprivate void buildRules(Permission permission, AccessControlContext ctx)
private boolean isRecur(StackTraceElement[] st)
private ProtectionDomain[] getProtectionDomains(AccessControlContext context) throws IllegalStateException
IllegalStateExceptionprivate String formatRule(Permission permission, ProtectionDomain pd)
private boolean isCached(String candidate)
Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.