Exported resources
Bryan Atsatt
bryan.atsatt at oracle.com
Thu May 24 20:32:30 PDT 2007
Both solutions require stack walking (unless there is some new
implementation of the java security model I've not yet seen!).
The permission check does much more work than is necessary here. Take a
look at AccessController.checkPermission() to see what I mean.
And actually there is a very simple API to get the stack, which I've
used for years:
private static class StackAccessor extends SecurityManager {
public Class[] getStack() {
return getClassContext();
}
}
private static final STACK_ACCESSOR = new StackAccessor();
Now the enclosing class can simply call STACK_ACCESSOR.getStack().
// Bryan
Stanley M. Ho wrote:
> Hi Bryan,
>
> Bryan Atsatt wrote:
>> 1. Definitely agree that resource search order should be identical to
>> class search order.
>
> Glad to hear!
>
>> 2. Using permissions to limit access to private resources seems like
>> overkill to me. The prototype implemented this in a very simple fashion:
>>
>> a. If resource is exported, return it, else
>> a. Get the caller's Module (get class from stack, get module from it)
>> b. If callerModule == this, return resource, else return null.
>
> The issue is that this approach still requires stack walking and there
> is no public API in the SE platform that let you implement this.
>
> If stack walking is required for the check anyway, I think the security
> permission approach is better that it is implementable with the existing
> API in the SE platform.
>
> - Stanley
>
More information about the jsr277-eg-observer
mailing list