Exported resources

Stanley M. Ho Stanley.Ho at sun.com
Wed May 30 12:19:45 PDT 2007 

Hi Bryan,

Those resource-related methods in ClassLoader can be called by anyone,
including code that is part of the module, code that is from other
modules, or code that is part of the platform libraries (e.g.
ResourceBundle). The approach you described would require walking the
stack to get the caller's Module, but the real issue is that it is
difficult to determine who the actual caller is from the stack.

Treating the immediate caller on the stack as the actual caller wouldn't
be sufficient because the immediate caller could be called by someone
else who is the one actually making the call. On the other hand,
treating the originated caller on the stack as the actual caller would
be the right semantic, but this is basically the same as the security
permission approach.

- Stanley


Bryan Atsatt wrote:
> Both solutions require stack walking (unless there is some new
> implementation of the java security model I've not yet seen!).
>
> The permission check does much more work than is necessary here. Take a
> look at AccessController.checkPermission() to see what I mean.
>
> And actually there is a very simple API to get the stack, which I've
> used for years:
>
>   private static class StackAccessor extends SecurityManager {
>       public Class[] getStack() {
>           return getClassContext();
>       }
>   }
>
>   private static final STACK_ACCESSOR = new StackAccessor();
>
> Now the enclosing class can simply call STACK_ACCESSOR.getStack().
>
> // Bryan
>
>
>
> Stanley M. Ho wrote:
>> Hi Bryan,
>>
>> Bryan Atsatt wrote:
>>> 1. Definitely agree that resource search order should be identical to
>>> class search order.
>>
>> Glad to hear!
>>
>>> 2. Using permissions to limit access to private resources seems like
>>> overkill to me. The prototype implemented this in a very simple fashion:
>>>
>>> a. If resource is exported, return it, else
>>> a. Get the caller's Module (get class from stack, get module from it)
>>> b. If callerModule == this, return resource, else return null.
>>
>> The issue is that this approach still requires stack walking and there
>> is no public API in the SE platform that let you implement this.
>>
>> If stack walking is required for the check anyway, I think the security
>> permission approach is better that it is implementable with the existing
>> API in the SE platform.
>>
>> - Stanley
>>

More information about the jsr277-eg-observer mailing list