org.iids.aos.agentserver.java
Class JavaAgentSecurityManager

java.lang.Object
  java.lang.SecurityManager
      org.iids.aos.agentserver.java.JavaAgentSecurityManager

public class JavaAgentSecurityManager
extends java.lang.SecurityManager

Java Agent Security Manager. This class is responsible for performing certain security related checks, like file and socket access.

However, because there can be only one security manager in each JVM, we must make sure that access checks are only done for agents, which run as separate threads inside the same JVM as the agent server.

There are two possibilities to distinguish various threads from each other:

1. By thread. Each thread that is to be monitores is to be (de)registered explicitly.
2. By thread group. Each thread that runs in inside a certain thread group is to be monitored.

Using thread groups is preferred, because it requires no extra registration and deregistration of (newly created) threads. When an agent creates a new thread itself, this will also run in the same thread group as the agent itself. Even if the agent creates a new thread group, it is still possible to trace back to the parent thread group. The strategy that is used is determined by which constructor is called (with or without thread group).

However, when an agent finishes, any of the threads it has created can still be active. Seeing as these run in the same (monitored) thread group, this will never be noticed. Therefore, the best strategy is a combination of both: if the thread is part of the monitored group (or a subgroup thereof), then the checks are performed only if the thread itself is also known. If the thread is unknown, then a SecurityException is thrown. This is what is currently implemented.

Field Summary

Fields inherited from class java.lang.SecurityManager

inCheck

Method Summary

void	checkAccept(java.lang.String host, int port)
void	checkAccess(java.lang.Thread t)
void	checkAccess(java.lang.ThreadGroup access)
void	checkAwtEventQueueAccess()
void	checkConnect(java.lang.String host, int port)
void	checkConnect(java.lang.String host, int port, java.lang.Object context)
void	checkCreateClassLoader()
void	checkExec(java.lang.String command)
void	checkExit(int status)
void	checkLink(java.lang.String libraryString)
void	checkListen(int port)
void	checkMemberAccess(java.lang.Class clazz, int which)
void	checkMulticast(java.net.InetAddress addr)
void	checkPackageAccess(java.lang.String pkg)
void	checkPackageDefinition(java.lang.String pkg)
void	checkPermission(java.security.Permission perm)
void	checkPropertiesAccess()
void	checkPropertyAccess(java.lang.String key)
void	checkRead(java.io.FileDescriptor fd)
void	checkRead(java.lang.String file)
void	checkRead(java.lang.String file, java.lang.Object o)
void	checkSecurityAccess(java.lang.String action)
void	checkSetFactory()
boolean	checkTopLevelWindow(java.lang.Object window) Top level window is allowed, but if this returns false, then the AWT/Swing window will show a special banner.
void	checkWrite(java.lang.String file)

Methods inherited from class java.lang.SecurityManager

checkDelete, checkMulticast, checkPermission, checkPrintJobAccess, checkSystemClipboardAccess, checkWrite, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoader

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

checkAccess

public void checkAccess(java.lang.Thread t)

Overrides:

checkAccess in class java.lang.SecurityManager

checkAccess

public void checkAccess(java.lang.ThreadGroup access)

Overrides:

checkAccess in class java.lang.SecurityManager

checkPermission

public void checkPermission(java.security.Permission perm)

Overrides:

checkPermission in class java.lang.SecurityManager

checkCreateClassLoader

public void checkCreateClassLoader()

Overrides:

checkCreateClassLoader in class java.lang.SecurityManager

checkExec

public void checkExec(java.lang.String command)

Overrides:

checkExec in class java.lang.SecurityManager

checkLink

public void checkLink(java.lang.String libraryString)

Overrides:

checkLink in class java.lang.SecurityManager

checkExit

public void checkExit(int status)

Overrides:

checkExit in class java.lang.SecurityManager

checkAwtEventQueueAccess

public void checkAwtEventQueueAccess()

Overrides:

checkAwtEventQueueAccess in class java.lang.SecurityManager

checkPropertyAccess

public void checkPropertyAccess(java.lang.String key)

Overrides:

checkPropertyAccess in class java.lang.SecurityManager

checkPropertiesAccess

public void checkPropertiesAccess()

Overrides:

checkPropertiesAccess in class java.lang.SecurityManager

checkTopLevelWindow

public boolean checkTopLevelWindow(java.lang.Object window)

Top level window is allowed, but if this returns false, then the AWT/Swing window will show a special banner.

Overrides:

checkTopLevelWindow in class java.lang.SecurityManager

Parameters:

window - The window trying to display.

Returns:

Returns false if an agent tries to create a window, otherwise true.

checkMemberAccess

public void checkMemberAccess(java.lang.Class clazz,
                              int which)

Overrides:

checkMemberAccess in class java.lang.SecurityManager

checkSecurityAccess

public void checkSecurityAccess(java.lang.String action)

Overrides:

checkSecurityAccess in class java.lang.SecurityManager

checkPackageAccess

public void checkPackageAccess(java.lang.String pkg)

Overrides:

checkPackageAccess in class java.lang.SecurityManager

checkPackageDefinition

public void checkPackageDefinition(java.lang.String pkg)

Overrides:

checkPackageDefinition in class java.lang.SecurityManager

checkListen

public void checkListen(int port)

Overrides:

checkListen in class java.lang.SecurityManager

checkConnect

public void checkConnect(java.lang.String host,
                         int port,
                         java.lang.Object context)

Overrides:

checkConnect in class java.lang.SecurityManager

checkConnect

public void checkConnect(java.lang.String host,
                         int port)

Overrides:

checkConnect in class java.lang.SecurityManager

checkAccept

public void checkAccept(java.lang.String host,
                        int port)

Overrides:

checkAccept in class java.lang.SecurityManager

checkMulticast

public void checkMulticast(java.net.InetAddress addr)

Overrides:

checkMulticast in class java.lang.SecurityManager

checkSetFactory

public void checkSetFactory()

Overrides:

checkSetFactory in class java.lang.SecurityManager

checkRead

public void checkRead(java.lang.String file)

Overrides:

checkRead in class java.lang.SecurityManager

checkRead

public void checkRead(java.lang.String file,
                      java.lang.Object o)

Overrides:

checkRead in class java.lang.SecurityManager

checkRead

public void checkRead(java.io.FileDescriptor fd)

Overrides:

checkRead in class java.lang.SecurityManager

checkWrite

public void checkWrite(java.lang.String file)

Overrides:

checkWrite in class java.lang.SecurityManager