2

i wrote a own Security Manager and my problem is, that i run code from other users in my program, and i have to ensure that there is no abuse.

So my Question is: How i am able to find out in the Methods of the Security Manager , who asks for the Access in the checkXXXXX() - methods.

Thanks

Nicolas
  • 269
  • 4
  • 14

1 Answers1

2

No there is no simple way to do this in the general case.

(If you were running within a web container, that might provide a way to get hold of the current request's authentication details. But that doesn't sound like your use-case.)

I guess there are a variety of ways that you could attempt to implement this, though you'd need to be careful to protect against code that spoofs the user identity. One idea is to associate each user identity with a distinct ThreadGroup, and get your security manager to block creation of threads in other thread groups; read the javadoc for Thread(ThreadGroup group, Runnable target, String name), paying attention to what it says about the thread group check.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
  • Thanks for your answer. I already block creation of threads in other threads with a security key, where you have to register your own thread, that you are able to create one. But in one case you helped me a lot, because i now I know that the Security Manager is called by the Thread himself, and so i can find out the ThreadGroup and the Thread ID. So it's no problem for me to do the same thing to register the thread with the security key! THANK YOU! – Nicolas Aug 13 '11 at 11:28