The JavaTM Tutorial
Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail > Start of Lesson Search

Trail: Security in Java 2 SDK 1.2
Lesson: Implementing Your Own Permission

The HighScore Class

The HighScore class stores and protects access to the user's high score for TerrysGame (and any other games that call it). For simplicity, this class saves the high score value into a file, called .highscore, in the user's home directory. However, before allowing TerrysGame to retrieve or update the user's high score value, this class checks to make sure that the user has granted TerrysGame permission to access the high score in his/her security policy file.

Checking that TerrysGame has the HighScorePermission

To check whether or not TerrysGame has permission to access the user's high score, the HighScore class must:
  1. Call System.getSecurityManager() to get the currently installed security manager.

  2. If the result is not null (i.e., there is a security manager, as opposed to the caller being an application that is unrestricted), then

    1. Construct a HighScorePermission object, and

    2. Call the security manager's checkPermission method, and pass it the newly constructed HighScorePermission object.
Here is the code:
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
    sm.checkPermission(new HighScorePermission(gameName));
}
The checkPermission method essentially asks the security manager if TerrysGame has the specified HighScorePermission. In other words, it asks the security manager if TerrysGame has permission to update the user's high score value for the specified game (TerrysGame). The underlying security framework will consult the user's security policy to see if TerrysGame indeed has this permission.

The HighScore Code

Here(in a .java source file) is the complete source code for the HighScore class.

Note: The doPrivileged method calls are used to enable HighScore to temporarily access resources that are available to it but that are not available to the code that calls it (TerrysGame). For example, it is expected that the policy file will grant HighScore permission to access the .highscore file in the user's home directory, but it will not grant this permission to games, such as TerrysGame. For more information about the use of doPrivileged methods, see New Privileged Block API(outside of the tutorial) on the public java.sun.com web site.


Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail > Start of Lesson Search