Java Security Architecture Problem - What do I do?
Joined: Jul 28, 2002
Java Security (My Take) Originally, Java security was such that they (Sun's Java team) expected different implementations of SecurityManager (this is why it is not a final class). However, they seem to have overestimated people's love for security. As a result, they created the AccessController, their own implementation and a final class. Now most of what the SecurityManager does is simply call the AccessController. The Problem The problem and shift in security here is that there is no longer ONE manager of security, or rather no FINAL voice on security access. People can and do call AccessController directly (which does not check with the security manager)! Imagine that someone calls the security manager (and it's our implementation called OurSecurityManager) and is rejected (because of its particular implementation RULES). So what do they do? They go to Daddy ( AccessController ) since Mommy said he couldn't do the action and since Daddy has different rules, he allows the action. Gulp. (Or you're using someone else's code and they have no security manager checks, just accesscontroller.checkpermission() - diff. rules!) My problem comes about because(as other people have discovered) Java 2 Security implementation is currently inadequate for numerous situations. That is why I wish to create my own SecurityManager implementation. However, what do I do if they call the AccessController directly? Is there anything to intercept that? And why is this API so convoluted/dishonest (since it seems to state that SecurityManager controls access rules, but then puts in a final class that can do that WITHOUT consulting the security manager)? In my opinion, there should be ONE manager of the whole application that handles permissions/rights, etc. Can anyone help me here? What should I do to correctly implement a real security manager that truly manages all access and will work in any JVM (with Java 2)?