*
The moose likes Developer Certification (SCJD/OCMJD) and the fly likes I am still unclear about SecurityException. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Developer Certification (SCJD/OCMJD)
Bookmark "I am still unclear about SecurityException." Watch "I am still unclear about SecurityException." New topic
Author

I am still unclear about SecurityException.

Zhixiong Pan
Ranch Hand

Joined: Jan 25, 2006
Posts: 239
Hi ranchers,
We know SecurityException is a RuntimeException which in Java conventions is always thrown automatically. So why here manually?


SCJP 1.4 SCJD
Mark Smyth
Ranch Hand

Joined: Feb 04, 2004
Posts: 288
Originally posted by Zhixiong Pan:
Hi ranchers,
We know SecurityException is a RuntimeException which in Java conventions is always thrown automatically. So why here manually?


I wouldn't say its a convention. A SecurityException is throw when a client has been found no to hav the required permission to access a method / resource. This check is not done "automatically" by the sun libraries but with java code just like you or I might write. It is a runtime exception because it is a serious error that should not be handled by the application itself.

In you code it makes also makes sense to throw this exception when a client tries to perform an operation that it shouldn't.

mark.


SCJP<br />SCJD
Zhixiong Pan
Ranch Hand

Joined: Jan 25, 2006
Posts: 239
Hi Mark,
I am glad to hear your voice again.
With regard to your experience, SecurityException in this assignment should always be thrown even in client frame. Because such an error is fatal, if happened the client application will no longer work. Right?
Mark Smyth
Ranch Hand

Joined: Feb 04, 2004
Posts: 288
Originally posted by Zhixiong Pan:
Hi Mark,
I am glad to hear your voice again.
With regard to your experience, SecurityException in this assignment should always be thrown even in client frame. Because such an error is fatal, if happened the client application will no longer work. Right?


Generally RuntimeExceptions are not supposed to be caught by the Application. I didn't have this particular exception in my projects so I'm not sure in what context the exception is thrown. I imagine that this exception is thrown for an attempt to unlock records that have not been locked or update an unlocked record that has not been locked (in my project i used a runtime IllegalStateException for these senarios which I handled in the business code).

These are serious (or malicious) programmer errors that certainly should not be present in the end user product (a gui user should not have any way to attempt to try either of these senarios), and in such instances terminating the down the app could be justifiable.

Mark.
Khaled Mahmoud
Ranch Hand

Joined: Jul 15, 2006
Posts: 361
Hello,
The SecurityException mentioned in the assignment need not be the one found in the java.lang package.You can create your own SecurityException that belongs to whatever package in your application, and i think the implementing a SecurityException class is more convenient.

Regarding handling the SecurityException, i think the SecurityException must be handled.Why??

Look at this case :
Suppose that a record cannot be locked for more that ten minutes,and after those ten minutes the record will be unlocked automatically.

A client locks record #5 and gets its lock cookie.The value of this cookie
is 10.The client then keeps the record locked for 20 minutes.The client still thinks he is owning the lock on the record.Now when he tries to update a record,a SecurityException will be thrown,because this record is no more locked by that client.
In this case you can handle this exception at the GUI and tell the user of the application that the record has been locked for so long time, and because of that it has been unlocked.

Good luck





SCJP, SCJD,SCWCD,SCDJWS,SCEA 5 MCP-C#, MCP-ASP.NET - http://www.khaledinho.com/
Life is the biggest school
Mark Smyth
Ranch Hand

Joined: Feb 04, 2004
Posts: 288
Originally posted by Khaled Mahmoud:
Hello,
The SecurityException mentioned in the assignment need not be the one found in the java.lang package.You can create your own SecurityException that belongs to whatever package in your application, and i think the implementing a SecurityException class is more convenient.

Regarding handling the SecurityException, i think the SecurityException must be handled.Why??

Look at this case :
Suppose that a record cannot be locked for more that ten minutes,and after those ten minutes the record will be unlocked automatically.

A client locks record #5 and gets its lock cookie.The value of this cookie
is 10.The client then keeps the record locked for 20 minutes.The client still thinks he is owning the lock on the record.Now when he tries to update a record,a SecurityException will be thrown,because this record is no more locked by that client.
In this case you can handle this exception at the GUI and tell the user of the application that the record has been locked for so long time, and because of that it has been unlocked.

Good luck





If you implement client side locking in this way then you certainly would want to handle the exception in this way. I did mine on the server side so there is no way a client could lock a record for that long (unless a client crashes - and I handle that Exception in the choices.txt )

Good point about creating a custom SecurityException. For in that case it needen't be a runtime exception at all, this would be one less design decision to make as the checked SecurityException would have to be handled expicitly.

Mark
Zhixiong Pan
Ranch Hand

Joined: Jan 25, 2006
Posts: 239
I am still puzzled
More explanations are urgently needed. Please help.
Mark Smyth
Ranch Hand

Joined: Feb 04, 2004
Posts: 288
Originally posted by Zhixiong Pan:
I am still puzzled
More explanations are urgently needed. Please help.


Could you be a bit more specific about exactly you are puzzled about? Maybe tell us what you are currently thinking of doing and what aspects you are unsure about. We might be able to give better advice then .

Regards,
Mark.
Zhixiong Pan
Ranch Hand

Joined: Jan 25, 2006
Posts: 239
Hi Mark,
In my DB definition, delete update and unlock throw SecurityException if input cookie is not the cookie returned when the record was locked. So if that happen, the server will terminate since that is a fatal error.
In my HotelBusiness's book method, I also throw SecurityException if room has been booked or is not time available. Then in ClientFrame, that RuntimeException will be handled in catch scope.

You see the 2 places where SecurityException has been used in my project, and the later implementation seems uncomfortable. Should I create a specific Exception like InAvailableRoomException to replace that RuntimeException?
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: I am still unclear about SecurityException.
 
Similar Threads
RecordNotFoundException and unlock
Polymorphism and Automatic Failure
reading a file from a parent directory??
accessing a .properties file
SecurityException