The notion of permissions and the access controller can be encapsulated into a single object: a guarded object, which is implemented by the GuardedObject class (java.security.GuardedObject). This class allows you to embed another object within it in such a way that all access to the object will first have to go through a guard (which, typically, is the access controller).
There are two methods in the GuardedObject class:
Create a guarded object. The given object is embedded within the guarded object; access to the embedded object will not be granted unless the guard allows it.
Return the embedded object. The checkGuard() method of the guard is first called; if the guard prohibits access to the embedded object, an AccessControlException will be thrown. Otherwise, the embedded object is returned.
The guard can be any class that implements the Guard interface (java.security.Guard). This interface has a single method:
See if access to the given object should be granted. If access is not granted, this method should throw an AccessControlException; otherwise it should silently return.
Although you can write your own guards, the Permission class already implements the guard interface. Hence, any permission can be used to guard an object as follows:
public class GuardTest { public static void main(String args[]) { GuardedObject go = new GuardedObject(new XYZPayrollRequest(), new XYZPayrollPermission("sdo", "view")); try { Object o = go.getObject(); System.out.println("Got access to object"); } catch (AccessControlException ace) { System.out.println("Can't access object"); } } }
When the getObject() method is called, it in turn calls the checkGuard() method of the XYZPayrollPermission class, which (as it inherits from the Permission class) will call the checkPermission() method of the access controller, passing the XYZ payroll request object as an argument.
Copyright © 2001 O'Reilly & Associates. All rights reserved.