Examples of SecurityManager

• com.bradmcevoy.http.SecurityManager
• com.dbxml.db.core.security.SecurityManager
  SecurityManager manages Users, Roles, and Access Control Lists for dbXML.
• com.eaglegenomics.simlims.core.manager.SecurityManager
• com.sun.enterprise.SecurityManager
  This interface is used by the Container to manage access to EJBs. The container has a reference to an implementation of this interface. @author Harish Prabandham
• com.sun.enterprise.security.SecurityManager
  This interface is used by the Container to manage access to EJBs. The container has a reference to an implementation of this interface. @author Harish Prabandham
• com.sun.org.apache.xerces.internal.util.SecurityManager
  e.org/xml/properties/security-manager) whose value will be an instance of this class. If no value has been set for the property, the component should proceed in the "usual" (spec-compliant) manner. If a value has been set, then it must be the case that the component in question needs to know what method of this class to query. This class will provide defaults for all known security issues, but will also provide setters so that those values can be tailored by applications that care. @author Neil Graham, IBM @version $Id: SecurityManager.java,v 1.2 2005/08/16 22:49:14 jeffsuttor Exp $
• java.lang.SecurityManager
  The security manager is a class that allows applications to implement a security policy. It allows an application to determine, before performing a possibly unsafe or sensitive operation, what the operation is and whether it is being attempted in a security context that allows the operation to be performed. The application can allow or disallow the operation.

  The SecurityManager class contains many methods with names that begin with the word check. These methods are called by various methods in the Java libraries before those methods perform certain potentially sensitive operations. The invocation of such a check method typically looks like this:

   SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkXXX(argument,  . . . ); } 

  The security manager is thereby given an opportunity to prevent completion of the operation by throwing an exception. A security manager routine simply returns if the operation is permitted, but throws a SecurityException if the operation is not permitted. The only exception to this convention is checkTopLevelWindow, which returns a boolean value.

  The current security manager is set by the setSecurityManager method in class System. The current security manager is obtained by the getSecurityManager method.

  The special method {@link SecurityManager#checkPermission(java.security.Permission)}determines whether an access request indicated by a specified permission should be granted or denied. The default implementation calls

   AccessController.checkPermission(perm); 

  If a requested access is allowed, checkPermission returns quietly. If denied, a SecurityException is thrown.

  As of Java 2 SDK v1.2, the default implementation of each of the other check methods in SecurityManager is to call the SecurityManager checkPermission method to determine if the calling thread has permission to perform the requested operation.

  Note that the checkPermission method with just a single permission argument always performs security checks within the context of the currently executing thread. Sometimes a security check that should be made within a given context will actually need to be done from within a different context (for example, from within a worker thread). The {@link SecurityManager#getSecurityContext getSecurityContext} method and the {@link SecurityManager#checkPermission(java.security.Permission,java.lang.Object) checkPermission}method that includes a context argument are provided for this situation. The getSecurityContext method returns a "snapshot" of the current calling context. (The default implementation returns an AccessControlContext object.) A sample call is the following:

   Object context = null; SecurityManager sm = System.getSecurityManager(); if (sm != null) context = sm.getSecurityContext();  

  The checkPermission method that takes a context object in addition to a permission makes access decisions based on that context, rather than on that of the current execution thread. Code within a different context can thus call that method, passing the permission and the previously-saved context object. A sample call, using the SecurityManager sm obtained as in the previous example, is the following:

   if (sm != null) sm.checkPermission(permission, context); 

  Permissions fall into these categories: File, Socket, Net, Security, Runtime, Property, AWT, Reflect, and Serializable. The classes managing these various permission categories are java.io.FilePermission, java.net.SocketPermission, java.net.NetPermission, java.security.SecurityPermission, java.lang.RuntimePermission, java.util.PropertyPermission, java.awt.AWTPermission, java.lang.reflect.ReflectPermission, and java.io.SerializablePermission.

  All but the first two (FilePermission and SocketPermission) are subclasses of java.security.BasicPermission, which itself is an abstract subclass of the top-level class for permissions, which is java.security.Permission. BasicPermission defines the functionality needed for all permissions that contain a name that follows the hierarchical property naming convention (for example, "exitVM", "setFactory", "queuePrintJob", etc). An asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "a.*" or "*" is valid, "*a" or "a*b" is not valid.

  FilePermission and SocketPermission are subclasses of the top-level class for permissions (java.security.Permission). Classes like these that have a more complicated name syntax than that used by BasicPermission subclass directly from Permission rather than from BasicPermission. For example, for a java.io.FilePermission object, the permission name is the path name of a file (or directory).

  Some of the permission classes have an "actions" list that tells the actions that are permitted for the object. For example, for a java.io.FilePermission object, the actions list (such as "read, write") specifies which actions are granted for the specified file (or for files in the specified directory).

  Other permission classes are for "named" permissions - ones that contain a name but no actions list; you either have the named permission or you don't.

  Note: There is also a java.security.AllPermission permission that implies all permissions. It exists to simplify the work of system administrators who might need to perform multiple tasks that require all (or numerous) permissions.

  See Permissions in the JDK for permission-related information. This document includes, for example, a table listing the various SecurityManager check methods and the permission(s) the default implementation of each such method requires. It also contains a table of all the version 1.2 methods that require permissions, and for each such method tells which permission it requires.

  For more information about SecurityManager changes made in the JDK and advice regarding porting of 1.1-style security managers, see the security documentation. @author Arthur van Hoff @author Roland Schemers @version 1.139, 04/21/06 @see java.lang.ClassLoader @see java.lang.SecurityException @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object) checkTopLevelWindow @see java.lang.System#getSecurityManager() getSecurityManager @see java.lang.System#setSecurityManager(java.lang.SecurityManager) setSecurityManager @see java.security.AccessController AccessController @see java.security.AccessControlContext AccessControlContext @see java.security.AccessControlException AccessControlException @see java.security.Permission @see java.security.BasicPermission @see java.io.FilePermission @see java.net.SocketPermission @see java.util.PropertyPermission @see java.lang.RuntimePermission @see java.awt.AWTPermission @see java.security.Policy Policy @see java.security.SecurityPermission SecurityPermission @see java.security.ProtectionDomain @since JDK1.0

• mf.org.apache.xerces.util.SecurityManager
  e.org/xml/properties/security-manager) whose value will be an instance of this class. If no value has been set for the property, the component should proceed in the "usual" (spec-compliant) manner. If a value has been set, then it must be the case that the component in question needs to know what method of this class to query. This class will provide defaults for all known security issues, but will also provide setters so that those values can be tailored by applications that care. @author Neil Graham, IBM @version $Id: SecurityManager.java 447241 2006-09-18 05:12:57Z mrglavas $
• org.apache.qpid.server.security.SecurityManager
• org.apache.sandesha2.security.SecurityManager
  SecurityManager interface. This manages the link between the RM layer and Security, so that the CreateSequence message can be secured using a SecurityTokenReference. Once the sequence is secured using the STR, each inbound messgae must be checked to ensure the sender has demonstrated proof-of-possession of the referenced token. See the WS-RM 1.0 spec for details.
• org.apache.shiro.mgt.SecurityManager
  A {@code SecurityManager} executes all security operations for all Subjects (aka users) across asingle application.

  The interface itself primarily exists as a convenience - it extends the {@link org.apache.shiro.authc.Authenticator}, {@link Authorizer}, and {@link SessionManager} interfaces, thereby consolidatingthese behaviors into a single point of reference. For most Shiro usages, this simplifies configuration and tends to be a more convenient approach than referencing {@code Authenticator}, {@code Authorizer}, and {@code SessionManager} instances separately; instead one only needs to interact with a single{@code SecurityManager} instance.

  In addition to the above three interfaces, this interface provides a number of methods supporting {@link Subject} behavior. A {@link org.apache.shiro.subject.Subject Subject} executesauthentication, authorization, and session operations for a single user, and as such can only be managed by {@code A SecurityManager} which is aware of all three functions. The three parent interfaces on theother hand do not 'know' about {@code Subject}s to ensure a clean separation of concerns.

  Usage Note: In actuality the large majority of application programmers won't interact with a SecurityManager very often, if at all. Most application programmers only care about security operations for the currently executing user, usually attained by calling {@link org.apache.shiro.SecurityUtils#getSubject() SecurityUtils.getSubject()}.

  Framework developers on the other hand might find working with an actual SecurityManager useful. @author Les Hazlewood @see org.apache.shiro.mgt.DefaultSecurityManager @since 0.2

• org.apache.xerces.util.SecurityManager
  e.org/xml/properties/security-manager) whose value will be an instance of this class. If no value has been set for the property, the component should proceed in the "usual" (spec-compliant) manner. If a value has been set, then it must be the case that the component in question needs to know what method of this class to query. This class will provide defaults for all known security issues, but will also provide setters so that those values can be tailored by applications that care. @author Neil Graham, IBM @version $Id: SecurityManager.java 319859 2004-03-23 01:23:41Z mrglavas $
• org.exist.security.SecurityManager
  SecurityManager is responsible for managing users and groups. There's only one SecurityManager for each database instance, which may be obtained by {@link BrokerPool#getSecurityManager()}.
• org.jboss.jms.server.SecurityManager
  @author Ovidiu Feodorov @version $Revision: 2257 $$Id: SecurityManager.java 2257 2007-02-11 01:07:47Z ovidiu.feodorov@jboss.com $
• org.jdesktop.wonderland.server.security.SecurityManager
  Interface for handling security checks. @author jkaplan
• org.mule.api.security.SecurityManager
  SecurityManager is responsible for managing one or more security providers.
• railo.runtime.security.SecurityManager
  interface for Security Manager

Examples of org.apache.sandesha2.security.SecurityManager

    SequencePropertyBeanMgr sequencePropMgr = storageManager.getSequencePropertyBeanMgr();

    // Check that the sender of this CloseSequence holds the correct token
    SequencePropertyBean tokenBean = sequencePropMgr.retrieve(sequenceId, Sandesha2Constants.SequenceProperties.SECURITY_TOKEN);
    if(tokenBean != null) {
      SecurityManager secManager = SandeshaUtil.getSecurityManager(msgCtx.getConfigurationContext());
      OMElement body = msgCtx.getEnvelope().getBody();
      SecurityToken token = secManager.recoverSecurityToken(tokenBean.getValue());
      secManager.checkProofOfPossession(token, body, msgCtx);
    }

    FaultManager faultManager = new FaultManager();
    SandeshaException fault = faultManager.checkForUnknownSequence(rmMsgCtx, sequenceId, storageManager);
    if (fault != null) {

Examples of org.apache.shiro.mgt.SecurityManager

    public void setSecurityManager(SecurityManager securityManager) {
        nullSafePut(SECURITY_MANAGER, securityManager);
    }

    public SecurityManager resolveSecurityManager() {
        SecurityManager securityManager = getSecurityManager();
        if (securityManager == null) {
            if (log.isDebugEnabled()) {
                log.debug("No SecurityManager available in subject context map.  " +
                        "Falling back to SecurityUtils.getSecurityManager() lookup.");
            }

Examples of org.apache.xerces.util.SecurityManager

    XmlOptions xmlOptions;

    try
    {
      SAXParser saxParser = SAXParserFactory.newInstance().newSAXParser();
      SecurityManager securityManager = new SecurityManager();
      // Default seems to be 64000!
      securityManager.setEntityExpansionLimit( 16 );

      saxParser.setProperty( "http://apache.org/xml/properties/security-manager", securityManager );
      XMLReader xmlReader = saxParser.getXMLReader();
      xmlOptions = new XmlOptions().setLoadUseXMLReader( xmlReader );
    }

Examples of org.exist.security.SecurityManager

      sendChallenge(request, response);
      return null;
    }
    final Digest digest = new Digest(request.getMethod());
    parseCredentials(digest, credentials);
    final SecurityManager secman = pool.getSecurityManager();
    final AccountImpl user = (AccountImpl)secman.getAccount(digest.username);
    if (user == null) {
      // If user does not exist then send a challenge request again
      if (sendChallenge) {sendChallenge(request, response);}
      return null;
    }

Examples of org.jboss.jms.server.SecurityManager

      JBossDestination jbd = (JBossDestination)dest;
      boolean isQueue = jbd.isQueue();
      String name = jbd.getName();

      SecurityManager sm = conn.getSecurityManager();
      SecurityMetadata securityMetadata = sm.getSecurityMetadata(isQueue, name);

      if (securityMetadata == null)
      {
         throw new JMSSecurityException("No security configuration avaliable for " + name);
      }

      // Authenticate. Successful autentication will place a new SubjectContext on thread local,
      // which will be used in the authorization process. However, we need to make sure we clean up
      // thread local immediately after we used the information, otherwise some other people
      // security my be screwed up, on account of thread local security stack being corrupted.

      sm.authenticate(conn.getUsername(), conn.getPassword());

      // Authorize
      Set principals = checkType == CheckType.READ ? securityMetadata.getReadPrincipals() :
                       checkType == CheckType.WRITE ? securityMetadata.getWritePrincipals() :
                       securityMetadata.getCreatePrincipals();
      try
      {
         if (!sm.authorize(conn.getUsername(), principals))
         {
            String msg = "User: " + conn.getUsername() +
               " is not authorized to " +
               (checkType == CheckType.READ ? "read from" :
                  checkType == CheckType.WRITE ? "write to" : "create durable sub on") +

Examples of org.jdesktop.wonderland.server.security.SecurityManager

        }

        public void run() throws Exception {
            task.setCells(cells);

            SecurityManager security = AppContext.getManager(SecurityManager.class);
            security.doSecure(rm, task);
        }

Examples of org.jdesktop.wonderland.server.security.SecurityManager

                                                   owners);
            ActionMap am = new ActionMap(ownerRsrc, new OwnerAction());
            ResourceMap rm = new ResourceMap();
            rm.put(ownerRsrc.getId(), am);

            SecurityManager sec = AppContext.getManager(SecurityManager.class);
            SecureTask sst = new SetStateTask(id.getUsername(), ownerRsrc.getId(),
                                              this, scss.getPermissions());
            sec.doSecure(rm, sst);
        } else {
            // no security check, just set the values
            setCellPermissions(scss.getPermissions());
        }
    }

Examples of org.jdesktop.wonderland.server.security.SecurityManager

        Action[] actions = crmi.getActions(requestCellID).toArray(new Action[0]);
        ActionMap am = new ActionMap(rsrc, actions);
        rm.put(rsrc.getId(), am);

        // construct a new task to send the message
        SecurityManager sm = AppContext.getManager(SecurityManager.class);
        SecureTask sendTask = new SendPermissionsTask(rsrc.getId(), sender,
                                                      clientID, messageID);
        sm.doSecure(rm, sendTask);
    }

Examples of org.jdesktop.wonderland.server.security.SecurityManager

                               final short clientID,
                               final Message message,
                               final Set<Action> actions)
    {
        // get the security manager
        SecurityManager security = AppContext.getManager(SecurityManager.class);

        // create a request
        ActionMap am = new ActionMap(resource, actions.toArray(new Action[0]));
        ResourceMap request = new ResourceMap();
        request.put(resource.getId(), am);

        // perform the security check
        security.doSecure(request, new ReceiveSecureTask(resource.getId(),
                                                         clientID, actions,
                                                         message,
                                                         getBindingName()));
    }

Examples of org.jdesktop.wonderland.server.security.SecurityManager

                              final ConnectionType type,
                              final Properties properties,
                              final ClientHandlerRef ref)
    {
        // get the security manager
        SecurityManager security = AppContext.getManager(SecurityManager.class);

        // create a request
        ActionMap am = new ActionMap(resource, ConnectAction.getInstance());
        ResourceMap request = new ResourceMap();
        request.put(resource.getId(), am);

        // perform the security check
        security.doSecure(request, new AttachSecureTask(resource.getId(),
                                                        messageID, type,
                                                        properties, ref,
                                                        getBindingName()));
    }