LinkDemand equivalent in Java?

Thread view:

Abdullah Kauchali - 23 Nov 2003 09:05 GMT

I have two classes from two different packages:

Package1.Class1.myMethod1()

and

Package2.Class2.myMethod2()

I would like to ensure that myMethod2() can *ONLY* be invoked by
myMethod1().

If myMethod2() is invoked directly from any *other* source, it should raise
a security exception.

What is the most efficient/practical method of doing this in Java without
doing a complete "stack walk" from myMethod2() (so, only one stack
inspection up should be sufficient)?

(In .NET this is implemented by something called LinkDemand where a complete
stack walk is avoided and only the immediate caller's activities are
inspected:
http://tinyurl.com/w6js). There has to be something like this in Java.

Kind regards

Abdullah

Reply to this Message

Michael Amling - 23 Nov 2003 20:04 GMT

> I have two classes from two different packages:
>
[quoted text clipped - 13 lines]
> doing a complete "stack walk" from myMethod2() (so, only one stack
> inspection up should be sufficient)?

If you have control of the source of Class1, not just Class2, you can
use serialization on a private object. Note: myMth2 accepts (recursive)
calls from any methods that it calls.

package pkg1;
import pkg2.Cls2;
public final class Cls1 {
private Object srlzr=new Object();
void myMth1(Cls2 whom) {
...
synchronized(srlzr) {
// Only pkg1.Cls1.myMth1 synchronizes on srlzr.
whom.myMth2(this, ...);
}
...
}
public void isItReallyYou() {
// Throws Exception if not synchronized on srlzr.
// If caller synchronized on srlzr, does nothing.
srlzr.notify();
}
}
--------------------
package pkg2;
import pkg1.Cls1;
public class Cls2 {
public void myMth2(Cls1 which, ...) {
// isItReallyYou throws an Exception unless myMth2
// was called from pkg1.Cls1.myMth1.
try {
which.isItReallyYou();
} catch (IllegalMonitorStateException m) {
throw SecurityException();
}
...
}
}

--Mike Amling

Reply to this Message

LinkDemand equivalent in Java?

Free Magazines