java保险机制与权限校验
java安全机制与权限校验
java 线程安全模型分析:
在你研究jdk源码包或者tomcat等开源框架源码时,是否经常遇到这样的代码:
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction<Void>() {
@Override
public Void run()
throws ServletException, IOException {
internalDoFilter(req,res);
return null;
}
}
);
写道
final ServletRequest req = request;
final ServletResponse res = response;
Principal principal =
((HttpServletRequest) req).getUserPrincipal();
Object[] args = new Object[]{req, res, this};
SecurityUtil.doAsPrivilege
("doFilter", filter, classType, args, principal);
final ServletResponse res = response;
Principal principal =
((HttpServletRequest) req).getUserPrincipal();
Object[] args = new Object[]{req, res, this};
SecurityUtil.doAsPrivilege
("doFilter", filter, classType, args, principal);
迷惘吧,为什么要这么写,通过下面这篇文章,相信大家可以有个直观认识:
http://www.ibm.com/developerworks/cn/java/j-lo-rtsecurity/