java保险机制与权限校验
java安全机制与权限校验
java 线程安全模型分析:
在你研究jdk源码包或者tomcat等开源框架源码时,是否经常遇到这样的代码:
java.security.AccessController.doPrivileged( new java.security.PrivilegedExceptionAction<Void>() { @Override public Void run() throws ServletException, IOException { internalDoFilter(req,res); return null; } } );
写道
final ServletRequest req = request;
final ServletResponse res = response;
Principal principal =
((HttpServletRequest) req).getUserPrincipal();
Object[] args = new Object[]{req, res, this};
SecurityUtil.doAsPrivilege
("doFilter", filter, classType, args, principal);
final ServletResponse res = response;
Principal principal =
((HttpServletRequest) req).getUserPrincipal();
Object[] args = new Object[]{req, res, this};
SecurityUtil.doAsPrivilege
("doFilter", filter, classType, args, principal);
迷惘吧,为什么要这么写,通过下面这篇文章,相信大家可以有个直观认识:
http://www.ibm.com/developerworks/cn/java/j-lo-rtsecurity/