Trail: Security Features in Java SE
Lesson: Implementing Your Own Permission
The HighScore Class
Home Page > Security Features in Java SE > Implementing Your Own Permission
The HighScore Class
The HighScore class stores and protects access to the user's high score for TerrysGame (and any other games that call it). For simplicity, this class saves the high score value into a file, called .highscore, in the user's home directory. However, before allowing TerrysGame to retrieve or update the user's high score value, this class checks to make sure that the user has granted TerrysGame permission to access the high score in his/her security policy file.

Checking that TerrysGame has the HighScorePermission

To check whether or not TerrysGame has permission to access the user's high score, the HighScore class must:
  1. Call System.getSecurityManager() to get the currently installed security manager.

  2. If the result is not null (i.e., there is a security manager, as opposed to the caller being an application that is unrestricted), then

    1. Construct a HighScorePermission object, and

    2. Call the security manager's checkPermission method, and pass it the newly constructed HighScorePermission object.
Here is the code:
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
    sm.checkPermission(new HighScorePermission(gameName));
}
The checkPermission method essentially asks the security manager if TerrysGame has the specified HighScorePermission. In other words, it asks the security manager if TerrysGame has permission to update the user's high score value for the specified game (TerrysGame). The underlying security framework will consult the user's security policy to see if TerrysGame indeed has this permission.

The HighScore Code

Here is the complete source code for the HighScore class.

Note: The doPrivileged method calls are used to enable HighScore to temporarily access resources that are available to it but that are not available to the code that calls it (TerrysGame). For example, it is expected that the policy file will grant HighScore permission to access the .highscore file in the user's home directory, but it will not grant this permission to games, such as TerrysGame.

Previous page: TerrysGame
Next page: The HighScorePermission Class