All Questions
Tagged with access-control java
74 questions
2
votes
2
answers
218
views
Protected and "package-private" visibility when inheriting from class in different package
I'm kind of new to visibility and want to really internilize these concepts.
I've learnt that "package-private", the default visibility in Java, allows us to see fields from classes in the ...
0
votes
1
answer
51
views
How to Restrict Access to Maven automation testing framework Project's Main Folder Contents?
I have a Maven automation testing BDD-Cucumber framework project where the main folder contains essential testing configurations and reusable components. I want to allow clients to use these ...
0
votes
0
answers
115
views
Can the mechanism of `java.security.AccessControlContext` be generalised to include any context information?
This question is derived from reading Hadoop credential management: In Hadoop 3.3+, function UserGroupInformation.doAs can introduce an "execution scope", that allows some context ...
- 3,754
0
votes
3
answers
7k
views
How to restrict access by particular user to bucket using bucket level policy in MinIO?
I am configuring MinIO as S3 compatible storage.
Based on https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html
I understood that I can limit access to the bucket using ...
- 37k
0
votes
1
answer
245
views
How does missing-attribute work in XACML?
I am doing an access control application using XACML and, specifically, the Balana implementation for the PDP.
In this application, specific types of user accounts can access only determinate ...
- 43
1
vote
2
answers
1k
views
Broken Access Control in Java
I am trying to update the following code example (Java) to prevent broken access control, I understand in theory about broken access control. But I am stuck on the excate code changes I need to make ...
- 111
2
votes
1
answer
389
views
Restrict access to a instance variable to only selected method in that class
I want to restrict or limit update to members palidromes and palidromesFIFO to only one method, say addPalindromeWord, and don't let any other methods to update it. Is there a way to do that?
Target ...
- 13.9k
0
votes
2
answers
809
views
Displaying levels of access for different types of accounts in a UML diagram
Pardon the title, it's a bit hard to properly explain what I need help with, but I'll give it a go.
I'm working on a Java project, an order management application. I've got several classes for the ...
- 1
3
votes
0
answers
466
views
How to restrict access to field setters of an object? Would achieving this with inheritance would be a bad choice? [closed]
I have some business data objects that are created by the underlying services (say the data repository). These objects are created step by step. i.e (Step one only finds the image object from google, ...
- 59
0
votes
1
answer
280
views
Unable to control Cross origin request even after specifying Access-Control-Allow-Origin header inside filter of Springboot application
I added the following filter code to my project -
package com.package;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
...
- 10.3k
0
votes
0
answers
1k
views
Cross Origin whitelisted IP is not applying even after defining using @CrossOrigin annotation on Springboot project
I followed https://spring.io/guides/gs/rest-service-cors/ and added a random IP like this, to one of my API end points -
@Produces(MediaType.APPLICATION_JSON)
@CrossOrigin(origins = "116.206.111....
- 10.3k
1
vote
3
answers
15k
views
Axios Request: Blocked by CORS Policy
In laravel 5.8, / "vue": "^2.5.17" / "axios": "^0.18", I need to read external data which are read from postman ok :
https://i.sstatic.net/Yhn2J.jpg
I try to read these data using axios and got error:...
- 3,013
1
vote
1
answer
611
views
Spring MVC default Authentication How to add a user / registration
When I include spring-boot-starter-security in my project, it automatically creates a new database Table "users" which leads me to believe that it would automatically authenticate against entries in ...
- 1,016
0
votes
0
answers
27
views
Enforce Ownership Hierarchy Java
Is it possible, for instance using annotations, to create a kind of 'hierarchy' of ownership of a class?
As an example, suppose there are three levels of objects in this "hierarchy", Level1, Level2, ...
- 2,463
-2
votes
1
answer
2k
views
No 'Access-Control-Allow-Origin' header Vue/Spring boot
I can't seem to figure out this error "No 'Access-Control-Allow-Origin' header".
I have a Vue frontend running on localhost:8080 and spring backend generating JWT tokens on locahost:8082
While ...
- 316
3
votes
1
answer
211
views
Access control across Spring-JavaFX server-client system
I have a system which uses server-client architecture. Just as the title says, the server is implemented using Spring which provides RESTful web services, while the client is implemented using JavaFX.
...
- 8,343
4
votes
1
answer
4k
views
Is it common practice to store access permissions in a database table?
Question
For role-based access to a RESTful API, is it common practice (and considered safe) to store access permissions in a database table? I'm talking about access permissions that would be used ...
- 1,663
0
votes
2
answers
124
views
how can i forbid a jar create new thread in java
I have create a simple plugin system that allows others upload their plugin's jar, and the plugin system will load it and execute some code in it.
the plugin system will get a subclass of Function<...
- 305
0
votes
1
answer
1k
views
unable to set 'Access-Control-Allow-Origin' header
I need to access my web api hosted remotely from my react app. On the server side i did below to allow cross domain communication:
import javax.ws.rs.core.Response;
import com.mypackage.ResponseDto;
...
- 515
0
votes
1
answer
513
views
Access Parent's method from child class in C#
I am trying to make an equivalent code in C# for a piece of code that I already have in Java. The Java code is as follows.
class Test
{
public static void main (String args[])
{
...
- 331
1
vote
0
answers
585
views
JMX role-based access control with custom authorization
I am new to JMX and am trying out JMX for remote monitoring and followed the oracle documentation on Monitoring and Management Using JMX Technology and am trying out the samples from the post ...
0
votes
2
answers
53
views
Is there a rule that states that complex access methods are evil? [closed]
Adding more functionality to access methods (getters/setters) than simply this.x = x; or return x; is usually considered bad style.
I am looking for a written source which I can reference in a ...
0
votes
0
answers
465
views
AOSP file access controll - Android with Java Security Manager
I would like to implement a file access control in the Android framework. It has to be global - for each app. So each file call (for example open an image) should be checked by this controller.
I ...
- 195
1
vote
1
answer
201
views
Retrieve ACL of specific file with Google Cloud Storage Client Library for Java
I currently have the following problem:
I would like to check the access control list of an object in my bucket on Google Cloud Storage from my App Engine App. I know I can set the ACL with the ...
- 4,781
2
votes
1
answer
1k
views
AccessControlException when invoking method using JAAS
I have built a client/server app with JAAS. The login seems to work OK, as logins are successful. It is when trying to grant permissions to specific methods that the AccessController starts casting ...
- 1,391
1
vote
1
answer
80
views
Why is my code modifying the wrong array?
This is my class with my methods
public class Matrix {
//this is the stored matrix given from another class
private double[][] stored;
//constructor
public Matrix(double[][] input){
...
0
votes
1
answer
63
views
What am I doing wrong with creating a java package and importing it (beginner)? [duplicate]
I'm learning Java from a book and am on the chapter about access control. The exercise asks me to create a class in a package and then create an instance of that class outside of the package.
All of ...
- 1
-1
votes
1
answer
69
views
Access control modifiers in local classes - why don't they work? [duplicate]
I have a local class declared in a method, whose fields are declared as being private. However, I am still able to access them directly from the body of the enclosing method - why is this?
As a side ...
- 518
0
votes
0
answers
60
views
Check Permissions throwing SecurityException even though I am able to write
public void checkPermissionUsingAccessController(String path)
{
try
{
AccessController.checkPermission(new FilePermission(path, "write"));
System.out....
- 1,367
1
vote
0
answers
95
views
Singleton pattern with current Thread type authority
I'm not interested in instantiating POJOs by passing parameters through constructors. Also my design is such that I only need one instance of every type. Instantiating more Objects from each type is ...
- 791
0
votes
1
answer
411
views
How can I access package-local fields of parent class in the same package but in different jar?
And I am trying to override CursorLoader's public Cursor loadInBackground() method, so I tried in my app:
package android.content;
public class DistinctCursorLoader extends CursorLoader {
@...
- 19.2k
1
vote
2
answers
2k
views
Extend class with default constructor in Java [duplicate]
I need to extend class A but it needs to override its constructor.
package com.example.io; // Package belongs to jar from maven dependency
public class A {
A(String s, Integer i) {
// ...
- 557
5
votes
3
answers
6k
views
Hibernate/Spring: Is There Row-Level Security?
I am not sure if I'm getting it right what Spring Security is capable of.
What my problem is, is that I want to prevent a logged in user to send arbitrary IDs to my server and therefore access data ...
- 25.2k
3
votes
1
answer
467
views
Why can I break out of a restricted AccessControlContext with AccessController.doPrivileged?
I'm figuring out how to run external code (from a different JAR) without permissions such that it doesn't harm my own system. I have it almost working, however I've come to find a strange situation ...
- 69.1k
6
votes
3
answers
134
views
Access control -- protected members from outside the package
i've got the class P4 in the default package (i know using the default package is bad practice, but merely "for example" for now):
import temp.P2;
public class P4 extends P2 {
public void ...
- 613
2
votes
1
answer
140
views
AccessControlException when check write folder permission
I would like to check write permission on folder. Folder may be user.home or something else. Whatever folder I put to the FilePermission, I catch this..
Some code:
public class Test {
public ...
- 107
-1
votes
1
answer
504
views
Why can I not instantiate LocationManager class? [closed]
I am trying to do some work with LocationManager class and saw that I cannot instantiate it.
It is not an abstract class and I was under the impression that only classes marked as abstract could not ...
- 765
1
vote
3
answers
119
views
Accessing a private variable in Java
I would like to access the instance variable total time from the code below:
public abstract class Controller{
protected int currentTime;
protected int totalTime;
protected Agent[][][] ...
- 135
0
votes
1
answer
71
views
AccessController Applets Issue
I have an applet and start some process on Windows from applet. When I start this process just from another code(test), this code works fine and process runs from rt.exec() to proc.destroy(). When I ...
- 745
0
votes
1
answer
445
views
Access Control List (ACL) for EJB
Is there any ACL solution for controlling Domain Object data access in JAAS controlled EJB ?
In Spring security ACL this aspect is implemented. An API needed for ACL the domain object with JavaEE, ...
- 4,586
6
votes
2
answers
19k
views
When would I use package-private in Java? [duplicate]
I love access control in any language, but I find that in Java I almost never (if ever) use the package-private access modifier (or lack thereof).
I realize that inner classes can be private, ...
- 5,986
0
votes
1
answer
227
views
How to do component specific access control / authorization with JAAS?
I like to develop "business" components independent from the application. So each component is a project of its own with pretty specific responsibilities, boundaries and dependencies.
Example: A ...
- 4,697
1
vote
2
answers
59
views
Directory which the user can't access?
Is there any directory on an Android device which the user will never reach?
I want to download a text file from my server, but the users shouldn't have access to it, because there are solutions, etc....
- 23
0
votes
1
answer
3k
views
Designing a java GUI program with user access control
I want to make an application in java that has a GUI and a database. I will be using MYSQL as the database and my recent experience with JavaFX has been quite pleasant so that's what I'll be using to ...
- 587
2
votes
0
answers
150
views
Difference between a ProtectionDomain and an AccessControlContext
Could someone explain what the difference is between a ProtectionDomain and an AccessControlContext?
I am reading JAAS in Action and from what I can see these two classes seem to be very similar. I ...
- 14.4k
1
vote
1
answer
2k
views
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "jna.boot.library.path" "read")
I am having some trouble running my signed web applet,
it runs fine within Eclipse, but as soon as I upload to the webpage, I get this error log:
Exception in thread "AWT-EventQueue-2" java.lang....
- 496
2
votes
2
answers
198
views
Controlling access to loading of a JAVA class at runtime
I have a requirement to restrict access to loading of a particular class of a JAVA application, at runtime. Just wondering whether this is possible using JAVA Security Manager with a security policy. ...
- 1,085
4
votes
2
answers
7k
views
Java Package level access
I know that class members with default access control can be accessible at package level but i'm confused about what does package level access actually mean. If default members can be accessed at ...
- 465
9
votes
4
answers
10k
views
XACML implementation
I am novice to XACML policies. Can you specify me how to implement XACML policies. I have tried different API's. But for my project I need to implement XACML evaluation engine. So, can you help me ...
- 131
3
votes
5
answers
6k
views
Are the private members of superClass inherited by a subClass... Java?
I have gone through this:
Do subclasses inherit private fields?
But I'm still confused...
I'm talking about inheriting only and not accessing. I know that they aren't visible out side class.
But ...
- 1,892