...
| Code Block | ||
|---|---|---|
| ||
class SensitiveClass implements Cloneable {
protected SensitiveClass(String passwd) {
// perform security manager check
System.out.println("SensitiveClass construction done!");
}
protected void use(){
System.out.println("In method use()");
}
public SensitiveClass Clone() { // well-behaved clone() method
SensitiveClass s = null;
try {
s = (SensitiveClass)super.clone();
}catch(Exception e) { System.out.println("not cloneable"); }
return s;
}
}
class Foo {
protected void privileged() {
final SensitiveClass[] sc = new SensitiveClass[2];
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
sc[0] = new SensitiveClass("password"); // object creation with the password
sc[0].use(); //allowed
return null;
}
});
sc[1] = sc[0].Clone(); // object creation without the password
sc[01].use(); // this should not be allowed
}
public static void main(String[] args) {
Foo f = new Foo();
f.privileged();
}
}
|
...