| wt.security |
The wt.security package gets jarred into wt/security/security.jar, which
is signed so that this package may be used within a security manager,
namely the Applet sandbox, to perform operations which are not typically
allowed to non-signed code. Each of the
Access subclasses
wrap a java.XXX api to give applets access to these operations. Use the
getXXXAccess factory method to retrieve an Access instance to perform
these calls. For example, FileAccess.getFileInputStream()
wraps java.io.FileInputStream to give applets the ability to read files
on the local system. Additional prompts are displayed to the user for
each of these types of operations (the grant/deny dialog you see when
trying to upload/download content) per codebase, so that a "rogue"
system can not get a copy of the security.jar and perform
out-of-the-sandbox operations silently. |