Return to site

JAVA CERTIFICATION QUESTION: Using the SecurityManager class in Java

· java

Imagine you are creating an application that reads sensitive information in a cache.

Given:

public static String getSecret(String host) {
    Permission perm = getHostPermission(host); // line n1
  
    if (distributedCache.containsKey(host)) {           
        return distributedCache.get(host); 
    }
    
    AccessController.checkPermission(perm);     // line n2

    PermissionCollection perms = perm.newPermissionCollection();
    perms.add(perm);
    
    PrivilegedAction<String> pa = new PrivilegedAction<String>() {
        public String run() {
            return getSecretFromHost(host);
        }
    };

    AccessControlContext acc = new AccessControlContext(
        new ProtectionDomain[] { 
            new ProtectionDomain(null, perms) 
        }
    );

    String secret = AccessController.doPrivileged(pa, acc); // line n3

    distributedCache.put(host, secret);
    return secret;
}

Which step below will best protect the application? Choose one.

A. Move line n2 up to be placed right after line n1.

B. Remove line n2.

C. Replace line n3 with String secret = AccessController.doPrivileged(pa, null);.

D. Replace line n3 with String secret = AccessController.doPrivileged(pa);.

 

·Ɐ sᴉ ɹǝʍsuɐ ʇɔǝɹɹoɔ ǝɥꓕ