Security Manager vs Access Controller

The access controller has been introduced in the Java 2 platform. Before the access controller existed, the security manager had to rely on its internal logic to determine the security policy needed to be in effect, and any change in the security policy meant changing the security manager itself.

Prior to Java 2, implementing customized security policies was possible with the security manager alone, but it took a great deal of effort. Starting with Java 2, the security manager can defer access control decisions to the access controller. Determining security policies is much more flexible now since the policy to be enforced by the security manager can be specified in a file. The access controller provides a simple procedure for giving specific permissions to specific code. The Java API still calls the methods of the security manager to enforce system security, but most of these methods call the access controller.

One of the reasons we still have both the security manager and the access controller is for backward compatibility. The security manager was the primary interface to the system security for Java programs prior to Java 2. The large body of Java programs built upon JDK 1.0 and 1.1 dictates that the security manager not be changed but supplemented by the access controller, which provides a simple method for implementing fine-grained access control.

Another role played by the access controller is allowing a program to determine that access to a resource must require explicit permissions. For instance, consider an online attendance marking system where each employee has to update his attendance record every day in the company’s attendance database. Here, each employee should have access only to his records and not to records of others. While global access to the database might be controlled by the security manager (for instance if it is necessary to open a socket connection to access the database), access to a particular record is controlled by the access controller. Thus, a program can quite simply use the same security framework to specify access to general resources of the operating system as well as any specific resources of the program.