However, it is typically necessary to selectively allow privileged
operations to be performed on behalf of unprivileged code. The
access controller provides a standard
method named
doPrivileged()
that allows exactly this. The details of how this works are
given in the
JRE documentation.
Informally, extending the example above, if
C.m were to wrap the privileged
operation
O in a call to
doPrivileged(), then
D (or indeed any other class) could
call
C.m and have the privileged
operation successfully performed on their behalf. However, if
D tried to perform
a privileged operation by itself, even if it wrapped the operation
in a call to
doPrivileged(),
the operation would fail with a
SecurityException. Intuitively,
the
doPrivileged() call can be
thought of as being able to temporarily grant one's own privileges
to peers, but cannot be used to raise one's own level of privilege.