What I want to do is implement some basic security by checking not only what class has called a particular method, but also, which instance of that class.
I tried
StackTraceElement[] stackTraceElements = Thread.currentThread().getStackTrace();
but that obviously only gives me the class name. The problem with allowing/requiring the callers to send self, or personal IDs is that all the callers are required to have access to the details of all the others. Can anyone help?
EDIT: More information:
So we have a server which makes connections with several agents. The agents send packets of information which include the name they CLAIM to have. There is a special agent which decides whether or not people should be able to lie about this in each particular case.
The agents make connections to instances of an Agent class on the server, but there is also a possibility that some agents will run natively. The reason I’m interested in this approach is that I will need that technique later (extract the specific instance that called a given method)
I hope this is better, and sorry for not putting enough info before :/
This whole line of attack can’t possible secure anything. If users can control the code that runs, they can just run a codegen library and edit your code. If users can’t control the code, then this is all unnecessary.
If you can’t resist this urge, one approach is to wrap everything in Proxies that communicate the information you need.
By Proxy, I mean
java.lang.reflect.Proxy. That is, wrap every one of these objects in a proxy. The proxy’s job would be to store awaythison a stack of your own that the callees could consult.This is essentially AOP (aspect oriented programming) reinvented, so you might want to read about that. Look at the Spring framework.