java.security

Class SecurityPermission

Implemented Interfaces:
Guard, Serializable

public final class SecurityPermission
extends BasicPermission

This class provides a mechanism for specified named permissions related to the Java security framework. These permissions have no associated actions list. They are either granted or not granted.

The list of valid permission names is:

Permission NamePermission AllowsRisks
createAccessControlContext Allows creation of an AccessControlContext The new control context can have a rogue DomainCombiner, leading to a privacy leak
getDomainCombiner Get a DomainCombiner from an AccessControlContext Access to a DomainCombiner can lead to a privacy leak
getPolicy Allows retrieval of the system security policy Malicious code can use information from the policy to better plan an attack
setPolicy Allows the security policy to be changed Malicious code can give itself any permission it wants
getProperty.key Retrieve the property specified by the key Malicious code can use information from the property to better plan an attack
setProperty.key Allows changing of the value of all properties implied by key Malicious code can insert rogue classes to steal keys or recreate the security policy with whatever permissions it desires
insertProvider.key Allows the named provider to be added Malicious code can insert rogue providers that steal data
removeProvider.key Allows the named provider to be removed A missing provider can cripple code that relies on it
setSystemScope Allows the system identity scope to be set Malicious code can add certificates not available in the original identity scope, to gain more permissions
setIdentityPublicKey Allows the public key of an Identity to be set Malicious code can install its own key to gain permissions not allowed by the original identity scope
SetIdentityInfo Allows the description of an Identity to be set Malicious code can spoof users into trusting a fake identity
addIdentityCertificate Allows a certificate to be set for the public key of an identity The public key can become trusted to a wider audience than originally intended
removeIdentityCertificate Allows removal of a certificate from an identity's public key The public key can become less trusted than it should be
printIdentity View the name of the identity and scope, and whether they are trusted The scope may include a filename, which provides an entry point for further security breaches
clearProviderProperties.key Allows the properties of the named provider to be cleared This can disable parts of the program which depend on finding the provider
putProviderProperty.key Allows the properties of the named provider to be changed Malicious code can replace the implementation of a provider
removeProviderProperty.key Allows the properties of the named provider to be deleted This can disable parts of the program which depend on finding the provider
getSignerPrivateKey Allows the retrieval of the private key for a signer Anyone that can access the private key can claim to be the Signer
setSignerKeyPair Allows the public and private key of a Signer to be changed The replacement might be a weaker encryption, or the attacker can use knowledge of the replaced key to decrypt an entire communication session

There is some degree of security risk in granting any of these permissions. Some of them can completely compromise system security. Please exercise extreme caution in granting these permissions.

Since:
1.1

See Also:
Permission, SecurityManager, Serialized Form

Constructor Summary

SecurityPermission(String name)
Create a new instance with the specified name.
SecurityPermission(String name, String actions)
Create a new instance with the specified name.

Method Summary

Methods inherited from class java.security.BasicPermission

equals, getActions, hashCode, implies, newPermissionCollection

Methods inherited from class java.security.Permission

checkGuard, equals, getActions, getName, hashCode, implies, newPermissionCollection, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityPermission

public SecurityPermission(String name)
Create a new instance with the specified name.

Parameters:
name - the name to assign to this permission


SecurityPermission

public SecurityPermission(String name,
                          String actions)
Create a new instance with the specified name. As SecurityPermission carries no actions, the second parameter is ignored.

Parameters:
name - the name to assign to this permission
actions - ignored


SecurityPermission.java -- Class for named security permissions Copyright (C) 1998, 2002 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.