KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > java > io > SerializablePermission


1 /*
2  * @(#)SerializablePermission.java 1.19 04/01/12
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */

7
8 package java.io;
9
10 import java.security.*;
11 import java.util.Enumeration JavaDoc;
12 import java.util.Hashtable JavaDoc;
13 import java.util.StringTokenizer JavaDoc;
14
15 /**
16  * This class is for Serializable permissions. A SerializablePermission
17  * contains a name (also referred to as a "target name") but
18  * no actions list; you either have the named permission
19  * or you don't.
20  *
21  * <P>
22  * The target name is the name of the Serializable permission (see below).
23  *
24  * <P>
25  * The following table lists all the possible SerializablePermission target names,
26  * and for each provides a description of what the permission allows
27  * and a discussion of the risks of granting code the permission.
28  * <P>
29  *
30  * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
31  * <tr>
32  * <th>Permission Target Name</th>
33  * <th>What the Permission Allows</th>
34  * <th>Risks of Allowing this Permission</th>
35  * </tr>
36  *
37  * <tr>
38  * <td>enableSubclassImplementation</td>
39  * <td>Subclass implementation of ObjectOutputStream or ObjectInputStream
40  * to override the default serialization or deserialization, respectively,
41  * of objects</td>
42  * <td>Code can use this to serialize or
43  * deserialize classes in a purposefully malfeasant manner. For example,
44  * during serialization, malicious code can use this to
45  * purposefully store confidential private field data in a way easily accessible
46  * to attackers. Or, during deserialization it could, for example, deserialize
47  * a class with all its private fields zeroed out.</td>
48  * </tr>
49  *
50  * <tr>
51  * <td>enableSubstitution</td>
52  * <td>Substitution of one object for another during
53  * serialization or deserialization</td>
54  * <td>This is dangerous because malicious code
55  * can replace the actual object with one which has incorrect or
56  * malignant data.</td>
57  * </tr>
58  *
59  * </table>
60  *
61  * @see java.security.BasicPermission
62  * @see java.security.Permission
63  * @see java.security.Permissions
64  * @see java.security.PermissionCollection
65  * @see java.lang.SecurityManager
66  *
67  * @version 1.19, 01/12/04
68  *
69  * @author Joe Fialli
70  * @since 1.2
71  */

72
73 /* code was borrowed originally from java.lang.RuntimePermission. */
74
75 public final class SerializablePermission extends BasicPermission {
76
77     /**
78      * @serial
79      */

80     private String JavaDoc actions;
81
82     /**
83      * Creates a new SerializablePermission with the specified name.
84      * The name is the symbolic name of the SerializablePermission, such as
85      * "enableSubstitution", etc.
86      *
87      * @param name the name of the SerializablePermission.
88      */

89
90
91     public SerializablePermission(String JavaDoc name)
92     {
93     super(name);
94     }
95
96     /**
97      * Creates a new SerializablePermission object with the specified name.
98      * The name is the symbolic name of the SerializablePermission, and the
99      * actions String is currently unused and should be null.
100      *
101      * @param name the name of the SerializablePermission.
102      * @param actions currently unused and must be set to null
103      */

104
105     public SerializablePermission(String JavaDoc name, String JavaDoc actions)
106     {
107     super(name, actions);
108     }
109 }
110
Popular Tags