SerializablePermission


1   /*
2    * @(#)SerializablePermission.java  1.19 04/01/12
3    *
4    * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5    * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6    */
7   
8   package java.io;
9   
10  import java.security.*;
11  import java.util.Enumeration  ;
12  import java.util.Hashtable  ;
13  import java.util.StringTokenizer  ;
14  
15  /**
16   * This class is for Serializable permissions. A SerializablePermission
17   * contains a name (also referred to as a "target name") but
18   * no actions list; you either have the named permission
19   * or you don't.
20   *
21   * <P>
22   * The target name is the name of the Serializable permission (see below).
23   *
24   * <P>
25   * The following table lists all the possible SerializablePermission target names,
26   * and for each provides a description of what the permission allows
27   * and a discussion of the risks of granting code the permission.
28   * <P>
29   *
30   * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
31   * <tr>
32   * <th>Permission Target Name</th>
33   * <th>What the Permission Allows</th>
34   * <th>Risks of Allowing this Permission</th>
35   * </tr>
36   *
37   * <tr>
38   *   <td>enableSubclassImplementation</td>
39   *   <td>Subclass implementation of ObjectOutputStream or ObjectInputStream
40   * to override the default serialization or deserialization, respectively,
41   * of objects</td>
42   *   <td>Code can use this to serialize or
43   * deserialize classes in a purposefully malfeasant manner. For example,
44   * during serialization, malicious code can use this to
45   * purposefully store confidential private field data in a way easily accessible
46   * to attackers. Or, during deserialization it could, for example, deserialize
47   * a class with all its private fields zeroed out.</td>
48   * </tr>
49   *
50   * <tr>
51   *   <td>enableSubstitution</td>
52   *   <td>Substitution of one object for another during
53   * serialization or deserialization</td>
54   *   <td>This is dangerous because malicious code
55   * can replace the actual object with one which has incorrect or
56   * malignant data.</td>
57   * </tr>
58   *
59   * </table>
60   *
61   * @see java.security.BasicPermission
62   * @see java.security.Permission
63   * @see java.security.Permissions
64   * @see java.security.PermissionCollection
65   * @see java.lang.SecurityManager
66   *
67   * @version 1.19, 01/12/04
68   *
69   * @author Joe Fialli
70   * @since 1.2
71   */
72  
73  /* code was borrowed originally from java.lang.RuntimePermission. */
74  
75  public final class SerializablePermission extends BasicPermission {
76  
77      /**
78       * @serial
79       */
80      private String   actions;
81  
82      /**
83       * Creates a new SerializablePermission with the specified name.
84       * The name is the symbolic name of the SerializablePermission, such as
85       * "enableSubstitution", etc.
86       *
87       * @param name the name of the SerializablePermission.
88       */
89  
90  
91      public SerializablePermission(String   name)
92      {
93      super(name);
94      }
95  
96      /**
97       * Creates a new SerializablePermission object with the specified name.
98       * The name is the symbolic name of the SerializablePermission, and the
99       * actions String is currently unused and should be null.
100      *
101      * @param name the name of the SerializablePermission.
102      * @param actions currently unused and must be set to null
103      */
104 
105     public SerializablePermission(String   name, String   actions)
106     {
107     super(name, actions);
108     }
109 }
110
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags