27 28 import java.security.*; 29 30 /** 31 * This class is for various network permissions. 32 * An SSLPermission contains a name (also referred to as a "target name") but 33 * no actions list; you either have the named permission 34 * or you don't. 35 * <P> 36 * The target name is the name of the network permission (see below). The naming 37 * convention follows the hierarchical property naming convention. 38 * Also, an asterisk 39 * may appear at the end of the name, following a ".", or by itself, to 40 * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard 41 * match, while "*foo" and "a*b" do not. 42 * <P> 43 * The following table lists all the possible SSLPermission target names, 44 * and for each provides a description of what the permission allows 45 * and a discussion of the risks of granting code the permission. 46 * 47 * <table border=1 cellpadding=5 48 * summary="permission name, what it allows, and associated risks"> 49 * <tr> 50 * <th>Permission Target Name</th> 51 * <th>What the Permission Allows</th> 52 * <th>Risks of Allowing this Permission</th> 53 * </tr> 54 * 55 * <tr> 56 * <td>setHostnameVerifier</td> 57 * <td>The ability to set a callback which can decide whether to 58 * allow a mismatch between the host being connected to by 59 * an HttpsURLConnection and the common name field in 60 * server certificate. 61 * </td> 62 * <td>Malicious 63 * code can set a verifier that monitors host names visited by 64 * HttpsURLConnection requests or that allows server certificates 65 * with invalid common names. 66 * </td> 67 * </tr> 68 * 69 * <tr> 70 * <td>getSSLSessionContext</td> 71 * <td>The ability to get the SSLSessionContext of an SSLSession. 72 * </td> 73 * <td>Malicious code may monitor sessions which have been established 74 * with SSL peers or might invalidate sessions to slow down performance. 75 * </td> 76 * </tr> 77 * 78 * <tr> 79 * <td>setDefaultSSLContext</td> 80 * <td>The ability to set the default SSL context 81 * </td> 82 * <td>Malicious code can set a context that monitors the opening of 83 * connections or the plaintext data that is transmitted. 84 * </td> 85 * </tr> 86 * 87 * </table> 88 * 89 * @see java.security.BasicPermission 90 * @see java.security.Permission 91 * @see java.security.Permissions 92 * @see java.security.PermissionCollection 93 * @see java.lang.SecurityManager 94 * 95 * @since 1.4 96 * @author Marianne Mueller 97 * @author Roland Schemers 98 */ 99 100 public final class SSLPermission extends BasicPermission { 101 102 private static final long serialVersionUID = -3456898025505876775L; 103 104 /** 105 * Creates a new SSLPermission with the specified name. 106 * The name is the symbolic name of the SSLPermission, such as | 27 28 import java.security.*; 29 30 /** 31 * This class is for various network permissions. 32 * An SSLPermission contains a name (also referred to as a "target name") but 33 * no actions list; you either have the named permission 34 * or you don't. 35 * <P> 36 * The target name is the name of the network permission (see below). The naming 37 * convention follows the hierarchical property naming convention. 38 * Also, an asterisk 39 * may appear at the end of the name, following a ".", or by itself, to 40 * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard 41 * match, while "*foo" and "a*b" do not. 42 * <P> 43 * The following table lists all the possible SSLPermission target names, 44 * and for each provides a description of what the permission allows 45 * and a discussion of the risks of granting code the permission. 46 * 47 * <table class="striped"> 48 * <caption style="display:none">permission name, what it allows, and associated risks</caption> 49 * <thead> 50 * <tr> 51 * <th>Permission Target Name</th> 52 * <th>What the Permission Allows</th> 53 * <th>Risks of Allowing this Permission</th> 54 * </tr> 55 * </thead> 56 * 57 * <tbody> 58 * <tr> 59 * <td>setHostnameVerifier</td> 60 * <td>The ability to set a callback which can decide whether to 61 * allow a mismatch between the host being connected to by 62 * an HttpsURLConnection and the common name field in 63 * server certificate. 64 * </td> 65 * <td>Malicious 66 * code can set a verifier that monitors host names visited by 67 * HttpsURLConnection requests or that allows server certificates 68 * with invalid common names. 69 * </td> 70 * </tr> 71 * 72 * <tr> 73 * <td>getSSLSessionContext</td> 74 * <td>The ability to get the SSLSessionContext of an SSLSession. 75 * </td> 76 * <td>Malicious code may monitor sessions which have been established 77 * with SSL peers or might invalidate sessions to slow down performance. 78 * </td> 79 * </tr> 80 * 81 * <tr> 82 * <td>setDefaultSSLContext</td> 83 * <td>The ability to set the default SSL context 84 * </td> 85 * <td>Malicious code can set a context that monitors the opening of 86 * connections or the plaintext data that is transmitted. 87 * </td> 88 * </tr> 89 * 90 * </tbody> 91 * </table> 92 * 93 * @see java.security.BasicPermission 94 * @see java.security.Permission 95 * @see java.security.Permissions 96 * @see java.security.PermissionCollection 97 * @see java.lang.SecurityManager 98 * 99 * @since 1.4 100 * @author Marianne Mueller 101 * @author Roland Schemers 102 */ 103 104 public final class SSLPermission extends BasicPermission { 105 106 private static final long serialVersionUID = -3456898025505876775L; 107 108 /** 109 * Creates a new SSLPermission with the specified name. 110 * The name is the symbolic name of the SSLPermission, such as |