< prev index next >

src/java.base/share/classes/java/net/NetPermission.java

Print this page 







  30 import java.util.Hashtable;
  31 import java.util.StringTokenizer;
  32 
  33 /**
  34  * This class is for various network permissions.
  35  * A NetPermission contains a name (also referred to as a "target name") but
  36  * no actions list; you either have the named permission
  37  * or you don't.
  38  * <P>
  39  * The target name is the name of the network permission (see below). The naming
  40  * convention follows the  hierarchical property naming convention.
  41  * Also, an asterisk
  42  * may appear at the end of the name, following a ".", or by itself, to
  43  * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard
  44  * match, while "*foo" and "a*b" do not.
  45  * <P>
  46  * The following table lists all the possible NetPermission target names,
  47  * and for each provides a description of what the permission allows
  48  * and a discussion of the risks of granting code the permission.
  49  *
  50  * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">


  51  * <tr>
  52  * <th>Permission Target Name</th>
  53  * <th>What the Permission Allows</th>
  54  * <th>Risks of Allowing this Permission</th>
  55  * </tr>


  56  * <tr>
  57  *   <td>allowHttpTrace</td>
  58  *   <td>The ability to use the HTTP TRACE method in HttpURLConnection.</td>
  59  *   <td>Malicious code using HTTP TRACE could get access to security sensitive
  60  *   information in the HTTP headers (such as cookies) that it might not
  61  *   otherwise have access to.</td>
  62  *   </tr>
  63  *
  64  * <tr>
  65  *   <td>getCookieHandler</td>
  66  *   <td>The ability to get the cookie handler that processes highly
  67  *   security sensitive cookie information for an Http session.</td>
  68  *   <td>Malicious code can get a cookie handler to obtain access to
  69  *   highly security sensitive cookie information. Some web servers
  70  *   use cookies to save user private information such as access
  71  *   control information, or to track user browsing habit.</td>
  72  *   </tr>
  73  *
  74  * <tr>
  75  *   <td>getNetworkInformation</td>


 134  * <tr>
 135  *   <td>setResponseCache</td>
 136  *   <td>The ability to set the response cache that provides access to
 137  *   a local response cache.</td>
 138  *   <td>Malicious code getting access to the local response cache
 139  *   could access security sensitive information, or create false
 140  *   entries in the response cache.</td>
 141  *   </tr>
 142  *
 143  * <tr>
 144  *   <td>specifyStreamHandler</td>
 145  *   <td>The ability
 146  *   to specify a stream handler when constructing a URL</td>
 147  *   <td>Malicious code may create a URL with resources that it would
 148  *   normally not have access to (like file:/foo/fum/), specifying a
 149  *   stream handler that gets the actual bytes from someplace it does
 150  *   have access to. Thus it might be able to trick the system into
 151  *   creating a ProtectionDomain/CodeSource for a class even though
 152  *   that class really didn't come from that location.</td>
 153  * </tr>

 154  * </table>
 155  *
 156  * @see java.security.BasicPermission
 157  * @see java.security.Permission
 158  * @see java.security.Permissions
 159  * @see java.security.PermissionCollection
 160  * @see java.lang.SecurityManager
 161  *
 162  *
 163  * @author Marianne Mueller
 164  * @author Roland Schemers
 165  */
 166 
 167 public final class NetPermission extends BasicPermission {
 168     private static final long serialVersionUID = -8343910153355041693L;
 169 
 170     /**
 171      * Creates a new NetPermission with the specified name.
 172      * The name is the symbolic name of the NetPermission, such as
 173      * "setDefaultAuthenticator", etc. An asterisk






  30 import java.util.Hashtable;
  31 import java.util.StringTokenizer;
  32 
  33 /**
  34  * This class is for various network permissions.
  35  * A NetPermission contains a name (also referred to as a "target name") but
  36  * no actions list; you either have the named permission
  37  * or you don't.
  38  * <P>
  39  * The target name is the name of the network permission (see below). The naming
  40  * convention follows the  hierarchical property naming convention.
  41  * Also, an asterisk
  42  * may appear at the end of the name, following a ".", or by itself, to
  43  * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard
  44  * match, while "*foo" and "a*b" do not.
  45  * <P>
  46  * The following table lists all the possible NetPermission target names,
  47  * and for each provides a description of what the permission allows
  48  * and a discussion of the risks of granting code the permission.
  49  *
  50  * <table class="altrows">
  51  * <caption style="display:none">Permission target name, what the permission allows, and associated risks</caption>
  52  * <thead>
  53  * <tr>
  54  * <th>Permission Target Name</th>
  55  * <th>What the Permission Allows</th>
  56  * <th>Risks of Allowing this Permission</th>
  57  * </tr>
  58  * </thead>
  59  * <tbody>
  60  * <tr>
  61  *   <td>allowHttpTrace</td>
  62  *   <td>The ability to use the HTTP TRACE method in HttpURLConnection.</td>
  63  *   <td>Malicious code using HTTP TRACE could get access to security sensitive
  64  *   information in the HTTP headers (such as cookies) that it might not
  65  *   otherwise have access to.</td>
  66  *   </tr>
  67  *
  68  * <tr>
  69  *   <td>getCookieHandler</td>
  70  *   <td>The ability to get the cookie handler that processes highly
  71  *   security sensitive cookie information for an Http session.</td>
  72  *   <td>Malicious code can get a cookie handler to obtain access to
  73  *   highly security sensitive cookie information. Some web servers
  74  *   use cookies to save user private information such as access
  75  *   control information, or to track user browsing habit.</td>
  76  *   </tr>
  77  *
  78  * <tr>
  79  *   <td>getNetworkInformation</td>


 138  * <tr>
 139  *   <td>setResponseCache</td>
 140  *   <td>The ability to set the response cache that provides access to
 141  *   a local response cache.</td>
 142  *   <td>Malicious code getting access to the local response cache
 143  *   could access security sensitive information, or create false
 144  *   entries in the response cache.</td>
 145  *   </tr>
 146  *
 147  * <tr>
 148  *   <td>specifyStreamHandler</td>
 149  *   <td>The ability
 150  *   to specify a stream handler when constructing a URL</td>
 151  *   <td>Malicious code may create a URL with resources that it would
 152  *   normally not have access to (like file:/foo/fum/), specifying a
 153  *   stream handler that gets the actual bytes from someplace it does
 154  *   have access to. Thus it might be able to trick the system into
 155  *   creating a ProtectionDomain/CodeSource for a class even though
 156  *   that class really didn't come from that location.</td>
 157  * </tr>
 158    </tbody>
 159  * </table>
 160  *
 161  * @see java.security.BasicPermission
 162  * @see java.security.Permission
 163  * @see java.security.Permissions
 164  * @see java.security.PermissionCollection
 165  * @see java.lang.SecurityManager
 166  *
 167  *
 168  * @author Marianne Mueller
 169  * @author Roland Schemers
 170  */
 171 
 172 public final class NetPermission extends BasicPermission {
 173     private static final long serialVersionUID = -8343910153355041693L;
 174 
 175     /**
 176      * Creates a new NetPermission with the specified name.
 177      * The name is the symbolic name of the NetPermission, such as
 178      * "setDefaultAuthenticator", etc. An asterisk







< prev index next >