30 import java.util.Hashtable;
31 import java.util.StringTokenizer;
32
33 /**
34 * This class is for various network permissions.
35 * A NetPermission contains a name (also referred to as a "target name") but
36 * no actions list; you either have the named permission
37 * or you don't.
38 * <P>
39 * The target name is the name of the network permission (see below). The naming
40 * convention follows the hierarchical property naming convention.
41 * Also, an asterisk
42 * may appear at the end of the name, following a ".", or by itself, to
43 * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard
44 * match, while "*foo" and "a*b" do not.
45 * <P>
46 * The following table lists all the possible NetPermission target names,
47 * and for each provides a description of what the permission allows
48 * and a discussion of the risks of granting code the permission.
49 *
50 * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
51 * <tr>
52 * <th>Permission Target Name</th>
53 * <th>What the Permission Allows</th>
54 * <th>Risks of Allowing this Permission</th>
55 * </tr>
56 * <tr>
57 * <td>allowHttpTrace</td>
58 * <td>The ability to use the HTTP TRACE method in HttpURLConnection.</td>
59 * <td>Malicious code using HTTP TRACE could get access to security sensitive
60 * information in the HTTP headers (such as cookies) that it might not
61 * otherwise have access to.</td>
62 * </tr>
63 *
64 * <tr>
65 * <td>getCookieHandler</td>
66 * <td>The ability to get the cookie handler that processes highly
67 * security sensitive cookie information for an Http session.</td>
68 * <td>Malicious code can get a cookie handler to obtain access to
69 * highly security sensitive cookie information. Some web servers
70 * use cookies to save user private information such as access
71 * control information, or to track user browsing habit.</td>
72 * </tr>
73 *
74 * <tr>
75 * <td>getNetworkInformation</td>
134 * <tr>
135 * <td>setResponseCache</td>
136 * <td>The ability to set the response cache that provides access to
137 * a local response cache.</td>
138 * <td>Malicious code getting access to the local response cache
139 * could access security sensitive information, or create false
140 * entries in the response cache.</td>
141 * </tr>
142 *
143 * <tr>
144 * <td>specifyStreamHandler</td>
145 * <td>The ability
146 * to specify a stream handler when constructing a URL</td>
147 * <td>Malicious code may create a URL with resources that it would
148 * normally not have access to (like file:/foo/fum/), specifying a
149 * stream handler that gets the actual bytes from someplace it does
150 * have access to. Thus it might be able to trick the system into
151 * creating a ProtectionDomain/CodeSource for a class even though
152 * that class really didn't come from that location.</td>
153 * </tr>
154 * </table>
155 *
156 * @see java.security.BasicPermission
157 * @see java.security.Permission
158 * @see java.security.Permissions
159 * @see java.security.PermissionCollection
160 * @see java.lang.SecurityManager
161 *
162 *
163 * @author Marianne Mueller
164 * @author Roland Schemers
165 */
166
167 public final class NetPermission extends BasicPermission {
168 private static final long serialVersionUID = -8343910153355041693L;
169
170 /**
171 * Creates a new NetPermission with the specified name.
172 * The name is the symbolic name of the NetPermission, such as
173 * "setDefaultAuthenticator", etc. An asterisk
|
30 import java.util.Hashtable;
31 import java.util.StringTokenizer;
32
33 /**
34 * This class is for various network permissions.
35 * A NetPermission contains a name (also referred to as a "target name") but
36 * no actions list; you either have the named permission
37 * or you don't.
38 * <P>
39 * The target name is the name of the network permission (see below). The naming
40 * convention follows the hierarchical property naming convention.
41 * Also, an asterisk
42 * may appear at the end of the name, following a ".", or by itself, to
43 * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard
44 * match, while "*foo" and "a*b" do not.
45 * <P>
46 * The following table lists all the possible NetPermission target names,
47 * and for each provides a description of what the permission allows
48 * and a discussion of the risks of granting code the permission.
49 *
50 * <table class="altrows">
51 * <caption style="display:none">Permission target name, what the permission allows, and associated risks</caption>
52 * <thead>
53 * <tr>
54 * <th>Permission Target Name</th>
55 * <th>What the Permission Allows</th>
56 * <th>Risks of Allowing this Permission</th>
57 * </tr>
58 * </thead>
59 * <tbody>
60 * <tr>
61 * <td>allowHttpTrace</td>
62 * <td>The ability to use the HTTP TRACE method in HttpURLConnection.</td>
63 * <td>Malicious code using HTTP TRACE could get access to security sensitive
64 * information in the HTTP headers (such as cookies) that it might not
65 * otherwise have access to.</td>
66 * </tr>
67 *
68 * <tr>
69 * <td>getCookieHandler</td>
70 * <td>The ability to get the cookie handler that processes highly
71 * security sensitive cookie information for an Http session.</td>
72 * <td>Malicious code can get a cookie handler to obtain access to
73 * highly security sensitive cookie information. Some web servers
74 * use cookies to save user private information such as access
75 * control information, or to track user browsing habit.</td>
76 * </tr>
77 *
78 * <tr>
79 * <td>getNetworkInformation</td>
138 * <tr>
139 * <td>setResponseCache</td>
140 * <td>The ability to set the response cache that provides access to
141 * a local response cache.</td>
142 * <td>Malicious code getting access to the local response cache
143 * could access security sensitive information, or create false
144 * entries in the response cache.</td>
145 * </tr>
146 *
147 * <tr>
148 * <td>specifyStreamHandler</td>
149 * <td>The ability
150 * to specify a stream handler when constructing a URL</td>
151 * <td>Malicious code may create a URL with resources that it would
152 * normally not have access to (like file:/foo/fum/), specifying a
153 * stream handler that gets the actual bytes from someplace it does
154 * have access to. Thus it might be able to trick the system into
155 * creating a ProtectionDomain/CodeSource for a class even though
156 * that class really didn't come from that location.</td>
157 * </tr>
158 </tbody>
159 * </table>
160 *
161 * @see java.security.BasicPermission
162 * @see java.security.Permission
163 * @see java.security.Permissions
164 * @see java.security.PermissionCollection
165 * @see java.lang.SecurityManager
166 *
167 *
168 * @author Marianne Mueller
169 * @author Roland Schemers
170 */
171
172 public final class NetPermission extends BasicPermission {
173 private static final long serialVersionUID = -8343910153355041693L;
174
175 /**
176 * Creates a new NetPermission with the specified name.
177 * The name is the symbolic name of the NetPermission, such as
178 * "setDefaultAuthenticator", etc. An asterisk
|