< prev index next >

src/java.xml.bind/share/classes/javax/xml/bind/JAXBPermission.java

Print this page 







  23  * questions.
  24  */
  25 
  26 package javax.xml.bind;
  27 
  28 import java.security.BasicPermission;
  29 
  30 /**
  31  * This class is for JAXB permissions. A {@code JAXBPermission}
  32  * contains a name (also referred to as a "target name") but
  33  * no actions list; you either have the named permission
  34  * or you don't.
  35  *
  36  * <P>
  37  * The target name is the name of the JAXB permission (see below).
  38  *
  39  * <P>
  40  * The following table lists all the possible {@code JAXBPermission} target names,
  41  * and for each provides a description of what the permission allows
  42  * and a discussion of the risks of granting code the permission.
  43  * <P>
  44  *
  45  * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
  46  * <tr>
  47  * <th>Permission Target Name</th>
  48  * <th>What the Permission Allows</th>
  49  * <th>Risks of Allowing this Permission</th>
  50  * </tr>
  51  *
  52  * <tr>
  53  *   <td>setDatatypeConverter</td>
  54  *   <td>
  55  *     Allows the code to set VM-wide {@link DatatypeConverterInterface}
  56  *     via {@link DatatypeConverter#setDatatypeConverter(DatatypeConverterInterface) the setDatatypeConverter method}
  57  *     that all the methods on {@link DatatypeConverter} uses.
  58  *   </td>
  59  *   <td>
  60  *     Malicious code can set {@link DatatypeConverterInterface}, which has
  61  *     VM-wide singleton semantics,  before a genuine JAXB implementation sets one.
  62  *     This allows malicious code to gain access to objects that it may otherwise
  63  *     not have access to, such as {@link java.awt.Frame#getFrames()} that belongs to






  23  * questions.
  24  */
  25 
  26 package javax.xml.bind;
  27 
  28 import java.security.BasicPermission;
  29 
  30 /**
  31  * This class is for JAXB permissions. A {@code JAXBPermission}
  32  * contains a name (also referred to as a "target name") but
  33  * no actions list; you either have the named permission
  34  * or you don't.
  35  *
  36  * <P>
  37  * The target name is the name of the JAXB permission (see below).
  38  *
  39  * <P>
  40  * The following table lists all the possible {@code JAXBPermission} target names,
  41  * and for each provides a description of what the permission allows
  42  * and a discussion of the risks of granting code the permission.

  43  *
  44  * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
  45  * <tr>
  46  * <th>Permission Target Name</th>
  47  * <th>What the Permission Allows</th>
  48  * <th>Risks of Allowing this Permission</th>
  49  * </tr>
  50  *
  51  * <tr>
  52  *   <td>setDatatypeConverter</td>
  53  *   <td>
  54  *     Allows the code to set VM-wide {@link DatatypeConverterInterface}
  55  *     via {@link DatatypeConverter#setDatatypeConverter(DatatypeConverterInterface) the setDatatypeConverter method}
  56  *     that all the methods on {@link DatatypeConverter} uses.
  57  *   </td>
  58  *   <td>
  59  *     Malicious code can set {@link DatatypeConverterInterface}, which has
  60  *     VM-wide singleton semantics,  before a genuine JAXB implementation sets one.
  61  *     This allows malicious code to gain access to objects that it may otherwise
  62  *     not have access to, such as {@link java.awt.Frame#getFrames()} that belongs to







< prev index next >