securitypermission.html

API資料大全

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN""http://www.w3.org/TR/REC-html40/frameset.dtd">
<!--NewPage-->
<HTML>
<HEAD>
<!-- Generated by javadoc on Thu Apr 27 23:36:03 PDT 2000 -->
<TITLE>
Java 2 Platform SE v1.3: Class  SecurityPermission
</TITLE>
<LINK REL ="stylesheet" TYPE="text/css" HREF="../../stylesheet.css" TITLE="Style">
</HEAD>
<BODY BGCOLOR="white">

<!-- ========== START OF NAVBAR ========== -->
<A NAME="navbar_top"><!-- --></A>
<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
<TR>
<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
<A NAME="navbar_top_firstrow"><!-- --></A>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
  <TR ALIGN="center" VALIGN="top">
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="class-use/SecurityPermission.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../index-files/index-1.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
  </TR>
</TABLE>
</TD>
<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
<b>Java<sup><font size=-2>TM</font></sup>&nbsp;2&nbsp;Platform<br>Std.&nbsp;Ed. v1.3</b></EM>
</TD>
</TR>

<TR>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
&nbsp;<A HREF="../../java/security/Security.html"><B>PREV CLASS</B></A>&nbsp;
&nbsp;<A HREF="../../java/security/Signature.html"><B>NEXT CLASS</B></A></FONT></TD>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
  <A HREF="../../index.html" TARGET="_top"><B>FRAMES</B></A>  &nbsp;
&nbsp;<A HREF="SecurityPermission.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
</TR>
<TR>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
  SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#methods_inherited_from_class_java.security.BasicPermission">METHOD</A></FONT></TD>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
</TR>
</TABLE>
<!-- =========== END OF NAVBAR =========== -->

<HR>
<!-- ======== START OF CLASS DATA ======== -->
<H2>
<FONT SIZE="-1">
java.security</FONT>
<BR>
Class  SecurityPermission</H2>
<PRE>
<A HREF="../../java/lang/Object.html">java.lang.Object</A>
  |
  +--<A HREF="../../java/security/Permission.html">java.security.Permission</A>
        |
        +--<A HREF="../../java/security/BasicPermission.html">java.security.BasicPermission</A>
              |
              +--<B>java.security.SecurityPermission</B>
</PRE>
<DL>
<DT><B>All Implemented Interfaces:</B> <DD><A HREF="../../java/security/Guard.html">Guard</A>, <A HREF="../../java/io/Serializable.html">Serializable</A></DD>
</DL>
<HR>
<DL>
<DT>public final class <B>SecurityPermission</B><DT>extends <A HREF="../../java/security/BasicPermission.html">BasicPermission</A></DL>

<P>
This class is for security permissions.
 A SecurityPermission contains a name (also referred to as a "target name")
 but no actions list; you either have the named permission
 or you don't.
 <P>
 The target name is the name of a security configuration parameter (see below).
 Currently the SecurityPermission object is used to guard access
 to the Policy, Security, Provider, Signer, and Identity
 objects.
 <P>
 The following table lists all the possible SecurityPermission target names,
 and for each provides a description of what the permission allows
 and a discussion of the risks of granting code the permission.
 <P>

 <table border=1 cellpadding=5>
 <tr>
 <th>Permission Target Name</th>
 <th>What the Permission Allows</th>
 <th>Risks of Allowing this Permission</th>
 </tr>

 <tr>
   <td>createAccessControlContext</td>
   <td>Creation of an AccessControlContext</td>
   <td>This allows someone to instantiate an AccessControlContext
 with a <code>DomainCombiner</code>.  Since DomainCombiners are given
 a reference to the ProtectionDomains currently on the stack,
 this could potentially lead to a privacy leak if the DomainCombiner
 is malicious.</td>
 </tr>

 <tr>
   <td>getDomainCombiner</td>
   <td>Retrieval of an AccessControlContext's DomainCombiner</td>
   <td>This allows someone to retrieve an AccessControlContext's
 <code>DomainCombiner</code>.  Since DomainCombiners may contain
 sensitive information, this could potentially lead to a privacy leak.</td>
 </tr>

 <tr>
   <td>getPolicy</td>
   <td>Retrieval of the system-wide security policy (specifically, of the
 currently-installed Policy object)</td>
   <td>This allows someone to query the policy via the
 <code>getPermissions</code> call,
 which discloses which permissions would be granted to a given CodeSource.
 While revealing the policy does not compromise the security of
 the system, it does provide malicious code with additional information
 which it may use to better aim an attack. It is wise
 not to divulge more information than necessary.</td>
 </tr>

 <tr>
   <td>setPolicy</td>
   <td>Setting of the system-wide security policy (specifically,
 the Policy object)</td>
   <td>Granting this permission is extremely dangerous, as malicious
 code may grant itself all the necessary permissions it needs
 to successfully mount an attack on the system.</td>
 </tr>

 <tr>
   <td>getProperty.{key}</td>
   <td>Retrieval of the security property with the specified key</td>
   <td>Depending on the particular key for which access has
 been granted, the code may have access to the list of security
 providers, as well as the location of the system-wide and user
 security policies.  while revealing this information does not
 compromise the security of the system, it does provide malicious
 code with additional information which it may use to better aim
 an attack.
</td>
 </tr>

 <tr>
   <td>setProperty.{key}</td>
   <td>Setting of the security property with the specified key</td>
   <td>This could include setting a security provider or defining
 the location of the the system-wide security policy.  Malicious
 code that has permission to set a new security provider may
 set a rogue provider that steals confidential information such
 as cryptographic private keys. In addition, malicious code with
 permission to set the location of the system-wide security policy
 may point it to a security policy that grants the attacker
 all the necessary permissions it requires to successfully mount
 an attack on the system.
</td>
 </tr>

 <tr>
   <td>insertProvider.{provider name}</td>
   <td>Addition of a new provider, with the specified name</td>
   <td>This would allow somebody to introduce a possibly
 malicious provider (e.g., one that discloses the private keys passed
 to it) as the highest-priority provider. This would be possible
 because the Security object (which manages the installed providers)
 currently does not check the integrity or authenticity of a provider
 before attaching it.</td>
 </tr>

 <tr>
   <td>removeProvider.{provider name}</td>
   <td>Removal of the specified provider</td>
   <td>This may change the behavior or disable execution of other
 parts of the program. If a provider subsequently requested by the
 program has been removed, execution may fail. Also, if the removed
 provider is not explicitly requested by the rest of the program, but
 it would normally be the provider chosen when a cryptography service
 is requested (due to its previous order in the list of providers),
 a different provider will be chosen instead, or no suitable provider
 will be found, thereby resulting in program failure.</td>
 </tr>

 <tr>
   <td>setSystemScope</td>
   <td>Setting of the system identity scope</td>
   <td>This would allow an attacker to configure the system identity scope with
 certificates that should not be trusted, thereby granting applet or
 application code signed with those certificates privileges that
 would have been denied by the system's original identity scope</td>
 </tr>

 <tr>
   <td>setIdentityPublicKey</td>
   <td>Setting of the public key for an Identity</td>
   <td>If the identity is marked as "trusted", this allows an attacker to
 introduce a different public key (e.g., its own) that is not trusted
 by the system's identity scope, thereby granting applet or
 application code signed with that public key privileges that
 would have been denied otherwise.</td>
 </tr>

 <tr>
   <td>setIdentityInfo</td>
   <td>Setting of a general information string for an Identity</td>
   <td>This allows attackers to set the general description for
 an identity.  This may trick applications into using a different
 identity than intended or may prevent applications from finding a
 particular identity.</td>
 </tr>

 <tr>
   <td>addIdentityCertificate</td>
   <td>Addition of a certificate for an Identity</td>
   <td>This allows attackers to set a certificate for
 an identity's public key.  This is dangerous because it affects
 the trust relationship across the system. This public key suddenly
 becomes trusted to a wider audience than it otherwise would be.</td>
 </tr>

 <tr>
   <td>removeIdentityCertificate</td>
   <td>Removal of a certificate for an Identity</td>
   <td>This allows attackers to remove a certificate for
 an identity's public key. This is dangerous because it affects