appx.html
来自「java2高级编程」· HTML 代码 · 共 1,311 行 · 第 1/5 页
HTML
1,311 行
java.io.SerializablePermission</EM><A NAME="marker-1061620"></A><A NAME="marker-1061621"></A> grants access to serialization operations. The possible targets are listed by name with no action list. </P><PRE CLASS="CODE"><A NAME="pgfId-1061623"></A>grant { permission java.io.SerializablePermission "enableSubclassImplementation"; permission java.io.SerializablePermission "enableSubstitution";};</PRE><P CLASS="Body"><A NAME="pgfId-1061624"></A><EM CLASS="C-Code">enableSubclassImplementation</EM><EM CLASS="Bold">:</EM> This target grants permission to implement a subclass of <EM CLASS="CODE">ObjectOutputStream</EM> or <EM CLASS="CODE">ObjectInputStream</EM> to override the default serialization or deserialization of objects. Granting this permission could allow code to use this to serialize or deserialize classes in a malicious way. For example, during serialization, malicious code could store confidential private field data in a way easily accessible to attackers; or, during deserialization malicious code could deserialize a class with all its private fields zeroed out. </P><P CLASS="Body"><A NAME="pgfId-1061625"></A><EM CLASS="C-Code">enableSubstitution</EM><EM CLASS="Bold">:</EM> This target grants permission to substitute one object for another during serialization or deserialization. Granting this permission could allow malicious code to replace the actual object with one that has incorrect or malignant data. <EM CLASS="A"></EM><A NAME="SocketPermission"></A></P></DIV><DIV><H4 CLASS="A"><A NAME="pgfId-1061628"></A><A NAME="49582"></A>SocketPermission</H4><P CLASS="Body"><A NAME="pgfId-1061631"></A><A NAME="marker-1061629"></A><A NAME="marker-1061630"></A>The <EM CLASS="CODE">java.net.SocketPermission</EM> permission grants access to a network by way of sockets. The target is a host name and port address, and the action list specifies ways to connect to that host. Possible connections are <EM CLASS="CODE">accept</EM>, <EM CLASS="CODE">connect</EM>, <EM CLASS="CODE">listen</EM>, and <EM CLASS="CODE">resolve</EM>. </P><P CLASS="Body"><A NAME="pgfId-1061632"></A>This policy file entry allows a connection to and accepts connections on port <EM CLASS="CODE">7777</EM> on the host <EM CLASS="CODE">puffin.eng.sun.com</EM>. </P><PRE CLASS="CODE"><A NAME="pgfId-1061633"></A>grant { permission java.net.SocketPermission "puffin.eng.sun.com:7777","connect, accept";};</PRE><P CLASS="Body"><A NAME="pgfId-1061634"></A>This policy file entry allows connections to, accepts connections on, and listens on any port between <EM CLASS="CODE">1024</EM> and <EM CLASS="CODE">65535</EM> on the local host. </P><PRE CLASS="CODE"><A NAME="pgfId-1061635"></A>grant { permission java.net.SocketPermission "localhost:1024-","accept, connect, listen";};</PRE><P CLASS="Body"><A NAME="pgfId-1061636"></A>The host is expressed with the following syntax as a DNS name, as a numerical IP address, or as <EM CLASS="CODE">localhost</EM> (for the local machine). The asterisk (<EM CLASS="CODE">*</EM>) wild card can be included once in a DNS name host specification. If included, it must be in the leftmost position, as in <EM CLASS="CODE">*.sun.com</EM>. </P><PRE CLASS="CODE"><A NAME="pgfId-1061637"></A> host = (hostname | IPaddress)[:portrange] portrange = portnumber | -portnumber | portnumber-[portnumber]</PRE><P CLASS="Body"><A NAME="pgfId-1061638"></A>The port or port range is optional. A port specification of the form <EM CLASS="CODE">N-</EM>, where <EM CLASS="CODE">N</EM> is a port number, means all ports numbered <EM CLASS="CODE">N</EM> and above, while a specification of the form <EM CLASS="CODE">-N</EM> indicates all ports numbered <EM CLASS="CODE">N</EM> and below. </P><P CLASS="Body"><A NAME="pgfId-1061639"></A>The <EM CLASS="CODE">listen</EM> action is only meaningful when used with localhost, and the <EM CLASS="CODE">resolve</EM> (<EM CLASS="CODE">resolve host/ip</EM> name service lookups) action is implied when any of the other actions are present. </P><P CLASS="Body"><A NAME="pgfId-1061640"></A>Granting code permission to accept or make connections to remote hosts may be dangerous because malevolent code can more easily transfer and share confidential data among parties that might not otherwise have access to the data. </P><UL><P CLASS="NOTE"><A NAME="pgfId-1061641"></A>NOTE On Unix platforms, only root is normally allowed access to ports lower than 1024. </P></UL><P CLASS="CT"><A NAME="pgfId-1061644"></A>B</P><P CLASS="CT"><A NAME="pgfId-1063099"></A><A NAME="11871"></A>Classes, Methods, and Permissions</P><P CLASS="Body"><A NAME="pgfId-1061645"></A>A number of Java 2 Platform methods are implemented to verify access permissions. This means that before they execute, they verify that the <EM CLASS="A">system, user, or program</EM> has a policy file with the required permissions for execution to continue. If no such permission is found, execution stops with an error condition. </P><P CLASS="Body"><A NAME="pgfId-1061646"></A>The access verification code passes the required permissions to the <EM CLASS="A">security manager</EM>, and the security manager checks that permission against the policy file permissions to determine whether to allow access. This means that Java 2 Platform API methods are associated with specific permissions, and specific permissions are associated with specific <EM CLASS="CODE">java.security.SecurityManager</EM> methods. </P><P CLASS="Body"><A NAME="pgfId-1061650"></A><A NAME="marker-1061647"></A><A NAME="marker-1061648"></A><A NAME="marker-1061649"></A>This appendix lists the Java 2 Platform methods, the permission associated with each method, and the <EM CLASS="CODE">java.security.SecurityManager</EM> method called to verify the existence of that permission. You need this information when you implement certain abstract methods or create your own <EM CLASS="A">security manager</EM> so you can include access verification code to keep your implementations in line with Java 2 Platform security policy. If you do not include access verification code, your implementations will bypass the built-in Java 2 Platform security checks. </P></DIV><DIV><H4 CLASS="A"><A NAME="pgfId-1063078"></A>Covered in this Appendix</H4><UL><LI CLASS="BL"><A NAME="pgfId-1063082"></A><EM CLASS="CODE">java.awt.Graphics2D</EM> (page 17)</LI><LI CLASS="BL"><A NAME="pgfId-1063086"></A><EM CLASS="CODE">java.awt.Toolkit</EM> (page 17)</LI><LI CLASS="BL"><A NAME="pgfId-1061663"></A><EM CLASS="CODE">java.awt.Window</EM> (page 17)</LI><LI CLASS="BL"><A NAME="pgfId-1061667"></A><EM CLASS="CODE">java.beans.Beans</EM> (page 17)</LI><LI CLASS="BL"><A NAME="pgfId-1061671"></A><EM CLASS="CODE">java.beans.Introspector</EM> (page 17)</LI><LI CLASS="BL"><A NAME="pgfId-1061675"></A><EM CLASS="CODE">java.beans.PropertyEditorManager</EM> (page 18)</LI><LI CLASS="BL"><A NAME="pgfId-1061679"></A><EM CLASS="CODE">java.io.File</EM> (page 18)</LI><LI CLASS="BL"><A NAME="pgfId-1061683"></A><EM CLASS="CODE">java.io.FileInputStream</EM> (page 18)</LI><LI CLASS="BL"><A NAME="pgfId-1061687"></A><EM CLASS="CODE">java.io.FileOutputStream</EM> (page 19)</LI><LI CLASS="BL"><A NAME="pgfId-1061691"></A><EM CLASS="CODE">java.io.ObjectInputStream</EM> (page 19)</LI><LI CLASS="BL"><A NAME="pgfId-1061695"></A><EM CLASS="CODE">java.io.ObjectOutputStream</EM> (page 19)</LI><LI CLASS="BL"><A NAME="pgfId-1061699"></A><EM CLASS="CODE">java.io.RandomAccessFile</EM> (page 19)</LI><LI CLASS="BL"><A NAME="pgfId-1061703"></A><EM CLASS="CODE">java.lang.Class</EM> (page 19)</LI><LI CLASS="BL"><A NAME="pgfId-1061707"></A><EM CLASS="CODE">java.lang.ClassLoader</EM> (page 21)</LI><LI CLASS="BL"><A NAME="pgfId-1061711"></A><EM CLASS="CODE">java.lang.Runtime</EM> (page 21)</LI><LI CLASS="BL"><A NAME="pgfId-1061715"></A><EM CLASS="CODE">java.lang.SecurityManager</EM> (page 21)</LI><LI CLASS="BL"><A NAME="pgfId-1061719"></A><EM CLASS="CODE">java.lang.System </EM>(page 22)</LI><LI CLASS="BL"><A NAME="pgfId-1061723"></A><EM CLASS="CODE">java.lang.Thread</EM> (page 22)</LI><LI CLASS="BL"><A NAME="pgfId-1061727"></A><EM CLASS="CODE">java.lang.ThreadGroup</EM> (page 23)</LI><LI CLASS="BL"><A NAME="pgfId-1061731"></A><EM CLASS="CODE">java.lang.reflect.AccessibleObject</EM> (page 24)</LI><LI CLASS="BL"><A NAME="pgfId-1061735"></A><EM CLASS="CODE">java.net.Authenticator </EM>(page 24)</LI><LI CLASS="BL"><A NAME="pgfId-1061739"></A><EM CLASS="CODE">java.net.DatagramSocket</EM> (page 24)</LI><LI CLASS="BL"><A NAME="pgfId-1061743"></A><EM CLASS="CODE">java.net.HttpURLConnection</EM> (page 25)</LI><LI CLASS="BL"><A NAME="pgfId-1061747"></A><EM CLASS="CODE">java.net.InetAddress</EM> (page 25)</LI><LI CLASS="BL"><A NAME="pgfId-1061751"></A><EM CLASS="CODE">java.net.MulticastSocket</EM> (page 26)</LI><LI CLASS="BL"><A NAME="pgfId-1061755"></A><EM CLASS="CODE">java.net.ServerSocket</EM> (page 26)</LI><LI CLASS="BL"><A NAME="pgfId-1061759"></A><EM CLASS="CODE">java.net.Socket </EM>(page 27)</LI><LI CLASS="BL"><A NAME="pgfId-1061763"></A><EM CLASS="CODE">java.net.URL</EM> (page 27)</LI><LI CLASS="BL"><A NAME="pgfId-1061767"></A><EM CLASS="CODE">java.net.URLConnection</EM> (page 27)</LI><LI CLASS="BL"><A NAME="pgfId-1061771"></A><EM CLASS="CODE">java.net.URLClassLoader</EM> (page 27)</LI><LI CLASS="BL"><A NAME="pgfId-1061775"></A><EM CLASS="CODE">java.rmi.activation.ActivationGroup </EM>(page 27)</LI><LI CLASS="BL"><A NAME="pgfId-1061779"></A><EM CLASS="CODE">java.rmi.server.RMISocketFactory</EM> (page 28)</LI><LI CLASS="BL"><A NAME="pgfId-1061783"></A><EM CLASS="CODE">java.security.Identity</EM> (page 28)</LI><LI CLASS="BL"><A NAME="pgfId-1061787"></A><EM CLASS="CODE">java.security.IdentityScope</EM> (page 28)</LI><LI CLASS="BL"><A NAME="pgfId-1061791"></A><EM CLASS="CODE">java.security.Permission</EM> (page 28)</LI><LI CLASS="BL"><A NAME="pgfId-1061795"></A><EM CLASS="CODE">⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?