PropertyPermissionpublic final class PropertyPermission extends BasicPermission | This class is for property permissions.
The name is the name of the property ("java.home",
"os.name", etc). The naming
convention follows the hierarchical property naming convention.
Also, an asterisk
may appear at the end of the name, following a ".", or by itself, to
signify a wildcard match. For example: "java.*" or "*" is valid,
"*java" or "a*b" is not valid.
The actions to be granted are passed to the constructor in a string containing
a list of zero or more comma-separated keywords. The possible keywords are
"read" and "write". Their meaning is defined as follows:
- read
- read permission. Allows
System.getProperty to
be called.
- write
- write permission. Allows
System.setProperty to
be called.
The actions string is converted to lowercase before processing.
Care should be taken before granting code permission to access
certain system properties. For example, granting permission to
access the "java.home" system property gives potentially malevolent
code sensitive information about the system environment (the Java
installation directory). Also, granting permission to access
the "user.name" and "user.home" system properties gives potentially
malevolent code sensitive information about the user environment
(the user's account name and home directory). |
| Fields Summary |
|---|
| private static final int | READRead action. | | private static final int | WRITEWrite action. | | private static final int | ALLAll actions (read,write); | | private static final int | NONENo actions. | | private transient int | maskThe actions mask. | | private String | actionsThe actions string. | | private static final long | serialVersionUID |
| Constructors Summary |
|---|
public PropertyPermission(String name, String actions)Creates a new PropertyPermission object with the specified name.
The name is the name of the system property, and
actions contains a comma-separated list of the
desired actions granted on the property. Possible actions are
"read" and "write".
super(name,actions);
init(getMask(actions));
|
| Methods Summary |
|---|
| public boolean | equals(java.lang.Object obj)Checks two PropertyPermission objects for equality. Checks that obj is
a PropertyPermission, and has the same name and actions as this object.
if (obj == this)
return true;
if (! (obj instanceof PropertyPermission))
return false;
PropertyPermission that = (PropertyPermission) obj;
return (this.mask == that.mask) &&
(this.getName().equals(that.getName()));
| | static java.lang.String | getActions(int mask)Return the canonical string representation of the actions.
Always returns present actions in the following order:
read, write.
StringBuilder sb = new StringBuilder();
boolean comma = false;
if ((mask & READ) == READ) {
comma = true;
sb.append("read");
}
if ((mask & WRITE) == WRITE) {
if (comma) sb.append(',");
else comma = true;
sb.append("write");
}
return sb.toString();
| | public java.lang.String | getActions()Returns the "canonical string representation" of the actions.
That is, this method always returns present actions in the following order:
read, write. For example, if this PropertyPermission object
allows both write and read actions, a call to getActions
will return the string "read,write".
if (actions == null)
actions = getActions(this.mask);
return actions;
| | private static int | getMask(java.lang.String actions)Converts an actions String to an actions mask.
int mask = NONE;
if (actions == null) {
return mask;
}
// Check against use of constants (used heavily within the JDK)
if (actions == SecurityConstants.PROPERTY_READ_ACTION) {
return READ;
} if (actions == SecurityConstants.PROPERTY_WRITE_ACTION) {
return WRITE;
} else if (actions == SecurityConstants.PROPERTY_RW_ACTION) {
return READ|WRITE;
}
char[] a = actions.toCharArray();
int i = a.length - 1;
if (i < 0)
return mask;
while (i != -1) {
char c;
// skip whitespace
while ((i!=-1) && ((c = a[i]) == ' " ||
c == '\r" ||
c == '\n" ||
c == '\f" ||
c == '\t"))
i--;
// check for the known strings
int matchlen;
if (i >= 3 && (a[i-3] == 'r" || a[i-3] == 'R") &&
(a[i-2] == 'e" || a[i-2] == 'E") &&
(a[i-1] == 'a" || a[i-1] == 'A") &&
(a[i] == 'd" || a[i] == 'D"))
{
matchlen = 4;
mask |= READ;
} else if (i >= 4 && (a[i-4] == 'w" || a[i-4] == 'W") &&
(a[i-3] == 'r" || a[i-3] == 'R") &&
(a[i-2] == 'i" || a[i-2] == 'I") &&
(a[i-1] == 't" || a[i-1] == 'T") &&
(a[i] == 'e" || a[i] == 'E"))
{
matchlen = 5;
mask |= WRITE;
} else {
// parse error
throw new IllegalArgumentException(
"invalid permission: " + actions);
}
// make sure we didn't just match the tail of a word
// like "ackbarfaccept". Also, skip to the comma.
boolean seencomma = false;
while (i >= matchlen && !seencomma) {
switch(a[i-matchlen]) {
case ',":
seencomma = true;
/*FALLTHROUGH*/
case ' ": case '\r": case '\n":
case '\f": case '\t":
break;
default:
throw new IllegalArgumentException(
"invalid permission: " + actions);
}
i--;
}
// point i at the location of the comma minus one (or -1).
i -= matchlen;
}
return mask;
| | int | getMask()Return the current action mask.
Used by the PropertyPermissionCollection
return mask;
| | public int | hashCode()Returns the hash code value for this object.
The hash code used is the hash code of this permissions name, that is,
getName().hashCode(), where getName is
from the Permission superclass.
return this.getName().hashCode();
| | public boolean | implies(java.security.Permission p)Checks if this PropertyPermission object "implies" the specified
permission.
More specifically, this method returns true if:
- p is an instanceof PropertyPermission,
- p's actions are a subset of this
object's actions, and
- p's name is implied by this object's
name. For example, "java.*" implies "java.home".
if (!(p instanceof PropertyPermission))
return false;
PropertyPermission that = (PropertyPermission) p;
// we get the effective mask. i.e., the "and" of this and that.
// They must be equal to that.mask for implies to return true.
return ((this.mask & that.mask) == that.mask) && super.implies(that);
| | private void | init(int mask)initialize a PropertyPermission object. Common to all constructors.
Also called during de-serialization. // Left null as long as possible, then
// created and re-used in the getAction function.
if ((mask & ALL) != mask)
throw new IllegalArgumentException("invalid actions mask");
if (mask == NONE)
throw new IllegalArgumentException("invalid actions mask");
if (getName() == null)
throw new NullPointerException("name can't be null");
this.mask = mask;
| | public java.security.PermissionCollection | newPermissionCollection()Returns a new PermissionCollection object for storing
PropertyPermission objects.
return new PropertyPermissionCollection();
| | private synchronized void | readObject(java.io.ObjectInputStream s)readObject is called to restore the state of the PropertyPermission from
a stream.
// Read in the action, then initialize the rest
s.defaultReadObject();
init(getMask(actions));
| | private synchronized void | writeObject(java.io.ObjectOutputStream s)WriteObject is called to save the state of the PropertyPermission
to a stream. The actions are serialized, and the superclass
takes care of the name.
// Write out the actions. The superclass takes care of the name
// call getActions to make sure actions field is initialized
if (actions == null)
getActions();
s.defaultWriteObject();
|
|
