1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
/* * @(#)SerializablePermission.java 1.23 06/04/21 * * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package java.io; import java.security.*; import java.util.Enumeration; import java.util.Hashtable; import java.util.StringTokenizer; /** * This class is for Serializable permissions. A SerializablePermission * contains a name (also referred to as a "target name") but * no actions list; you either have the named permission * or you don't. * * <P> * The target name is the name of the Serializable permission (see below). * * <P> * The following table lists all the possible SerializablePermission target names, * and for each provides a description of what the permission allows * and a discussion of the risks of granting code the permission. * <P> * * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks"> * <tr> * <th>Permission Target Name</th> * <th>What the Permission Allows</th> * <th>Risks of Allowing this Permission</th> * </tr> * * <tr> * <td>enableSubclassImplementation</td> * <td>Subclass implementation of ObjectOutputStream or ObjectInputStream * to override the default serialization or deserialization, respectively, * of objects</td> * <td>Code can use this to serialize or * deserialize classes in a purposefully malfeasant manner. For example, * during serialization, malicious code can use this to * purposefully store confidential private field data in a way easily accessible * to attackers. Or, during deserialization it could, for example, deserialize * a class with all its private fields zeroed out.</td> * </tr> * * <tr> * <td>enableSubstitution</td> * <td>Substitution of one object for another during * serialization or deserialization</td> * <td>This is dangerous because malicious code * can replace the actual object with one which has incorrect or * malignant data.</td> * </tr> * * </table> * * @see java.security.BasicPermission * @see java.security.Permission * @see java.security.Permissions * @see java.security.PermissionCollection * @see java.lang.SecurityManager * * @version 1.23, 04/21/06 * * @author Joe Fialli * @since 1.2 */ /* code was borrowed originally from java.lang.RuntimePermission. */ public final class SerializablePermission extends BasicPermission { private static final long serialVersionUID = 8537212141160296410L; /** * @serial */ private String actions; /** * Creates a new SerializablePermission with the specified name. * The name is the symbolic name of the SerializablePermission, such as * "enableSubstitution", etc. * * @param name the name of the SerializablePermission. * * @throws NullPointerException if <code>name</code> is <code>null</code>. * @throws IllegalArgumentException if <code>name</code> is empty. */ public SerializablePermission(String name) { super(name); } /** * Creates a new SerializablePermission object with the specified name. * The name is the symbolic name of the SerializablePermission, and the * actions String is currently unused and should be null. * * @param name the name of the SerializablePermission. * @param actions currently unused and must be set to null * * @throws NullPointerException if <code>name</code> is <code>null</code>. * @throws IllegalArgumentException if <code>name</code> is empty. */ public SerializablePermission(String name, String actions) { super(name, actions); } }