Apple Developer Connection Student Program

home *** CD-ROM | disk | FTP | other *** search

/ Apple Developer Connection Student Program / ADC Tools Sampler CD Disk 3 1999.iso / Metrowerks CodeWarrior / Java Support / Java_Source / Java2 / src / java / io / SerializablePermission.java < prev next >

Wrap

Java Source | 1999-05-28 | 3.5 KB | 117 lines | [TEXT/CWIE]

/* * @(#)SerializablePermission.java 1.8 98/06/29 * * Copyright 1997, 1998 by Sun Microsystems, Inc., * 901 San Antonio Road, Palo Alto, California, 94303, U.S.A. * All rights reserved. * * This software is the confidential and proprietary information * of Sun Microsystems, Inc. ("Confidential Information"). You * shall not disclose such Confidential Information and shall use * it only in accordance with the terms of the license agreement * you entered into with Sun. */ package java.io; import java.security.*; import java.util.Enumeration; import java.util.Hashtable; import java.util.StringTokenizer; /** * This class is for Serializable permissions. A SerializablePermission * contains a name (also referred to as a "target name") but * no actions list; you either have the named permission * or you don't. * * <P> * The target name is the name of the Serializable permission (see below). * * <P> * The following table lists all the possible SerializablePermission target names, * and for each provides a description of what the permission allows * and a discussion of the risks of granting code the permission. * <P> * * <table border=1 cellpadding=5> * <tr> * <th>Permission Target Name</th> * <th>What the Permission Allows</th> * <th>Risks of Allowing this Permission</th> * </tr> * * <tr> * <td>enableSubclassImplementation</td> * <td>Subclass implementation of ObjectOutputStream or ObjectInputStream * to override the default serialization or deserialization, respectively, * of objects</td> * <td>Code can use this to serialize or * deserialize classes in a purposefully malfeasant manner. For example, * during serialization, malicious code can use this to * purposefully store confidential private field data in a way easily accessible * to attackers. Or, during deserializaiton it could, for example, deserialize * a class with all its private fields zeroed out.</td> * </tr> * * <tr> * <td>enableSubstitution</td> * <td>Substitution of one object for another during * serialization or deserialization</td> * <td>This is dangerous because malicious code * can replace the actual object with one which has incorrect or * malignant data.</td> * </tr> * * </table> * * @see java.security.BasicPermission * @see java.security.Permission * @see java.security.Permissions * @see java.security.PermissionCollection * @see java.lang.SecurityManager * * @version 1.2 * * @author Joe Fialli */ /* code was borrowed originally from java.lang.RuntimePermission. */ public final class SerializablePermission extends BasicPermission { /** * @serial */ private String actions; /** * Creates a new SerializablePermission with the specified name. * The name is the symbolic name of the SerializablePermission, such as * "enableSubstitution", etc. * * @param name the name of the SerializablePermission. */ public SerializablePermission(String name) { super(name); } /** * Creates a new SerializablePermission object with the specified name. * The name is the symbolic name of the SerializablePermission, and the * actions String is currently unused and should be null. This * constructor exists for use by the <code>Policy</code> object * to instantiate new Permission objects. * * @param name the name of the SerializablePermission. */ public SerializablePermission(String name, String actions) { super(name, actions); } }