Home » openjdk-7 » java » net » [javadoc | source]

    1   /*
    2    * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
    3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
    4    *
    5    * This code is free software; you can redistribute it and/or modify it
    6    * under the terms of the GNU General Public License version 2 only, as
    7    * published by the Free Software Foundation.  Oracle designates this
    8    * particular file as subject to the "Classpath" exception as provided
    9    * by Oracle in the LICENSE file that accompanied this code.
   10    *
   11    * This code is distributed in the hope that it will be useful, but WITHOUT
   12    * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
   13    * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   14    * version 2 for more details (a copy is included in the LICENSE file that
   15    * accompanied this code).
   16    *
   17    * You should have received a copy of the GNU General Public License version
   18    * 2 along with this work; if not, write to the Free Software Foundation,
   19    * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
   20    *
   21    * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
   22    * or visit www.oracle.com if you need additional information or have any
   23    * questions.
   24    */
   25   
   26   package java.net;
   27   
   28   import java.security;
   29   import java.util.Enumeration;
   30   import java.util.Hashtable;
   31   import java.util.StringTokenizer;
   32   
   33   /**
   34    * This class is for various network permissions.
   35    * A NetPermission contains a name (also referred to as a "target name") but
   36    * no actions list; you either have the named permission
   37    * or you don't.
   38    * <P>
   39    * The target name is the name of the network permission (see below). The naming
   40    * convention follows the  hierarchical property naming convention.
   41    * Also, an asterisk
   42    * may appear at the end of the name, following a ".", or by itself, to
   43    * signify a wildcard match. For example: "foo.*" or "*" is valid,
   44    * "*foo" or "a*b" is not valid.
   45    * <P>
   46    * The following table lists all the possible NetPermission target names,
   47    * and for each provides a description of what the permission allows
   48    * and a discussion of the risks of granting code the permission.
   49    * <P>
   50    *
   51    * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
   52    * <tr>
   53    * <th>Permission Target Name</th>
   54    * <th>What the Permission Allows</th>
   55    * <th>Risks of Allowing this Permission</th>
   56    * </tr>
   57    * <tr>
   58    *   <td>allowHttpTrace</td>
   59    *   <td>The ability to use the HTTP TRACE method in HttpURLConnection.</td>
   60    *   <td>Malicious code using HTTP TRACE could get access to security sensitive
   61    *   information in the HTTP headers (such as cookies) that it might not
   62    *   otherwise have access to.</td>
   63    *   </tr>
   64    *
   65    * <tr>
   66    *   <td>getCookieHandler</td>
   67    *   <td>The ability to get the cookie handler that processes highly
   68    *   security sensitive cookie information for an Http session.</td>
   69    *   <td>Malicious code can get a cookie handler to obtain access to
   70    *   highly security sensitive cookie information. Some web servers
   71    *   use cookies to save user private information such as access
   72    *   control information, or to track user browsing habit.</td>
   73    *   </tr>
   74    *
   75    * <tr>
   76    *  <td>getNetworkInformation</td>
   77    *  <td>The ability to retrieve all information about local network interfaces.</td>
   78    *  <td>Malicious code can read information about network hardware such as
   79    *  MAC addresses, which could be used to construct local IPv6 addresses.</td>
   80    * </tr>
   81    *
   82    * <tr>
   83    *   <td>getProxySelector</td>
   84    *   <td>The ability to get the proxy selector used to make decisions
   85    *   on which proxies to use when making network connections.</td>
   86    *   <td>Malicious code can get a ProxySelector to discover proxy
   87    *   hosts and ports on internal networks, which could then become
   88    *   targets for attack.</td>
   89    * </tr>
   90    *
   91    * <tr>
   92    *   <td>getResponseCache</td>
   93    *   <td>The ability to get the response cache that provides
   94    *   access to a local response cache.</td>
   95    *   <td>Malicious code getting access to the local response cache
   96    *   could access security sensitive information.</td>
   97    *   </tr>
   98    *
   99    * <tr>
  100    *   <td>requestPasswordAuthentication</td>
  101    *   <td>The ability
  102    * to ask the authenticator registered with the system for
  103    * a password</td>
  104    *   <td>Malicious code may steal this password.</td>
  105    * </tr>
  106    *
  107    * <tr>
  108    *   <td>setCookieHandler</td>
  109    *   <td>The ability to set the cookie handler that processes highly
  110    *   security sensitive cookie information for an Http session.</td>
  111    *   <td>Malicious code can set a cookie handler to obtain access to
  112    *   highly security sensitive cookie information. Some web servers
  113    *   use cookies to save user private information such as access
  114    *   control information, or to track user browsing habit.</td>
  115    *   </tr>
  116    *
  117    * <tr>
  118    *   <td>setDefaultAuthenticator</td>
  119    *   <td>The ability to set the
  120    * way authentication information is retrieved when
  121    * a proxy or HTTP server asks for authentication</td>
  122    *   <td>Malicious
  123    * code can set an authenticator that monitors and steals user
  124    * authentication input as it retrieves the input from the user.</td>
  125    * </tr>
  126    *
  127    * <tr>
  128    *   <td>setProxySelector</td>
  129    *   <td>The ability to set the proxy selector used to make decisions
  130    *   on which proxies to use when making network connections.</td>
  131    *   <td>Malicious code can set a ProxySelector that directs network
  132    *   traffic to an arbitrary network host.</td>
  133    * </tr>
  134    *
  135    * <tr>
  136    *   <td>setResponseCache</td>
  137    *   <td>The ability to set the response cache that provides access to
  138    *   a local response cache.</td>
  139    *   <td>Malicious code getting access to the local response cache
  140    *   could access security sensitive information, or create false
  141    *   entries in the response cache.</td>
  142    *   </tr>
  143    *
  144    * <tr>
  145    *   <td>specifyStreamHandler</td>
  146    *   <td>The ability
  147    * to specify a stream handler when constructing a URL</td>
  148    *   <td>Malicious code may create a URL with resources that it would
  149   normally not have access to (like file:/foo/fum/), specifying a
  150   stream handler that gets the actual bytes from someplace it does
  151   have access to. Thus it might be able to trick the system into
  152   creating a ProtectionDomain/CodeSource for a class even though
  153   that class really didn't come from that location.</td>
  154    * </tr>
  155    * </table>
  156    *
  157    * @see java.security.BasicPermission
  158    * @see java.security.Permission
  159    * @see java.security.Permissions
  160    * @see java.security.PermissionCollection
  161    * @see java.lang.SecurityManager
  162    *
  163    *
  164    * @author Marianne Mueller
  165    * @author Roland Schemers
  166    */
  167   
  168   public final class NetPermission extends BasicPermission {
  169       private static final long serialVersionUID = -8343910153355041693L;
  170   
  171       /**
  172        * Creates a new NetPermission with the specified name.
  173        * The name is the symbolic name of the NetPermission, such as
  174        * "setDefaultAuthenticator", etc. An asterisk
  175        * may appear at the end of the name, following a ".", or by itself, to
  176        * signify a wildcard match.
  177        *
  178        * @param name the name of the NetPermission.
  179        *
  180        * @throws NullPointerException if <code>name</code> is <code>null</code>.
  181        * @throws IllegalArgumentException if <code>name</code> is empty.
  182        */
  183   
  184       public NetPermission(String name)
  185       {
  186           super(name);
  187       }
  188   
  189       /**
  190        * Creates a new NetPermission object with the specified name.
  191        * The name is the symbolic name of the NetPermission, and the
  192        * actions String is currently unused and should be null.
  193        *
  194        * @param name the name of the NetPermission.
  195        * @param actions should be null.
  196        *
  197        * @throws NullPointerException if <code>name</code> is <code>null</code>.
  198        * @throws IllegalArgumentException if <code>name</code> is empty.
  199        */
  200   
  201       public NetPermission(String name, String actions)
  202       {
  203           super(name, actions);
  204       }
  205   }

Home » openjdk-7 » java » net » [javadoc | source]