001: /*
002: * @(#)NetPermission.java 1.46 06/10/10
003: *
004: * Copyright 1990-2006 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: *
026: */
027:
028: package java.net;
029:
030: import java.security.*;
031: import java.util.Enumeration;
032: import java.util.Hashtable;
033: import java.util.StringTokenizer;
034:
035: /**
036: * This class is for various network permissions.
037: * A NetPermission contains a name (also referred to as a "target name") but
038: * no actions list; you either have the named permission
039: * or you don't.
040: * <P>
041: * The target name is the name of the network permission (see below). The naming
042: * convention follows the hierarchical property naming convention.
043: * Also, an asterisk
044: * may appear at the end of the name, following a ".", or by itself, to
045: * signify a wildcard match. For example: "foo.*" or "*" is valid,
046: * "*foo" or "a*b" is not valid.
047: * <P>
048: * The following table lists all the possible NetPermission target names,
049: * and for each provides a description of what the permission allows
050: * and a discussion of the risks of granting code the permission.
051: * <P>
052: *
053: * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
054: * <tr>
055: * <th>Permission Target Name</th>
056: * <th>What the Permission Allows</th>
057: * <th>Risks of Allowing this Permission</th>
058: * </tr>
059: *
060: * <tr>
061: * <td>setDefaultAuthenticator</td>
062: * <td>The ability to set the
063: * way authentication information is retrieved when
064: * a proxy or HTTP server asks for authentication</td>
065: * <td>Malicious
066: * code can set an authenticator that monitors and steals user
067: * authentication input as it retrieves the input from the user.</td>
068: * </tr>
069: *
070: * <tr>
071: * <td>requestPasswordAuthentication</td>
072: * <td>The ability
073: * to ask the authenticator registered with the system for
074: * a password</td>
075: * <td>Malicious code may steal this password.</td>
076: * </tr>
077: *
078: * <tr>
079: * <td>specifyStreamHandler</td>
080: * <td>The ability
081: * to specify a stream handler when constructing a URL</td>
082: * <td>Malicious code may create a URL with resources that it would
083: normally not have access to (like file:/foo/fum/), specifying a
084: stream handler that gets the actual bytes from someplace it does
085: have access to. Thus it might be able to trick the system into
086: creating a ProtectionDomain/CodeSource for a class even though
087: that class really didn't come from that location.</td>
088: * </tr>
089: *
090: * </table>
091: *
092: * @see java.security.BasicPermission
093: * @see java.security.Permission
094: * @see java.security.Permissions
095: * @see java.security.PermissionCollection
096: * @see java.lang.SecurityManager
097: *
098: * @version 1.39 00/02/02
099: *
100: * @author Marianne Mueller
101: * @author Roland Schemers
102: */
103:
104: public final class NetPermission extends BasicPermission {
105: private static final long serialVersionUID = -8343910153355041693L;
106:
107: /**
108: * Creates a new NetPermission with the specified name.
109: * The name is the symbolic name of the NetPermission, such as
110: * "setDefaultAuthenticator", etc. An asterisk
111: * may appear at the end of the name, following a ".", or by itself, to
112: * signify a wildcard match.
113: *
114: * @param name the name of the NetPermission.
115: */
116:
117: public NetPermission(String name) {
118: super (name);
119: }
120:
121: /**
122: * Creates a new NetPermission object with the specified name.
123: * The name is the symbolic name of the NetPermission, and the
124: * actions String is currently unused and should be null.
125: *
126: * @param name the name of the NetPermission.
127: * @param actions should be null.
128: */
129:
130: public NetPermission(String name, String actions) {
131: super(name, actions);
132: }
133: }
|