Util propertypermission java home reading

This class is for property permissions. The name is the name of the property («java.home», «os.name», etc). The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a «.», or by itself, to signify a wildcard match. For example: «java.*» and «*» signify a wildcard match, while «*java» and «a*b» do not. The actions to be granted are passed to the constructor in a string containing a list of one or more comma-separated keywords. The possible keywords are «read» and «write». Their meaning is defined as follows: read read permission. Allows System.getProperty to be called. write write permission. Allows System.setProperty to be called. The actions string is converted to lowercase before processing. Care should be taken before granting code permission to access certain system properties. For example, granting permission to access the «java.home» system property gives potentially malevolent code sensitive information about the system environment (the Java installation directory). Also, granting permission to access the «user.name» and «user.home» system properties gives potentially malevolent code sensitive information about the user environment (the user’s account name and home directory).

Constructor Summary

Method Summary

Methods inherited from class java.security.Permission

Methods inherited from class java.lang.Object

Constructor Detail

PropertyPermission

Creates a new PropertyPermission object with the specified name. The name is the name of the system property, and actions contains a comma-separated list of the desired actions granted on the property. Possible actions are «read» and «write».

Method Detail

implies

p is an instanceof PropertyPermission,
p‘s actions are a subset of this object’s actions, and
p‘s name is implied by this object’s name. For example, «java.*» implies «java.home».

equals

Checks two PropertyPermission objects for equality. Checks that obj is a PropertyPermission, and has the same name and actions as this object.

hashCode

Returns the hash code value for this object. The hash code used is the hash code of this permissions name, that is, getName().hashCode() , where getName is from the Permission superclass.

getActions

Returns the «canonical string representation» of the actions. That is, this method always returns present actions in the following order: read, write. For example, if this PropertyPermission object allows both write and read actions, a call to getActions will return the string «read,write».

newPermissionCollection

Источник

Util propertypermission java home reading

Constructor Summary

Method Summary

Methods declared in class java.security.Permission

Methods declared in class java.lang.Object

Constructor Detail

PropertyPermission

Method Detail

implies

p is an instanceof PropertyPermission,
p‘s actions are a subset of this object’s actions, and
p‘s name is implied by this object’s name. For example, «java.*» implies «java.home».

equals

Checks two PropertyPermission objects for equality. Checks that obj is a PropertyPermission, and has the same name and actions as this object.

hashCode

Returns the hash code value for this object. The hash code used is the hash code of this permissions name, that is, getName().hashCode() , where getName is from the Permission superclass.

getActions

newPermissionCollection

Report a bug or suggest an enhancement
For further API reference and developer documentation see the Java SE Documentation, which contains more detailed, developer-targeted descriptions with conceptual overviews, definitions of terms, workarounds, and working code examples.
Java is a trademark or registered trademark of Oracle and/or its affiliates in the US and other countries.
Copyright © 1993, 2023, Oracle and/or its affiliates, 500 Oracle Parkway, Redwood Shores, CA 94065 USA.
All rights reserved. Use is subject to license terms and the documentation redistribution policy.

Источник

A Sample Policy File

Below is a complete policy file for a user wanting to run ExampleGame .

The policy file syntax is not described here; if you are interested, see the Default Policy Implementation and Policy File Syntax page.

You don’t need to know the syntax; you can always use the Policy Tool to create policy files, as shown in Creating a Policy File, Quick Tour of Controlling Applications, and Signing Code and Granting It Permissions lessons.

Below is the sample policy file, followed by a description of the individual entries. Assume that

The policy file is on Kim’s computer, and Kim’s keystore is named kim.keystore .
ExampleGame has been signed by the game creator Terry’s private key, and the corresponding public key is in the keystore entry aliased by «terry» .
The HighScore and HighScorePermissions classes were signed by the private key of the person who implemented them (Chris), and the corresponding public key is in the keystore entry aliased by «chris» .

keystore "kim.keystore"; // Here is the permission ExampleGame needs. // It grants code signed by "terry" the // HighScorePermission, if the // HighScorePermission was signed by "chris" grant SignedBy "terry" < permission com.scoredev.scores.HighScorePermission "ExampleGame", signedBy "chris"; >; // Here is the set of permissions the HighScore // class needs: grant SignedBy "chris" < // The HighScore class needs permission to read // "user.home" to find the location of the // highscore file permission java.util.PropertyPermission "user.home", "read"; // It needs permission to read and write the // high score file itself permission java.io.FilePermission "$$.highscore", "read,write"; // It needs to get granted its own permission, // so it can call checkPermission // to see if its caller has permission. // Only grant it the permission // if the permission itself was signed by // "chris" permission com.scoredev.scores.HighScorePermission "*", signedBy "chris"; >;

The Keystore Entry

A keystore is a repository of keys and certificates, and is used to look up the public keys of the signers specified in the policy file ( «terry» and «chris» in this example).

The keytool utility is used to create and administer keystores.

For this lesson, assume Kim would like to play ExampleGame . If Kim’s keystore is named kim.keystore , then Kim’s policy file needs the following line at the very beginning:

The ExampleGame Entry

A policy file entry specifies one or more permissions for code from a particular code source — either code from a particular location (URL), or code signed by a particular entity, or both.

Our policy file needs an entry for each game, granting code signed by a key from that game’s creator a HighScorePermission whose name is the game name. That permission allows the game to call the HighScore methods to get or update the user’s high score value for that particular game.

The entry required for ExampleGame is:

Requiring that ExampleGame be signed by «terry» enables Kim to know that the game is the actual game that Terry developed. For this to work, Kim must have already stored Terry’s public key certificate into kim.keystore using the alias «terry» .

Notice that the HighScorePermission needs to be signed by «chris» , the person who actually implemented that permission. This ensures that ExampleGame is granted the actual permission implemented by «chris» , and not someone else. As before, for this to work Kim must have already stored Chris’s public key certificate into kim.keystore using the alias «chris» .

The HighScore Entry

The final entry in the policy file grants permissions to the HighScore class. More specifically, it grants permissions to code signed by «chris» , who created and signed the class. Requiring the class to be signed by «chris» ensures that when ExampleGame calls upon this class to update the user’s high score, ExampleGame knows for sure that it is using the original class implemented by «chris» .

To update the user’s high score value for any games that call upon it do so, the HighScore class requires three permissions:

1. Permission to read the «user.home» property value.

The HighScore class stores the user’s high score values in a .highscore file in the user’s home directory. Therefore this class needs a java.util.PropertyPermission that allows it to read the «user.home» property value to find out exactly where the user’s home directory resides:

permission java.util.PropertyPermission "user.home", "read";

2. Permission to read and write to the high score file itself.

This permission is needed so the HighScore getHighScore and setHighScore methods can access the user’s .highscore file to get or set, respectively, the current high score for the current game.

Here is the required permission:

permission java.io.FilePermission "$$.highscore", "read,write";

Note: The notation $ specifies the value of a property. Thus, $ will be replaced by the value of the «user.home» property. The notation $ is a platform-independent way of specifying a file separator.

3. All HighScorePermissions (that is, HighScorePermissions of any name).

This permission is needed so that the HighScore checks to ensure the calling game has been granted a HighScorePermission whose name is the game name will work. That is, the HighScore class must also be granted the permission, since a permission check requires that all code currently on the stack have the specified permission.

Here is the required permission:

permission com.scoredev.scores.HighScorePermission "*", signedBy "chris";

As before, the HighScorePermission itself needs to be signed by «chris» , the person who actually implemented the permission.

Источник