001: /*
002: * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved.
003: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
004: *
005: * This code is free software; you can redistribute it and/or modify it
006: * under the terms of the GNU General Public License version 2 only, as
007: * published by the Free Software Foundation. Sun designates this
008: * particular file as subject to the "Classpath" exception as provided
009: * by Sun in the LICENSE file that accompanied this code.
010: *
011: * This code is distributed in the hope that it will be useful, but WITHOUT
012: * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
013: * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
014: * version 2 for more details (a copy is included in the LICENSE file that
015: * accompanied this code).
016: *
017: * You should have received a copy of the GNU General Public License version
018: * 2 along with this work; if not, write to the Free Software Foundation,
019: * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
020: *
021: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
022: * CA 95054 USA or visit www.sun.com if you need additional information or
023: * have any questions.
024: */
025:
026: package java.io;
027:
028: import java.security.*;
029: import java.util.Enumeration;
030: import java.util.Hashtable;
031: import java.util.StringTokenizer;
032:
033: /**
034: * This class is for Serializable permissions. A SerializablePermission
035: * contains a name (also referred to as a "target name") but
036: * no actions list; you either have the named permission
037: * or you don't.
038: *
039: * <P>
040: * The target name is the name of the Serializable permission (see below).
041: *
042: * <P>
043: * The following table lists all the possible SerializablePermission target names,
044: * and for each provides a description of what the permission allows
045: * and a discussion of the risks of granting code the permission.
046: * <P>
047: *
048: * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
049: * <tr>
050: * <th>Permission Target Name</th>
051: * <th>What the Permission Allows</th>
052: * <th>Risks of Allowing this Permission</th>
053: * </tr>
054: *
055: * <tr>
056: * <td>enableSubclassImplementation</td>
057: * <td>Subclass implementation of ObjectOutputStream or ObjectInputStream
058: * to override the default serialization or deserialization, respectively,
059: * of objects</td>
060: * <td>Code can use this to serialize or
061: * deserialize classes in a purposefully malfeasant manner. For example,
062: * during serialization, malicious code can use this to
063: * purposefully store confidential private field data in a way easily accessible
064: * to attackers. Or, during deserialization it could, for example, deserialize
065: * a class with all its private fields zeroed out.</td>
066: * </tr>
067: *
068: * <tr>
069: * <td>enableSubstitution</td>
070: * <td>Substitution of one object for another during
071: * serialization or deserialization</td>
072: * <td>This is dangerous because malicious code
073: * can replace the actual object with one which has incorrect or
074: * malignant data.</td>
075: * </tr>
076: *
077: * </table>
078: *
079: * @see java.security.BasicPermission
080: * @see java.security.Permission
081: * @see java.security.Permissions
082: * @see java.security.PermissionCollection
083: * @see java.lang.SecurityManager
084: *
085: * @version 1.29, 05/05/07
086: *
087: * @author Joe Fialli
088: * @since 1.2
089: */
090:
091: /* code was borrowed originally from java.lang.RuntimePermission. */
092:
093: public final class SerializablePermission extends BasicPermission {
094:
095: private static final long serialVersionUID = 8537212141160296410L;
096:
097: /**
098: * @serial
099: */
100: private String actions;
101:
102: /**
103: * Creates a new SerializablePermission with the specified name.
104: * The name is the symbolic name of the SerializablePermission, such as
105: * "enableSubstitution", etc.
106: *
107: * @param name the name of the SerializablePermission.
108: *
109: * @throws NullPointerException if <code>name</code> is <code>null</code>.
110: * @throws IllegalArgumentException if <code>name</code> is empty.
111: */
112: public SerializablePermission(String name) {
113: super (name);
114: }
115:
116: /**
117: * Creates a new SerializablePermission object with the specified name.
118: * The name is the symbolic name of the SerializablePermission, and the
119: * actions String is currently unused and should be null.
120: *
121: * @param name the name of the SerializablePermission.
122: * @param actions currently unused and must be set to null
123: *
124: * @throws NullPointerException if <code>name</code> is <code>null</code>.
125: * @throws IllegalArgumentException if <code>name</code> is empty.
126: */
127:
128: public SerializablePermission(String name, String actions) {
129: super(name, actions);
130: }
131: }
| 