1 | <!--
|
---|
2 | Licensed to the Apache Software Foundation (ASF) under one or more
|
---|
3 | contributor license agreements. See the NOTICE file distributed with
|
---|
4 | this work for additional information regarding copyright ownership.
|
---|
5 | The ASF licenses this file to You under the Apache License, Version 2.0
|
---|
6 | (the "License"); you may not use this file except in compliance with
|
---|
7 | the License. You may obtain a copy of the License at
|
---|
8 |
|
---|
9 | http://www.apache.org/licenses/LICENSE-2.0
|
---|
10 |
|
---|
11 | Unless required by applicable law or agreed to in writing, software
|
---|
12 | distributed under the License is distributed on an "AS IS" BASIS,
|
---|
13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
14 | See the License for the specific language governing permissions and
|
---|
15 | limitations under the License.
|
---|
16 | -->
|
---|
17 | <html>
|
---|
18 |
|
---|
19 | <head>
|
---|
20 | <meta http-equiv="Content-Language" content="en-us">
|
---|
21 | <link rel="stylesheet" type="text/css" href="../stylesheets/style.css">
|
---|
22 | <title>Permissions type</title>
|
---|
23 | </head>
|
---|
24 |
|
---|
25 | <body>
|
---|
26 |
|
---|
27 | <h2><a name="permissions">Permissions</a></h2>
|
---|
28 | <p>
|
---|
29 | Permissions represents a set of security permissions granted or revoked to
|
---|
30 | a specific part code executed in the JVM where ant is running in.
|
---|
31 | The actual Permissions are specified via a set of nested permission items either
|
---|
32 | <code><grant></code>ed or <code><revoke></code>d.</p>
|
---|
33 | <p>
|
---|
34 | In the base situation a <a href="#baseset">base set</a> of permissions granted.
|
---|
35 | Extra permissions can be
|
---|
36 | granted. A granted permission can be overruled by revoking a permission.
|
---|
37 | The security manager installed by the permissions will throw an
|
---|
38 | <code>SecurityException</code> if
|
---|
39 | the code subject to these permissions try to use an permission that has not been
|
---|
40 | granted or that has been revoked.</p>
|
---|
41 | <h3>Nested elements</h3>
|
---|
42 | <h4>grant</h4>
|
---|
43 | <p>
|
---|
44 | Indicates a specific permission is always granted. Its attributes indicate which
|
---|
45 | permissions are granted.</p>
|
---|
46 | <table border="1" cellpadding="2" cellspacing="0">
|
---|
47 | <tr>
|
---|
48 | <td valign="top"><b>Attribute</b></td>
|
---|
49 | <td valign="top"><b>Description</b></td>
|
---|
50 | <td align="center" valign="top"><b>Required</b></td>
|
---|
51 | </tr>
|
---|
52 | <tr>
|
---|
53 | <td valign="top">class</td>
|
---|
54 | <td valign="top">The fully qualified name of the Permission class.</td>
|
---|
55 | <td valign="top" align="center">Yes</td>
|
---|
56 | </tr>
|
---|
57 | <tr>
|
---|
58 | <td valign="top">name</td>
|
---|
59 | <td valign="top">The name of the Permission. The actual contents depends on the
|
---|
60 | Permission class.</td>
|
---|
61 | <td valign="top" align="center">No</td>
|
---|
62 | </tr>
|
---|
63 | <tr>
|
---|
64 | <td valign="top">actions</td>
|
---|
65 | <td valign="top">The actions allowed. The actual contents depend on the
|
---|
66 | Permission class and name.</td>
|
---|
67 | <td valign="top" align="center">No</td>
|
---|
68 | </tr>
|
---|
69 | </table>
|
---|
70 | <p>
|
---|
71 | Implied permissions are granted.
|
---|
72 | </p>
|
---|
73 | <p>
|
---|
74 | Please note that some Permission classes may actually need a name and / or actions in order to function properly. The name and actions are parsed by the actual
|
---|
75 | Permission class.
|
---|
76 | </p>
|
---|
77 | <h4>revoke</h4>
|
---|
78 | <p>
|
---|
79 | Indicates a specific permission is revoked.</p>
|
---|
80 | <table border="1" cellpadding="2" cellspacing="0">
|
---|
81 | <tr>
|
---|
82 | <td valign="top"><b>Attribute</b></td>
|
---|
83 | <td valign="top"><b>Description</b></td>
|
---|
84 | <td align="center" valign="top"><b>Required</b></td>
|
---|
85 | </tr>
|
---|
86 | <tr>
|
---|
87 | <td valign="top">class</td>
|
---|
88 | <td valign="top">The fully qualified name of the Permission class.</td>
|
---|
89 | <td valign="top" align="center">Yes</td>
|
---|
90 | </tr>
|
---|
91 | <tr>
|
---|
92 | <td valign="top">name</td>
|
---|
93 | <td valign="top">The name of the Permission. The actual contents depends on the
|
---|
94 | Permission class.</td>
|
---|
95 | <td valign="top" align="center">No</td>
|
---|
96 | </tr>
|
---|
97 | <tr>
|
---|
98 | <td valign="top">actions</td>
|
---|
99 | <td valign="top">The actions allowed. The actual contents depend on the
|
---|
100 | Permission class and name.</td>
|
---|
101 | <td valign="top" align="center">No</td>
|
---|
102 | </tr>
|
---|
103 | </table>
|
---|
104 | <p>
|
---|
105 | Implied permissions are not resolved and therefore also not revoked.
|
---|
106 | </p>
|
---|
107 | <p>
|
---|
108 | The name can handle the * wildcard at the end of the name, in which case all
|
---|
109 | permissions of the specified class of which the name starts with the specified name
|
---|
110 | (excluding the *) are revoked. Note that the - wildcard often supported by the
|
---|
111 | granted properties is not supported.
|
---|
112 | If the name is left empty all names match, and are revoked.
|
---|
113 | If the actions are left empty all actions match, and are revoked.
|
---|
114 | </p>
|
---|
115 | <h3><a name="baseset">Base set</a></h3>
|
---|
116 | A permissions set implictly contains the following permissions:
|
---|
117 | <blockquote><pre>
|
---|
118 | <grant class="java.net.SocketPermission" name="localhost:1024-" actions="listen">
|
---|
119 | <grant class="java.util.PropertyPermission" name="java.version" actions="read">
|
---|
120 | <grant class="java.util.PropertyPermission" name="java.vendor" actions="read">
|
---|
121 | <grant class="java.util.PropertyPermission" name="java.vendor.url" actions="read">
|
---|
122 | <grant class="java.util.PropertyPermission" name="java.class.version" actions="read">
|
---|
123 | <grant class="java.util.PropertyPermission" name="os.name" actions="read">
|
---|
124 | <grant class="java.util.PropertyPermission" name="os.version" actions="read">
|
---|
125 | <grant class="java.util.PropertyPermission" name="os.arch" actions="read">
|
---|
126 | <grant class="java.util.PropertyPermission" name="file.encoding" actions="read">
|
---|
127 | <grant class="java.util.PropertyPermission" name="file.separator" actions="read">
|
---|
128 | <grant class="java.util.PropertyPermission" name="path.separator" actions="read">
|
---|
129 | <grant class="java.util.PropertyPermission" name="line.separator" actions="read">
|
---|
130 | <grant class="java.util.PropertyPermission" name="java.specification.version" actions="read">
|
---|
131 | <grant class="java.util.PropertyPermission" name="java.specification.vendor" actions="read">
|
---|
132 | <grant class="java.util.PropertyPermission" name="java.specification.name" actions="read">
|
---|
133 | <grant class="java.util.PropertyPermission" name="java.vm.specification.version" actions="read">
|
---|
134 | <grant class="java.util.PropertyPermission" name="java.vm.specification.vendor" actions="read">
|
---|
135 | <grant class="java.util.PropertyPermission" name="java.vm.specification.name" actions="read">
|
---|
136 | <grant class="java.util.PropertyPermission" name="java.vm.version" actions="read">
|
---|
137 | <grant class="java.util.PropertyPermission" name="java.vm.vendor" actions="read">
|
---|
138 | <grant class="java.util.PropertyPermission" name="java.vm.name" actions="read">
|
---|
139 | </blockquote></pre>
|
---|
140 | These permissions can be revoked via <code><revoke></code> elements if necessary.
|
---|
141 |
|
---|
142 | <h3>Examples</h3>
|
---|
143 | <blockquote><pre>
|
---|
144 | <permissions>
|
---|
145 | <grant class="java.security.AllPermission"/>
|
---|
146 | <revoke class="java.util.PropertyPermission"/>
|
---|
147 | </permissions>
|
---|
148 | </pre></blockquote>
|
---|
149 | <p>
|
---|
150 | Grants all permissions to the code except for those handling Properties.
|
---|
151 | </p>
|
---|
152 | <blockquote><pre>
|
---|
153 | <permissions>
|
---|
154 | <grant class="java.net.SocketPermission" name="foo.bar.com" action="connect"/>
|
---|
155 | <grant class="java.util.PropertyPermission" name="user.home" action="read,write"/>
|
---|
156 | </permissions>
|
---|
157 | </pre></blockquote>
|
---|
158 | <p>
|
---|
159 | Grants the base set of permissions with the addition of a SocketPermission to connect
|
---|
160 | to foo.bar.com and the permission to read and write the user.home system property.
|
---|
161 | </p>
|
---|
162 |
|
---|
163 | </body>
|
---|
164 | </html>
|
---|