Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: other-projects/trunk/realistic-books/packages/AntInstaller/web/manual/manual/CoreTypes/permissions.html@ 19253

Last change on this file since 19253 was 19253, checked in by davidb, 15 years ago
Establishing a source code repository for Veronica's Realistic Book's software
File size: 7.7 KB

Line
1	<!--
2	Licensed to the Apache Software Foundation (ASF) under one or more
3	contributor license agreements. See the NOTICE file distributed with
4	this work for additional information regarding copyright ownership.
5	The ASF licenses this file to You under the Apache License, Version 2.0
6	(the "License"); you may not use this file except in compliance with
7	the License. You may obtain a copy of the License at
8
9	http://www.apache.org/licenses/LICENSE-2.0
10
11	Unless required by applicable law or agreed to in writing, software
12	distributed under the License is distributed on an "AS IS" BASIS,
13	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14	See the License for the specific language governing permissions and
15	limitations under the License.
16	-->
17	<html>
18
19	<head>
20	<meta http-equiv="Content-Language" content="en-us">
21	<link rel="stylesheet" type="text/css" href="../stylesheets/style.css">
22	<title>Permissions type</title>
23	</head>
24
25	<body>
26
27	<h2><a name="permissions">Permissions</a></h2>
28	<p>
29	Permissions represents a set of security permissions granted or revoked to
30	a specific part code executed in the JVM where ant is running in.
31	The actual Permissions are specified via a set of nested permission items either
32	<code><grant></code>ed or <code><revoke></code>d.</p>
33	<p>
34	In the base situation a <a href="#baseset">base set</a> of permissions granted.
35	Extra permissions can be
36	granted. A granted permission can be overruled by revoking a permission.
37	The security manager installed by the permissions will throw an
38	<code>SecurityException</code> if
39	the code subject to these permissions try to use an permission that has not been
40	granted or that has been revoked.</p>
41	<h3>Nested elements</h3>
42	<h4>grant</h4>
43	<p>
44	Indicates a specific permission is always granted. Its attributes indicate which
45	permissions are granted.</p>
46	<table border="1" cellpadding="2" cellspacing="0">
47	<tr>
48	<td valign="top"><b>Attribute</b></td>
49	<td valign="top"><b>Description</b></td>
50	<td align="center" valign="top"><b>Required</b></td>
51	</tr>
52	<tr>
53	<td valign="top">class</td>
54	<td valign="top">The fully qualified name of the Permission class.</td>
55	<td valign="top" align="center">Yes</td>
56	</tr>
57	<tr>
58	<td valign="top">name</td>
59	<td valign="top">The name of the Permission. The actual contents depends on the
60	Permission class.</td>
61	<td valign="top" align="center">No</td>
62	</tr>
63	<tr>
64	<td valign="top">actions</td>
65	<td valign="top">The actions allowed. The actual contents depend on the
66	Permission class and name.</td>
67	<td valign="top" align="center">No</td>
68	</tr>
69	</table>
70	<p>
71	Implied permissions are granted.
72	</p>
73	<p>
74	Please note that some Permission classes may actually need a name and / or actions in order to function properly. The name and actions are parsed by the actual
75	Permission class.
76	</p>
77	<h4>revoke</h4>
78	<p>
79	Indicates a specific permission is revoked.</p>
80	<table border="1" cellpadding="2" cellspacing="0">
81	<tr>
82	<td valign="top"><b>Attribute</b></td>
83	<td valign="top"><b>Description</b></td>
84	<td align="center" valign="top"><b>Required</b></td>
85	</tr>
86	<tr>
87	<td valign="top">class</td>
88	<td valign="top">The fully qualified name of the Permission class.</td>
89	<td valign="top" align="center">Yes</td>
90	</tr>
91	<tr>
92	<td valign="top">name</td>
93	<td valign="top">The name of the Permission. The actual contents depends on the
94	Permission class.</td>
95	<td valign="top" align="center">No</td>
96	</tr>
97	<tr>
98	<td valign="top">actions</td>
99	<td valign="top">The actions allowed. The actual contents depend on the
100	Permission class and name.</td>
101	<td valign="top" align="center">No</td>
102	</tr>
103	</table>
104	<p>
105	Implied permissions are not resolved and therefore also not revoked.
106	</p>
107	<p>
108	The name can handle the * wildcard at the end of the name, in which case all
109	permissions of the specified class of which the name starts with the specified name
110	(excluding the *) are revoked. Note that the - wildcard often supported by the
111	granted properties is not supported.
112	If the name is left empty all names match, and are revoked.
113	If the actions are left empty all actions match, and are revoked.
114	</p>
115	<h3><a name="baseset">Base set</a></h3>
116	A permissions set implictly contains the following permissions:
117	<blockquote><pre>
118	<grant class="java.net.SocketPermission" name="localhost:1024-" actions="listen">
119	<grant class="java.util.PropertyPermission" name="java.version" actions="read">
120	<grant class="java.util.PropertyPermission" name="java.vendor" actions="read">
121	<grant class="java.util.PropertyPermission" name="java.vendor.url" actions="read">
122	<grant class="java.util.PropertyPermission" name="java.class.version" actions="read">
123	<grant class="java.util.PropertyPermission" name="os.name" actions="read">
124	<grant class="java.util.PropertyPermission" name="os.version" actions="read">
125	<grant class="java.util.PropertyPermission" name="os.arch" actions="read">
126	<grant class="java.util.PropertyPermission" name="file.encoding" actions="read">
127	<grant class="java.util.PropertyPermission" name="file.separator" actions="read">
128	<grant class="java.util.PropertyPermission" name="path.separator" actions="read">
129	<grant class="java.util.PropertyPermission" name="line.separator" actions="read">
130	<grant class="java.util.PropertyPermission" name="java.specification.version" actions="read">
131	<grant class="java.util.PropertyPermission" name="java.specification.vendor" actions="read">
132	<grant class="java.util.PropertyPermission" name="java.specification.name" actions="read">
133	<grant class="java.util.PropertyPermission" name="java.vm.specification.version" actions="read">
134	<grant class="java.util.PropertyPermission" name="java.vm.specification.vendor" actions="read">
135	<grant class="java.util.PropertyPermission" name="java.vm.specification.name" actions="read">
136	<grant class="java.util.PropertyPermission" name="java.vm.version" actions="read">
137	<grant class="java.util.PropertyPermission" name="java.vm.vendor" actions="read">
138	<grant class="java.util.PropertyPermission" name="java.vm.name" actions="read">
139	</blockquote></pre>
140	These permissions can be revoked via <code><revoke></code> elements if necessary.
141
142	<h3>Examples</h3>
143	<blockquote><pre>
144	<permissions>
145	<grant class="java.security.AllPermission"/>
146	<revoke class="java.util.PropertyPermission"/>
147	</permissions>
148	</pre></blockquote>
149	<p>
150	Grants all permissions to the code except for those handling Properties.
151	</p>
152	<blockquote><pre>
153	<permissions>
154	<grant class="java.net.SocketPermission" name="foo.bar.com" action="connect"/>
155	<grant class="java.util.PropertyPermission" name="user.home" action="read,write"/>
156	</permissions>
157	</pre></blockquote>
158	<p>
159	Grants the base set of permissions with the addition of a SocketPermission to connect
160	to foo.bar.com and the permission to read and write the user.home system property.
161	</p>
162
163	</body>
164	</html>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: