1 | <html>
|
---|
2 |
|
---|
3 | <head>
|
---|
4 | <meta http-equiv="Content-Language" content="en-us">
|
---|
5 | <title>Permissions type</title>
|
---|
6 | <link rel="stylesheet" type="text/css" href="../stylesheets/antmanual.css">
|
---|
7 | </head>
|
---|
8 |
|
---|
9 | <body>
|
---|
10 |
|
---|
11 | <h2><a name="permissions">Permissions</a></h2>
|
---|
12 | <p>
|
---|
13 | Permissions represents a set of security permissions granted or revoked to
|
---|
14 | a specific part code executed in the JVM where ant is running in.
|
---|
15 | The actual Permissions are specified via a set of nested permission items either
|
---|
16 | <code><grant></code>ed or <code><revoke></code>d.</p>
|
---|
17 | <p>
|
---|
18 | In the base situation a <a href="#baseset">base set</a> of permissions granted.
|
---|
19 | Extra permissions can be
|
---|
20 | granted. A granted permission can be overruled by revoking a permission.
|
---|
21 | The security manager installed by the permissions will throw an
|
---|
22 | <code>SecurityException</code> if
|
---|
23 | the code subject to these permissions try to use an permission that has not been
|
---|
24 | granted or that has been revoked.</p>
|
---|
25 | <h3>Nested elements</h3>
|
---|
26 | <h4>grant</h4>
|
---|
27 | <p>
|
---|
28 | Indicates a specific permission is always granted. Its attributes indicate which
|
---|
29 | permissions are granted.</p>
|
---|
30 | <table border="1" cellpadding="2" cellspacing="0">
|
---|
31 | <tr>
|
---|
32 | <td valign="top"><b>Attribute</b></td>
|
---|
33 | <td valign="top"><b>Description</b></td>
|
---|
34 | <td align="center" valign="top"><b>Required</b></td>
|
---|
35 | </tr>
|
---|
36 | <tr>
|
---|
37 | <td valign="top">class</td>
|
---|
38 | <td valign="top">The fully qualified name of the Permission class.</td>
|
---|
39 | <td valign="top" align="center">Yes</td>
|
---|
40 | </tr>
|
---|
41 | <tr>
|
---|
42 | <td valign="top">name</td>
|
---|
43 | <td valign="top">The name of the Permission. The actual contents depends on the
|
---|
44 | Permission class.</td>
|
---|
45 | <td valign="top" align="center">No</td>
|
---|
46 | </tr>
|
---|
47 | <tr>
|
---|
48 | <td valign="top">actions</td>
|
---|
49 | <td valign="top">The actions allowed. The actual contents depend on the
|
---|
50 | Permission class and name.</td>
|
---|
51 | <td valign="top" align="center">No</td>
|
---|
52 | </tr>
|
---|
53 | </table>
|
---|
54 | <p>
|
---|
55 | Implied permissions are granted.
|
---|
56 | </p>
|
---|
57 | <p>
|
---|
58 | Please note that some Permission classes may actually need a name and / or actions in order to function properly. The name and actions are parsed by the actual
|
---|
59 | Permission class.
|
---|
60 | </p>
|
---|
61 | <h4>revoke</h4>
|
---|
62 | <p>
|
---|
63 | Indicates a specific permission is revoked.</p>
|
---|
64 | <table border="1" cellpadding="2" cellspacing="0">
|
---|
65 | <tr>
|
---|
66 | <td valign="top"><b>Attribute</b></td>
|
---|
67 | <td valign="top"><b>Description</b></td>
|
---|
68 | <td align="center" valign="top"><b>Required</b></td>
|
---|
69 | </tr>
|
---|
70 | <tr>
|
---|
71 | <td valign="top">class</td>
|
---|
72 | <td valign="top">The fully qualified name of the Permission class.</td>
|
---|
73 | <td valign="top" align="center">Yes</td>
|
---|
74 | </tr>
|
---|
75 | <tr>
|
---|
76 | <td valign="top">name</td>
|
---|
77 | <td valign="top">The name of the Permission. The actual contents depends on the
|
---|
78 | Permission class.</td>
|
---|
79 | <td valign="top" align="center">No</td>
|
---|
80 | </tr>
|
---|
81 | <tr>
|
---|
82 | <td valign="top">actions</td>
|
---|
83 | <td valign="top">The actions allowed. The actual contents depend on the
|
---|
84 | Permission class and name.</td>
|
---|
85 | <td valign="top" align="center">No</td>
|
---|
86 | </tr>
|
---|
87 | </table>
|
---|
88 | <p>
|
---|
89 | Implied permissions are not resolved and therefore also not revoked.
|
---|
90 | </p>
|
---|
91 | <p>
|
---|
92 | The name can handle the * wildcard at the end of the name, in which case all
|
---|
93 | permissions of the specified class of which the name starts with the specified name
|
---|
94 | (excluding the *) are revoked. Note that the - wildcard often supported by the
|
---|
95 | granted properties is not supported.
|
---|
96 | If the name is left empty all names match, and are revoked.
|
---|
97 | If the actions are left empty all actions match, and are revoked.
|
---|
98 | </p>
|
---|
99 | <a name="baseset"></a><h3>Base set</h3>
|
---|
100 | A permissions set implictly contains the following permissions:
|
---|
101 | <blockquote><pre>
|
---|
102 | <grant class="java.net.SocketPermission" name="localhost:1024-" actions="listen">
|
---|
103 | <grant class="java.util.PropertyPermission" name="java.version" actions="read">
|
---|
104 | <grant class="java.util.PropertyPermission" name="java.vendor" actions="read">
|
---|
105 | <grant class="java.util.PropertyPermission" name="java.vendor.url" actions="read">
|
---|
106 | <grant class="java.util.PropertyPermission" name="java.class.version" actions="read">
|
---|
107 | <grant class="java.util.PropertyPermission" name="os.name" actions="read">
|
---|
108 | <grant class="java.util.PropertyPermission" name="os.version" actions="read">
|
---|
109 | <grant class="java.util.PropertyPermission" name="os.arch" actions="read">
|
---|
110 | <grant class="java.util.PropertyPermission" name="file.encoding" actions="read">
|
---|
111 | <grant class="java.util.PropertyPermission" name="file.separator" actions="read">
|
---|
112 | <grant class="java.util.PropertyPermission" name="path.separator" actions="read">
|
---|
113 | <grant class="java.util.PropertyPermission" name="line.separator" actions="read">
|
---|
114 | <grant class="java.util.PropertyPermission" name="java.specification.version" actions="read">
|
---|
115 | <grant class="java.util.PropertyPermission" name="java.specification.vendor" actions="read">
|
---|
116 | <grant class="java.util.PropertyPermission" name="java.specification.name" actions="read">
|
---|
117 | <grant class="java.util.PropertyPermission" name="java.vm.specification.version" actions="read">
|
---|
118 | <grant class="java.util.PropertyPermission" name="java.vm.specification.vendor" actions="read">
|
---|
119 | <grant class="java.util.PropertyPermission" name="java.vm.specification.name" actions="read">
|
---|
120 | <grant class="java.util.PropertyPermission" name="java.vm.version" actions="read">
|
---|
121 | <grant class="java.util.PropertyPermission" name="java.vm.vendor" actions="read">
|
---|
122 | <grant class="java.util.PropertyPermission" name="java.vm.name" actions="read">
|
---|
123 | </blockquote></pre>
|
---|
124 | These permissions can be revoked via <revoke> elements if necessary.
|
---|
125 |
|
---|
126 | <h3>Examples</h3>
|
---|
127 | <blockquote><pre>
|
---|
128 | <permissions>
|
---|
129 | <grant class="java.security.AllPermission"/>
|
---|
130 | <revoke class="java.util.PropertyPermission"/>
|
---|
131 | </permissions>
|
---|
132 | </pre></blockquote>
|
---|
133 | <p>
|
---|
134 | Grants all permissions to the code except for those handling Properties.
|
---|
135 | </p>
|
---|
136 | <blockquote><pre>
|
---|
137 | <permissions>
|
---|
138 | <grant class="java.net.SocketPermission" name="foo.bar.com" action="connect"/>
|
---|
139 | <grant class="java.util.PropertyPermission" name="user.home" action="read,write"/>
|
---|
140 | </permissions>
|
---|
141 | </pre></blockquote>
|
---|
142 | <p>
|
---|
143 | Grants the base set of permissions with the addition of a SocketPermission to connect
|
---|
144 | to foo.bar.com and the permission to read and write the user.home system property.
|
---|
145 | </p>
|
---|
146 | <hr>
|
---|
147 | <p align="center">Copyright © 2003-2004 The Apache Software Foundation.
|
---|
148 | All rights Reserved.</p>
|
---|
149 | </body>
|
---|
150 | </html>
|
---|