SpecialPermission (server 6.3.2 API)

Skip navigation links

All Classes

SEARCH:

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- java.security.Permission
- - java.security.BasicPermission
  - - org.elasticsearch.SpecialPermission

All Implemented Interfaces:

java.io.Serializable, java.security.Guard
```
public final class SpecialPermission
extends java.security.BasicPermission
```
Elasticsearch-specific permission to check before entering AccessController.doPrivileged() blocks.
We try to avoid these blocks in our code and keep security simple, but we need them for a few special places to contain hacks for third party code, or dangerous things used by scripting engines.
All normal code has this permission, but checking this before truncating the stack prevents unprivileged code (e.g. scripts), which do not have it, from gaining elevated privileges.
In other words, don't do this:
```
   // throw away all information about caller and run with our own privs
   AccessController.doPrivileged(
    ...
   );
 
```
Instead do this;
```
   // check caller first, to see if they should be allowed to do this
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
     sm.checkPermission(new SpecialPermission());
   }
   // throw away all information about caller and run with our own privs
   AccessController.doPrivileged(
    ...
   );
 
```
See Also:

Serialized Form

Field Summary

Fields
Modifier and Type Field Description

static SpecialPermission INSTANCE

Constructor Summary

Constructors
Constructor	Description
`SpecialPermission()`	Creates a new SpecialPermision object.
`SpecialPermission(java.lang.String name, java.lang.String actions)`	Creates a new SpecialPermission object.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static void`	`check()`	Check that the current stack has `SpecialPermission` access according to the `SecurityManager`.

Methods inherited from class java.security.BasicPermission
equals, getActions, hashCode, implies, newPermissionCollection

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from class java.security.Permission
checkGuard, getName, toString

- Field Detail
  - INSTANCE
```
public static final SpecialPermission INSTANCE
```
- Constructor Detail
  - SpecialPermission
```
public SpecialPermission()
```
    Creates a new SpecialPermision object.
  - SpecialPermission
```
public SpecialPermission(java.lang.String name,
                         java.lang.String actions)
```
    Creates a new SpecialPermission object. This constructor exists for use by the Policy object to instantiate new Permission objects.
    
    Parameters:
    
    name - ignored
    
    actions - ignored
- Method Detail
  - check
```
public static void check()
```
    Check that the current stack has SpecialPermission access according to the SecurityManager.

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method