java.io.Serializable
, java.security.Guard
public final class SpecialPermission
extends java.security.BasicPermission
AccessController.doPrivileged()
blocks.
We try to avoid these blocks in our code and keep security simple, but we need them for a few special places to contain hacks for third party code, or dangerous things used by scripting engines.
All normal code has this permission, but checking this before truncating the stack prevents unprivileged code (e.g. scripts), which do not have it, from gaining elevated privileges.
In other words, don't do this:
// throw away all information about caller and run with our own privs
AccessController.doPrivileged(
...
);
// check caller first, to see if they should be allowed to do this
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
// throw away all information about caller and run with our own privs
AccessController.doPrivileged(
...
);
Modifier and Type | Field | Description |
---|---|---|
static SpecialPermission |
INSTANCE |
Constructor | Description |
---|---|
SpecialPermission() |
Creates a new SpecialPermision object.
|
SpecialPermission(java.lang.String name,
java.lang.String actions) |
Creates a new SpecialPermission object.
|
Modifier and Type | Method | Description |
---|---|---|
static void |
check() |
Check that the current stack has
SpecialPermission access according to the SecurityManager . |
equals, getActions, hashCode, implies, newPermissionCollection
public static final SpecialPermission INSTANCE
public SpecialPermission()
public SpecialPermission(java.lang.String name, java.lang.String actions)
Policy
object to instantiate new Permission objects.name
- ignoredactions
- ignoredpublic static void check()
SpecialPermission
access according to the SecurityManager
.