youys
/
ant
Not watched
1
0
Fork 1
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: ddd80042e6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ddd80042e6'
${ noResults }
ant/manual/Types/permissions.html

165 lines
7.9 kB
Raw Blame History 

  1. <!--

  2.    Licensed to the Apache Software Foundation (ASF) under one or more

  3.    contributor license agreements.  See the NOTICE file distributed with

  4.    this work for additional information regarding copyright ownership.

  5.    The ASF licenses this file to You under the Apache License, Version 2.0

  6.    (the "License"); you may not use this file except in compliance with

  7.    the License.  You may obtain a copy of the License at

  8. 

  9.        http://www.apache.org/licenses/LICENSE-2.0

  10. 

  11.    Unless required by applicable law or agreed to in writing, software

  12.    distributed under the License is distributed on an "AS IS" BASIS,

  13.    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.    See the License for the specific language governing permissions and

  15.    limitations under the License.

  16. -->

  17. <html>

  18. 

  19. <head>

  20. <meta http-equiv="Content-Language" content="en-us">

  21. <link rel="stylesheet" type="text/css" href="../stylesheets/style.css">

  22. <title>Permissions type</title>

  23. </head>

  24. 

  25. <body>

  26. 

  27. <h2><a name="permissions">Permissions</a></h2>

  28. <p>

  29. Permissions represents a set of security permissions granted or revoked to

  30. a specific part code executed in the JVM where Apache Ant is running in.

  31. The actual Permissions are specified via a set of nested permission items either

  32. <code>&lt;grant&gt;</code>ed or <code>&lt;revoke&gt;</code>d.</p>

  33. <p>

  34. In the base situation a <a href="#baseset">base set</a> of permissions granted. 

  35. Extra permissions can be

  36. granted. A granted permission can be overruled by revoking a permission.

  37. The security manager installed by the permissions will throw an 

  38. <code>SecurityException</code> if

  39. the code subject to these permissions try to use an permission that has not been 

  40. granted or that has been revoked.</p>

  41. <h3>Nested elements</h3>

  42. <h4>grant</h4>

  43. <p>

  44. Indicates a specific permission is always granted. Its attributes indicate which 

  45. permissions are granted.</p>

  46. <table border="1" cellpadding="2" cellspacing="0">

  47.   <tr>

  48.     <td valign="top"><b>Attribute</b></td>

  49.     <td valign="top"><b>Description</b></td>

  50.     <td align="center" valign="top"><b>Required</b></td>

  51.   </tr>

  52.   <tr>

  53.     <td valign="top">class</td>

  54.     <td valign="top">The fully qualified name of the Permission class.</td>

  55.     <td valign="top" align="center">Yes</td>

  56.   </tr>

  57.   <tr>

  58.     <td valign="top">name</td>

  59.     <td valign="top">The name of the Permission. The actual contents depends on the

  60.     Permission class.</td>

  61.     <td valign="top" align="center">No</td>

  62.   </tr>

  63.   <tr>

  64.     <td valign="top">actions</td>

  65.     <td valign="top">The actions allowed. The actual contents depend on the 

  66.     Permission class and name.</td>

  67.     <td valign="top" align="center">No</td>

  68.   </tr>

  69. </table>

  70. <p>

  71. Implied permissions are granted.

  72. </p>

  73. <p>

  74. Please note that some Permission classes may actually need a name and / or actions in order to function properly. The name and actions are parsed by the actual

  75. Permission class.

  76. </p>

  77. <h4>revoke</h4>

  78. <p>

  79. Indicates a specific permission is revoked.</p>

  80. <table border="1" cellpadding="2" cellspacing="0">

  81.   <tr>

  82.     <td valign="top"><b>Attribute</b></td>

  83.     <td valign="top"><b>Description</b></td>

  84.     <td align="center" valign="top"><b>Required</b></td>

  85.   </tr>

  86.   <tr>

  87.     <td valign="top">class</td>

  88.     <td valign="top">The fully qualified name of the Permission class.</td>

  89.     <td valign="top" align="center">Yes</td>

  90.   </tr>

  91.   <tr>

  92.     <td valign="top">name</td>

  93.     <td valign="top">The name of the Permission. The actual contents depends on the

  94.     Permission class.</td>

  95.     <td valign="top" align="center">No</td>

  96.   </tr>

  97.   <tr>

  98.     <td valign="top">actions</td>

  99.     <td valign="top">The actions allowed. The actual contents depend on the 

  100.     Permission class and name.</td>

  101.     <td valign="top" align="center">No</td>

  102.   </tr>

  103. </table>

  104. <p>

  105. Implied permissions are not resolved and therefore also not revoked.

  106. </p>

  107. <p>

  108. The name can handle the * wildcard at the end of the name, in which case all 

  109. permissions of the specified class of which the name starts with the specified name

  110. (excluding the *) are revoked. Note that the - wildcard often supported by the

  111. granted properties is not supported.

  112. If the name is left empty all names match, and are revoked.

  113. If the actions are left empty all actions match, and are revoked.

  114. </p>

  115. <h3><a name="baseset">Base set</a></h3>

  116. A permissions set implictly contains the following permissions:

  117. <blockquote><pre>

  118. &lt;grant class=&quot;java.net.SocketPermission&quot; name=&quot;localhost:1024-&quot; actions=&quot;listen&quot;&gt;

  119. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.version&quot; actions=&quot;read&quot;&gt;

  120. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.vendor&quot; actions=&quot;read&quot;&gt;

  121. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.vendor.url&quot; actions=&quot;read&quot;&gt;

  122. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.class.version&quot; actions=&quot;read&quot;&gt;

  123. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;os.name&quot; actions=&quot;read&quot;&gt;

  124. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;os.version&quot; actions=&quot;read&quot;&gt;

  125. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;os.arch&quot; actions=&quot;read&quot;&gt;

  126. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;file.encoding&quot; actions=&quot;read&quot;&gt;

  127. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;file.separator&quot; actions=&quot;read&quot;&gt;

  128. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;path.separator&quot; actions=&quot;read&quot;&gt;

  129. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;line.separator&quot; actions=&quot;read&quot;&gt;

  130. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.specification.version&quot; actions=&quot;read&quot;&gt;

  131. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.specification.vendor&quot; actions=&quot;read&quot;&gt;

  132. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.specification.name&quot; actions=&quot;read&quot;&gt;

  133. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.vm.specification.version&quot; actions=&quot;read&quot;&gt;

  134. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.vm.specification.vendor&quot; actions=&quot;read&quot;&gt;

  135. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.vm.specification.name&quot; actions=&quot;read&quot;&gt;

  136. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.vm.version&quot; actions=&quot;read&quot;&gt;

  137. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.vm.vendor&quot; actions=&quot;read&quot;&gt;

  138. &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;java.vm.name&quot; actions=&quot;read&quot;&gt;

  139. </blockquote></pre>

  140. These permissions can be revoked via <code>&lt;revoke&gt;</code> elements if necessary.

  141. 

  142. <h3>Examples</h3>

  143. <blockquote><pre>

  144. &lt;permissions&gt;

  145.   &lt;grant class=&quot;java.security.AllPermission&quot;/&gt;

  146.   &lt;revoke class=&quot;java.util.PropertyPermission&quot;/&gt;

  147. &lt;/permissions&gt;

  148. </pre></blockquote>

  149. <p>

  150. Grants all permissions to the code except for those handling Properties.

  151. </p>

  152. <blockquote><pre>

  153. &lt;permissions&gt;

  154.   &lt;grant class=&quot;java.net.SocketPermission&quot; name=&quot;foo.bar.com&quot; action=&quot;connect&quot;/&gt;

  155.   &lt;grant class=&quot;java.util.PropertyPermission&quot; name=&quot;user.home&quot; action=&quot;read,write&quot;/&gt;

  156. &lt;/permissions&gt;

  157. </pre></blockquote>

  158. <p>

  159. Grants the base set of permissions with the addition of a SocketPermission to connect

  160. to foo.bar.com and the permission to read and write the user.home system property.

  161. </p>

  162. 

  163. </body>

  164. </html>