...
This is an extremely dangerous permission to grant. Malicious applications that can instantiate their own class loaders could then load their own rogue classes into the system. These newly loaded classes could be placed into any protection domain by the class loader, thereby automatically granting the classes the permissions for that domain.
Noncompliant Code Example (Security Policy File)
This noncompliant example grants AllPermission to the klib library:
| Code Block | ||
|---|---|---|
| ||
// Grant the klib library AllPermission
grant codebase "file:${klib.home}/j2se/home/klib.jar" {
permission java.security.AllPermission;
};
|
The permission itself is specified in the security policy file used by the security manager. Program code can obtain a permission object by subclassing the java.security.Permission class or any of its subclasses (BasicPermission, for example). The code can use the resulting object to grant AllPermission to a ProtectionDomain.
Compliant Solution
This compliant solution shows a policy file that can be used to enforce fine-grained permissions:
| Code Block | ||
|---|---|---|
| ||
grant codeBase
"file:${klib.home}/j2se/home/klib.jar", signedBy "Admin" {
permission java.io.FilePermission "/tmp/*", "read";
permission java.io.SocketPermission "*", "connect";
};
|
To check whether the caller has the requisite permissions, standard Java APIs use code such as the following:
| Code Block | ||
|---|---|---|
| ||
// Security manager check
FilePermission perm =
new java.io.FilePermission("/tmp/JavaFile", "read");
AccessController.checkPermission(perm);
// ...
|
Always assign appropriate permissions to code. Define custom permissions when the granularity of the standard permissions is insufficient.