The permission java.security.AllPermission implies all other permissions; , thus granting java.security.AllPermission indeed grants all possible permissions to code. This facility was included both to reduce the burden of managing a multitude of permissions during routine testing, as well as for to use when a body of code is completely trusted. Code is typically granted AllPermission via the security policy file; it is also possible to programmatically associate AllPermission with a ProtectionDomain. This permission is dangerous in production environments; never grant AllPermission to untrusted code.
...
The permission itself is specified in the security policy file used by the security manager. Program code can obtain a permission object by subclassing the java.security.Permission class or any of its subclasses (e.g. for examle, BasicPermission). The code can use the resulting object to grant AllPermission to a ProtectionDomain. This is bad practice.
...
To check whether the caller has the requisite permissions, standard Java APIs use code, such as the following:
| Code Block | ||
|---|---|---|
| ||
// Security manager code
perm = new java.io.FilePermission("/tmp/JavaFile", "read");
AccessController.checkPermission(perm);
// ...
|
...