diff options
Diffstat (limited to 'framework/src/ant/apache-ant-1.9.6/manual/Types/permissions.html')
-rw-r--r-- | framework/src/ant/apache-ant-1.9.6/manual/Types/permissions.html | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/framework/src/ant/apache-ant-1.9.6/manual/Types/permissions.html b/framework/src/ant/apache-ant-1.9.6/manual/Types/permissions.html new file mode 100644 index 00000000..f7b90b78 --- /dev/null +++ b/framework/src/ant/apache-ant-1.9.6/manual/Types/permissions.html @@ -0,0 +1,164 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<html> + +<head> +<meta http-equiv="Content-Language" content="en-us"> +<link rel="stylesheet" type="text/css" href="../stylesheets/style.css"> +<title>Permissions type</title> +</head> + +<body> + +<h2><a name="permissions">Permissions</a></h2> +<p> +Permissions represents a set of security permissions granted or revoked to +a specific part code executed in the JVM where Apache Ant is running in. +The actual Permissions are specified via a set of nested permission items either +<code><grant></code>ed or <code><revoke></code>d.</p> +<p> +In the base situation a <a href="#baseset">base set</a> of permissions granted. +Extra permissions can be +granted. A granted permission can be overruled by revoking a permission. +The security manager installed by the permissions will throw an +<code>SecurityException</code> if +the code subject to these permissions try to use an permission that has not been +granted or that has been revoked.</p> +<h3>Nested elements</h3> +<h4>grant</h4> +<p> +Indicates a specific permission is always granted. Its attributes indicate which +permissions are granted.</p> +<table border="1" cellpadding="2" cellspacing="0"> + <tr> + <td valign="top"><b>Attribute</b></td> + <td valign="top"><b>Description</b></td> + <td align="center" valign="top"><b>Required</b></td> + </tr> + <tr> + <td valign="top">class</td> + <td valign="top">The fully qualified name of the Permission class.</td> + <td valign="top" align="center">Yes</td> + </tr> + <tr> + <td valign="top">name</td> + <td valign="top">The name of the Permission. The actual contents depends on the + Permission class.</td> + <td valign="top" align="center">No</td> + </tr> + <tr> + <td valign="top">actions</td> + <td valign="top">The actions allowed. The actual contents depend on the + Permission class and name.</td> + <td valign="top" align="center">No</td> + </tr> +</table> +<p> +Implied permissions are granted. +</p> +<p> +Please note that some Permission classes may actually need a name and / or actions in order to function properly. The name and actions are parsed by the actual +Permission class. +</p> +<h4>revoke</h4> +<p> +Indicates a specific permission is revoked.</p> +<table border="1" cellpadding="2" cellspacing="0"> + <tr> + <td valign="top"><b>Attribute</b></td> + <td valign="top"><b>Description</b></td> + <td align="center" valign="top"><b>Required</b></td> + </tr> + <tr> + <td valign="top">class</td> + <td valign="top">The fully qualified name of the Permission class.</td> + <td valign="top" align="center">Yes</td> + </tr> + <tr> + <td valign="top">name</td> + <td valign="top">The name of the Permission. The actual contents depends on the + Permission class.</td> + <td valign="top" align="center">No</td> + </tr> + <tr> + <td valign="top">actions</td> + <td valign="top">The actions allowed. The actual contents depend on the + Permission class and name.</td> + <td valign="top" align="center">No</td> + </tr> +</table> +<p> +Implied permissions are not resolved and therefore also not revoked. +</p> +<p> +The name can handle the * wildcard at the end of the name, in which case all +permissions of the specified class of which the name starts with the specified name +(excluding the *) are revoked. Note that the - wildcard often supported by the +granted properties is not supported. +If the name is left empty all names match, and are revoked. +If the actions are left empty all actions match, and are revoked. +</p> +<h3><a name="baseset">Base set</a></h3> +A permissions set implicitly contains the following permissions: +<blockquote><pre> +<grant class="java.net.SocketPermission" name="localhost:1024-" actions="listen"> +<grant class="java.util.PropertyPermission" name="java.version" actions="read"> +<grant class="java.util.PropertyPermission" name="java.vendor" actions="read"> +<grant class="java.util.PropertyPermission" name="java.vendor.url" actions="read"> +<grant class="java.util.PropertyPermission" name="java.class.version" actions="read"> +<grant class="java.util.PropertyPermission" name="os.name" actions="read"> +<grant class="java.util.PropertyPermission" name="os.version" actions="read"> +<grant class="java.util.PropertyPermission" name="os.arch" actions="read"> +<grant class="java.util.PropertyPermission" name="file.encoding" actions="read"> +<grant class="java.util.PropertyPermission" name="file.separator" actions="read"> +<grant class="java.util.PropertyPermission" name="path.separator" actions="read"> +<grant class="java.util.PropertyPermission" name="line.separator" actions="read"> +<grant class="java.util.PropertyPermission" name="java.specification.version" actions="read"> +<grant class="java.util.PropertyPermission" name="java.specification.vendor" actions="read"> +<grant class="java.util.PropertyPermission" name="java.specification.name" actions="read"> +<grant class="java.util.PropertyPermission" name="java.vm.specification.version" actions="read"> +<grant class="java.util.PropertyPermission" name="java.vm.specification.vendor" actions="read"> +<grant class="java.util.PropertyPermission" name="java.vm.specification.name" actions="read"> +<grant class="java.util.PropertyPermission" name="java.vm.version" actions="read"> +<grant class="java.util.PropertyPermission" name="java.vm.vendor" actions="read"> +<grant class="java.util.PropertyPermission" name="java.vm.name" actions="read"> +</blockquote></pre> +These permissions can be revoked via <code><revoke></code> elements if necessary. + +<h3>Examples</h3> +<blockquote><pre> +<permissions> + <grant class="java.security.AllPermission"/> + <revoke class="java.util.PropertyPermission"/> +</permissions> +</pre></blockquote> +<p> +Grants all permissions to the code except for those handling Properties. +</p> +<blockquote><pre> +<permissions> + <grant class="java.net.SocketPermission" name="foo.bar.com" action="connect"/> + <grant class="java.util.PropertyPermission" name="user.home" action="read,write"/> +</permissions> +</pre></blockquote> +<p> +Grants the base set of permissions with the addition of a SocketPermission to connect +to foo.bar.com and the permission to read and write the user.home system property. +</p> + +</body> +</html> |