| <html> |
| |
| <head> |
| <meta http-equiv="Content-Language" content="en-us"> |
| <title>Permissions type</title> |
| <link rel="stylesheet" type="text/css" href="../stylesheets/antmanual.css"> |
| </head> |
| |
| <body> |
| |
| <h2><a name="permissions">Permissions</a></h2> |
| <p> |
| Permissions represents a set of security permissions granted or revoked to |
| a specific part code executed in the JVM where ant is running in. |
| The actual Permissions are specified via a set of nested permission items either |
| <code><grant></code>ed or <code><revoke></code>d.</p> |
| <p> |
| In the base situation a <a href="#baseset">base set</a> of permissions granted. |
| Extra permissions can be |
| granted. A granted permission can be overruled by revoking a permission. |
| The security manager installed by the permissions will throw an |
| <code>SecurityException</code> if |
| the code subject to these permissions try to use an permission that has not been |
| granted or that has been revoked.</p> |
| <h3>Nested elements</h3> |
| <h4>grant</h4> |
| <p> |
| Indicates a specific permission is always granted. Its attributes indicate which |
| permissions are granted.</p> |
| <table border="1" cellpadding="2" cellspacing="0"> |
| <tr> |
| <td valign="top"><b>Attribute</b></td> |
| <td valign="top"><b>Description</b></td> |
| <td align="center" valign="top"><b>Required</b></td> |
| </tr> |
| <tr> |
| <td valign="top">class</td> |
| <td valign="top">The fully qualified name of the Permission class.</td> |
| <td valign="top" align="center">Yes</td> |
| </tr> |
| <tr> |
| <td valign="top">name</td> |
| <td valign="top">The name of the Permission. The actual contents depends on the |
| Permission class.</td> |
| <td valign="top" align="center">No</td> |
| </tr> |
| <tr> |
| <td valign="top">actions</td> |
| <td valign="top">The actions allowed. The actual contents depend on the |
| Permission class and name.</td> |
| <td valign="top" align="center">No</td> |
| </tr> |
| </table> |
| <p> |
| Implied permissions are granted. |
| </p> |
| <p> |
| Please note that some Permission classes may actually need a name and / or actions in order to function properly. The name and actions are parsed by the actual |
| Permission class. |
| </p> |
| <h4>revoke</h4> |
| <p> |
| Indicates a specific permission is revoked.</p> |
| <table border="1" cellpadding="2" cellspacing="0"> |
| <tr> |
| <td valign="top"><b>Attribute</b></td> |
| <td valign="top"><b>Description</b></td> |
| <td align="center" valign="top"><b>Required</b></td> |
| </tr> |
| <tr> |
| <td valign="top">class</td> |
| <td valign="top">The fully qualified name of the Permission class.</td> |
| <td valign="top" align="center">Yes</td> |
| </tr> |
| <tr> |
| <td valign="top">name</td> |
| <td valign="top">The name of the Permission. The actual contents depends on the |
| Permission class.</td> |
| <td valign="top" align="center">No</td> |
| </tr> |
| <tr> |
| <td valign="top">actions</td> |
| <td valign="top">The actions allowed. The actual contents depend on the |
| Permission class and name.</td> |
| <td valign="top" align="center">No</td> |
| </tr> |
| </table> |
| <p> |
| Implied permissions are not resolved and therefore also not revoked. |
| </p> |
| <p> |
| The name can handle the * wildcard at the end of the name, in which case all |
| permissions of the specified class of which the name starts with the specified name |
| (excluding the *) are revoked. Note that the - wildcard often supported by the |
| granted properties is not supported. |
| If the name is left empty all names match, and are revoked. |
| If the actions are left empty all actions match, and are revoked. |
| </p> |
| <h3><a name="baseset">Base set</a></h3> |
| A permissions set implictly contains the following permissions: |
| <blockquote><pre> |
| <grant class="java.net.SocketPermission" name="localhost:1024-" actions="listen"> |
| <grant class="java.util.PropertyPermission" name="java.version" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.vendor" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.vendor.url" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.class.version" actions="read"> |
| <grant class="java.util.PropertyPermission" name="os.name" actions="read"> |
| <grant class="java.util.PropertyPermission" name="os.version" actions="read"> |
| <grant class="java.util.PropertyPermission" name="os.arch" actions="read"> |
| <grant class="java.util.PropertyPermission" name="file.encoding" actions="read"> |
| <grant class="java.util.PropertyPermission" name="file.separator" actions="read"> |
| <grant class="java.util.PropertyPermission" name="path.separator" actions="read"> |
| <grant class="java.util.PropertyPermission" name="line.separator" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.specification.version" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.specification.vendor" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.specification.name" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.vm.specification.version" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.vm.specification.vendor" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.vm.specification.name" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.vm.version" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.vm.vendor" actions="read"> |
| <grant class="java.util.PropertyPermission" name="java.vm.name" actions="read"> |
| </blockquote></pre> |
| These permissions can be revoked via <revoke> elements if necessary. |
| |
| <h3>Examples</h3> |
| <blockquote><pre> |
| <permissions> |
| <grant class="java.security.AllPermission"/> |
| <revoke class="java.util.PropertyPermission"/> |
| </permissions> |
| </pre></blockquote> |
| <p> |
| Grants all permissions to the code except for those handling Properties. |
| </p> |
| <blockquote><pre> |
| <permissions> |
| <grant class="java.net.SocketPermission" name="foo.bar.com" action="connect"/> |
| <grant class="java.util.PropertyPermission" name="user.home" action="read,write"/> |
| </permissions> |
| </pre></blockquote> |
| <p> |
| Grants the base set of permissions with the addition of a SocketPermission to connect |
| to foo.bar.com and the permission to read and write the user.home system property. |
| </p> |
| <hr> |
| <p align="center">Copyright © 2003 Apache Software Foundation. |
| All rights Reserved.</p> |
| </body> |
| </html> |