The Permission Collection

Setting permissions

When setting permissions, it is important to know how the permissions work, their purpose, and their parameters. For instance, in Listing 18-13, the FilePermission is set to allow read access from all files in the /tmp directory. The FilePermission takes the name value of a file name and the operations can be read, write, execute, and delete.

Listing 18-13: FilePermission example

 grant {   permission java.io.FilePermission "/tmp/*", "read"; }; 

 

All permissions are derived from the java.security.Permission class. The immediate derived classes are illustrated in Figure 18-4.

Figure 18-4: Immediate java.security.Permission derived classes

Extending permissions

There are many more permissions than are shown here. These are the main permissions that immediately derive from the Permission class. To give an idea how many more permissions are extended, the classes derived from java.security.BasicPermission are:

• java.sound.sampled.AudioPermission

• javax.security.auth.AuthPermission

• java.awt.AWTPermission

• javax.security.auth.kerberos.DelegationPermission

• java.util.logging.LoggingPermission

• java.net.NetPermission

• java.util.PropertyPermission

• java.lang.reflect.ReflectPermission

• java.lang.RuntimePermission

• java.security.SecurityPermission

• java.io.SerializablePermission

• java.sql.SQLPermission

• javax.net.ssl.SSLPermission .

Many permissions need to be supported and, instead of extending the security manager for every extension, the access controller checks all permissions that are derived from the Permission class.