1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/src/share/jaxws_classes/javax/xml/bind/JAXBPermission.java Wed Apr 27 01:27:09 2016 +0800 1.3 @@ -0,0 +1,93 @@ 1.4 +/* 1.5 + * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. 1.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.7 + * 1.8 + * This code is free software; you can redistribute it and/or modify it 1.9 + * under the terms of the GNU General Public License version 2 only, as 1.10 + * published by the Free Software Foundation. Oracle designates this 1.11 + * particular file as subject to the "Classpath" exception as provided 1.12 + * by Oracle in the LICENSE file that accompanied this code. 1.13 + * 1.14 + * This code is distributed in the hope that it will be useful, but WITHOUT 1.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1.17 + * version 2 for more details (a copy is included in the LICENSE file that 1.18 + * accompanied this code). 1.19 + * 1.20 + * You should have received a copy of the GNU General Public License version 1.21 + * 2 along with this work; if not, write to the Free Software Foundation, 1.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 1.23 + * 1.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 1.25 + * or visit www.oracle.com if you need additional information or have any 1.26 + * questions. 1.27 + */ 1.28 + 1.29 +package javax.xml.bind; 1.30 + 1.31 +import java.security.BasicPermission; 1.32 + 1.33 +/** 1.34 + * This class is for JAXB permissions. A {@code JAXBPermission} 1.35 + * contains a name (also referred to as a "target name") but 1.36 + * no actions list; you either have the named permission 1.37 + * or you don't. 1.38 + * 1.39 + * <P> 1.40 + * The target name is the name of the JAXB permission (see below). 1.41 + * 1.42 + * <P> 1.43 + * The following table lists all the possible {@code JAXBPermission} target names, 1.44 + * and for each provides a description of what the permission allows 1.45 + * and a discussion of the risks of granting code the permission. 1.46 + * <P> 1.47 + * 1.48 + * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks"> 1.49 + * <tr> 1.50 + * <th>Permission Target Name</th> 1.51 + * <th>What the Permission Allows</th> 1.52 + * <th>Risks of Allowing this Permission</th> 1.53 + * </tr> 1.54 + * 1.55 + * <tr> 1.56 + * <td>setDatatypeConverter</td> 1.57 + * <td> 1.58 + * Allows the code to set VM-wide {@link DatatypeConverterInterface} 1.59 + * via {@link DatatypeConverter#setDatatypeConverter(DatatypeConverterInterface) the setDatatypeConverter method} 1.60 + * that all the methods on {@link DatatypeConverter} uses. 1.61 + * </td> 1.62 + * <td> 1.63 + * Malicious code can set {@link DatatypeConverterInterface}, which has 1.64 + * VM-wide singleton semantics, before a genuine JAXB implementation sets one. 1.65 + * This allows malicious code to gain access to objects that it may otherwise 1.66 + * not have access to, such as {@link java.awt.Frame#getFrames()} that belongs to 1.67 + * another application running in the same JVM. 1.68 + * </td> 1.69 + * </tr> 1.70 + * </table> 1.71 + * 1.72 + * @see java.security.BasicPermission 1.73 + * @see java.security.Permission 1.74 + * @see java.security.Permissions 1.75 + * @see java.security.PermissionCollection 1.76 + * @see java.lang.SecurityManager 1.77 + * 1.78 + * @author Joe Fialli 1.79 + * @since JAXB 2.2 1.80 + */ 1.81 + 1.82 +/* code was borrowed originally from java.lang.RuntimePermission. */ 1.83 +public final class JAXBPermission extends BasicPermission { 1.84 + /** 1.85 + * Creates a new JAXBPermission with the specified name. 1.86 + * 1.87 + * @param name 1.88 + * The name of the JAXBPermission. As of 2.2 only "setDatatypeConverter" 1.89 + * is defined. 1.90 + */ 1.91 + public JAXBPermission(String name) { 1.92 + super(name); 1.93 + } 1.94 + 1.95 + private static final long serialVersionUID = 1L; 1.96 +}