1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/src/share/jaxws_classes/javax/xml/bind/JAXBPermission.java Wed Apr 27 01:27:09 2016 +0800
1.3 @@ -0,0 +1,93 @@
1.4 +/*
1.5 + * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
1.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1.7 + *
1.8 + * This code is free software; you can redistribute it and/or modify it
1.9 + * under the terms of the GNU General Public License version 2 only, as
1.10 + * published by the Free Software Foundation. Oracle designates this
1.11 + * particular file as subject to the "Classpath" exception as provided
1.12 + * by Oracle in the LICENSE file that accompanied this code.
1.13 + *
1.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
1.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
1.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
1.17 + * version 2 for more details (a copy is included in the LICENSE file that
1.18 + * accompanied this code).
1.19 + *
1.20 + * You should have received a copy of the GNU General Public License version
1.21 + * 2 along with this work; if not, write to the Free Software Foundation,
1.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
1.23 + *
1.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
1.25 + * or visit www.oracle.com if you need additional information or have any
1.26 + * questions.
1.27 + */
1.28 +
1.29 +package javax.xml.bind;
1.30 +
1.31 +import java.security.BasicPermission;
1.32 +
1.33 +/**
1.34 + * This class is for JAXB permissions. A {@code JAXBPermission}
1.35 + * contains a name (also referred to as a "target name") but
1.36 + * no actions list; you either have the named permission
1.37 + * or you don't.
1.38 + *
1.39 + * <P>
1.40 + * The target name is the name of the JAXB permission (see below).
1.41 + *
1.42 + * <P>
1.43 + * The following table lists all the possible {@code JAXBPermission} target names,
1.44 + * and for each provides a description of what the permission allows
1.45 + * and a discussion of the risks of granting code the permission.
1.46 + * <P>
1.47 + *
1.48 + * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
1.49 + * <tr>
1.50 + * <th>Permission Target Name</th>
1.51 + * <th>What the Permission Allows</th>
1.52 + * <th>Risks of Allowing this Permission</th>
1.53 + * </tr>
1.54 + *
1.55 + * <tr>
1.56 + * <td>setDatatypeConverter</td>
1.57 + * <td>
1.58 + * Allows the code to set VM-wide {@link DatatypeConverterInterface}
1.59 + * via {@link DatatypeConverter#setDatatypeConverter(DatatypeConverterInterface) the setDatatypeConverter method}
1.60 + * that all the methods on {@link DatatypeConverter} uses.
1.61 + * </td>
1.62 + * <td>
1.63 + * Malicious code can set {@link DatatypeConverterInterface}, which has
1.64 + * VM-wide singleton semantics, before a genuine JAXB implementation sets one.
1.65 + * This allows malicious code to gain access to objects that it may otherwise
1.66 + * not have access to, such as {@link java.awt.Frame#getFrames()} that belongs to
1.67 + * another application running in the same JVM.
1.68 + * </td>
1.69 + * </tr>
1.70 + * </table>
1.71 + *
1.72 + * @see java.security.BasicPermission
1.73 + * @see java.security.Permission
1.74 + * @see java.security.Permissions
1.75 + * @see java.security.PermissionCollection
1.76 + * @see java.lang.SecurityManager
1.77 + *
1.78 + * @author Joe Fialli
1.79 + * @since JAXB 2.2
1.80 + */
1.81 +
1.82 +/* code was borrowed originally from java.lang.RuntimePermission. */
1.83 +public final class JAXBPermission extends BasicPermission {
1.84 + /**
1.85 + * Creates a new JAXBPermission with the specified name.
1.86 + *
1.87 + * @param name
1.88 + * The name of the JAXBPermission. As of 2.2 only "setDatatypeConverter"
1.89 + * is defined.
1.90 + */
1.91 + public JAXBPermission(String name) {
1.92 + super(name);
1.93 + }
1.94 +
1.95 + private static final long serialVersionUID = 1L;
1.96 +}
