Produced by Araxis Merge on 9/25/2018 2:13:10 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\java\security | SecurityPermission.java | Mon Jan 22 14:46:52 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\java\security | SecurityPermission.java | Wed Sep 12 17:12:29 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 694 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 199 7, 2013, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package ja va.securit y; | |
27 | ||
28 | import jav a.security .*; | |
29 | import jav a.util.Enu meration; | |
30 | import jav a.util.Has htable; | |
31 | import jav a.util.Str ingTokeniz er; | |
32 | ||
33 | /** | |
34 | * This cl ass is for security permission s. | |
35 | * A Secur ityPermiss ion contai ns a name (also refe rred to as a "target name") | |
36 | * but no actions li st; you ei ther have the named permission | |
37 | * or you don't. | |
38 | * <P> | |
39 | * The tar get name i s the name of a secu rity confi guration p arameter ( see below) . | |
40 | * Current ly the Sec urityPermi ssion obje ct is used to guard access | |
41 | * to the Policy, Se curity, Pr ovider, Si gner, and Identity | |
42 | * objects . | |
43 | * <P> | |
44 | * The fol lowing tab le lists a ll the pos sible Secu rityPermis sion targe t names, | |
45 | * and for each prov ides a des cription o f what the permissio n allows | |
46 | * and a d iscussion of the ris ks of gran ting code the permis sion. | |
47 | * | |
48 | * <table border=1 c ellpadding =5 summary ="target n ame,what t he permiss ion allows , and asso ciated ris ks"> | |
49 | * <tr> | |
50 | * <th>Per mission Ta rget Name< /th> | |
51 | * <th>Wha t the Perm ission All ows</th> | |
52 | * <th>Ris ks of Allo wing this Permission </th> | |
53 | * </tr> | |
54 | * | |
55 | * <tr> | |
56 | * <td>c reateAcces sControlCo ntext</td> | |
57 | * <td>C reation of an Access ControlCon text</td> | |
58 | * <td>T his allows someone t o instanti ate an Acc essControl Context | |
59 | * with a {@code Dom ainCombine r}. Extre me care mu st be take n when | |
60 | * grantin g this per mission. M alicious c ode could create a D omainCombi ner | |
61 | * that au gments the set of pe rmissions granted to code, and even gran t the | |
62 | * code {@ link java. security.A llPermissi on}.</td> | |
63 | * </tr> | |
64 | * | |
65 | * <tr> | |
66 | * <td>g etDomainCo mbiner</td > | |
67 | * <td>R etrieval o f an Acces sControlCo ntext's Do mainCombin er</td> | |
68 | * <td>T his allows someone t o retrieve an Access ControlCon text's | |
69 | * {@code DomainComb iner}. Si nce Domain Combiners may contai n | |
70 | * sensiti ve informa tion, this could pot entially l ead to a p rivacy lea k.</td> | |
71 | * </tr> | |
72 | * | |
73 | * <tr> | |
74 | * <td>g etPolicy</ td> | |
75 | * <td>R etrieval o f the syst em-wide se curity pol icy (speci fically, o f the | |
76 | * current ly-install ed Policy object)</t d> | |
77 | * <td>T his allows someone t o query th e policy v ia the | |
78 | * {@code getPermiss ions} call , | |
79 | * which d iscloses w hich permi ssions wou ld be gran ted to a g iven CodeS ource. | |
80 | * While r evealing t he policy does not c ompromise the securi ty of | |
81 | * the sys tem, it do es provide malicious code with additiona l informat ion | |
82 | * which i t may use to better aim an att ack. It is wise | |
83 | * not to divulge mo re informa tion than necessary. </td> | |
84 | * </tr> | |
85 | * | |
86 | * <tr> | |
87 | * <td>s etPolicy</ td> | |
88 | * <td>S etting of the system -wide secu rity polic y (specifi cally, | |
89 | * the Pol icy object )</td> | |
90 | * <td>G ranting th is permiss ion is ext remely dan gerous, as malicious | |
91 | * code ma y grant it self all t he necessa ry permiss ions it ne eds | |
92 | * to succ essfully m ount an at tack on th e system.< /td> | |
93 | * </tr> | |
94 | * | |
95 | * <tr> | |
96 | * <td>c reatePolic y.{policy type}</td> | |
97 | * <td>G etting an instance o f a Policy implement ation from a provide r</td> | |
98 | * <td>G ranting th is permiss ion enable s code to obtain a P olicy obje ct. | |
99 | * Malicio us code ma y query th e Policy o bject to d etermine w hat permis sions | |
100 | * have be en granted to code o ther than itself. </ td> | |
101 | * </tr> | |
102 | * | |
103 | * <tr> | |
104 | * <td>g etProperty .{key}</td > | |
105 | * <td>R etrieval o f the secu rity prope rty with t he specifi ed key</td > | |
106 | * <td>D epending o n the part icular key for which access ha s | |
107 | * been gr anted, the code may have acces s to the l ist of sec urity | |
108 | * provide rs, as wel l as the l ocation of the syste m-wide and user | |
109 | * securit y policies . while r evealing t his inform ation does not | |
110 | * comprom ise the se curity of the system , it does provide ma licious | |
111 | * code wi th additio nal inform ation whic h it may u se to bett er aim | |
112 | * an atta ck. | |
113 | </td> | |
114 | * </tr> | |
115 | * | |
116 | * <tr> | |
117 | * <td>s etProperty .{key}</td > | |
118 | * <td>S etting of the securi ty propert y with the specified key</td> | |
119 | * <td>T his could include se tting a se curity pro vider or d efining | |
120 | * the loc ation of t he system- wide secur ity policy . Malicio us | |
121 | * code th at has per mission to set a new security provider m ay | |
122 | * set a r ogue provi der that s teals conf idential i nformation such | |
123 | * as cryp tographic private ke ys. In add ition, mal icious cod e with | |
124 | * permiss ion to set the locat ion of the system-wi de securit y policy | |
125 | * may poi nt it to a security policy tha t grants t he attacke r | |
126 | * all the necessary permissio ns it requ ires to su ccessfully mount | |
127 | * an atta ck on the system. | |
128 | </td> | |
129 | * </tr> | |
130 | * | |
131 | * <tr> | |
132 | * <td>i nsertProvi der</td> | |
133 | * <td>A ddition of a new pro vider</td> | |
134 | * <td>T his would allow some body to in troduce a possibly | |
135 | * malicio us provide r (e.g., o ne that di scloses th e private keys passe d | |
136 | * to it) as the hig hest-prior ity provid er. This w ould be po ssible | |
137 | * because the Secur ity object (which ma nages the installed providers) | |
138 | * current ly does no t check th e integrit y or authe nticity of a provide r | |
139 | * before attaching it. The "i nsertProvi der" permi ssion subs umes the | |
140 | * "insert Provider.{ provider n ame}" perm ission (se e the sect ion below for | |
141 | * more in formation) . | |
142 | * </td> | |
143 | * </tr> | |
144 | * | |
145 | * <tr> | |
146 | * <td>r emoveProvi der.{provi der name}< /td> | |
147 | * <td>R emoval of the specif ied provid er</td> | |
148 | * <td>T his may ch ange the b ehavior or disable e xecution o f other | |
149 | * parts o f the prog ram. If a provider s ubsequentl y requeste d by the | |
150 | * program has been removed, e xecution m ay fail. A lso, if th e removed | |
151 | * provide r is not e xplicitly requested by the res t of the p rogram, bu t | |
152 | * it woul d normally be the pr ovider cho sen when a cryptogra phy servic e | |
153 | * is requ ested (due to its pr evious ord er in the list of pr oviders), | |
154 | * a diffe rent provi der will b e chosen i nstead, or no suitab le provide r | |
155 | * will be found, th ereby resu lting in p rogram fai lure.</td> | |
156 | * </tr> | |
157 | * | |
158 | * <tr> | |
159 | * <td>c learProvid erProperti es.{provid er name}</ td> | |
160 | * <td>" Clearing" of a Provi der so tha t it no lo nger conta ins the pr operties | |
161 | * used to look up s ervices im plemented by the pro vider</td> | |
162 | * <td>T his disabl es the loo kup of ser vices impl emented by the provi der. | |
163 | * This ma y thus cha nge the be havior or disable ex ecution of other | |
164 | * parts o f the prog ram that w ould norma lly utiliz e the Prov ider, as | |
165 | * describ ed under t he "remove Provider.{ provider n ame}" perm ission.</t d> | |
166 | * </tr> | |
167 | * | |
168 | * <tr> | |
169 | * <td>p utProvider Property.{ provider n ame}</td> | |
170 | * <td>S etting of properties for the s pecified P rovider</t d> | |
171 | * <td>T he provide r properti es each sp ecify the name and l ocation | |
172 | * of a pa rticular s ervice imp lemented b y the prov ider. By g ranting | |
173 | * this pe rmission, you let co de replace the servi ce specifi cation | |
174 | * with an other one, thereby s pecifying a differen t implemen tation.</t d> | |
175 | * </tr> | |
176 | * | |
177 | * <tr> | |
178 | * <td>r emoveProvi derPropert y.{provide r name}</t d> | |
179 | * <td>R emoval of properties from the specified Provider</ td> | |
180 | * <td>T his disabl es the loo kup of ser vices impl emented by the | |
181 | * provide r. They ar e no longe r accessib le due to removal of the prope rties | |
182 | * specify ing their names and locations. This | |
183 | * may cha nge the be havior or disable ex ecution of other | |
184 | * parts o f the prog ram that w ould norma lly utiliz e the Prov ider, as | |
185 | * describ ed under t he "remove Provider.{ provider n ame}" perm ission.</t d> | |
186 | * </tr> | |
187 | * | |
188 | * </table > | |
189 | * | |
190 | * <P> | |
191 | * The fol lowing per missions h ave been s uperseded by newer p ermissions or are | |
192 | * associa ted with c lasses tha t have bee n deprecat ed: {@link Identity} , | |
193 | * {@link IdentitySc ope}, {@li nk Signer} . Use of t hem is dis couraged. See the | |
194 | * applica ble classe s for more informati on. | |
195 | * | |
196 | * <table border=1 c ellpadding =5 summary ="target n ame,what t he permiss ion allows , and asso ciated ris ks"> | |
197 | * <tr> | |
198 | * <th>Per mission Ta rget Name< /th> | |
199 | * <th>Wha t the Perm ission All ows</th> | |
200 | * <th>Ris ks of Allo wing this Permission </th> | |
201 | * </tr> | |
202 | * | |
203 | * <tr> | |
204 | * <td>i nsertProvi der.{provi der name}< /td> | |
205 | * <td>A ddition of a new pro vider, wit h the spec ified name </td> | |
206 | * <td>U se of this permissio n is disco uraged fro m further use becaus e it is | |
207 | * possibl e to circu mvent the name restr ictions by overridin g the | |
208 | * {@link java.secur ity.Provid er#getName } method. Also, ther e is an eq uivalent | |
209 | * level o f risk ass ociated wi th grantin g code per mission to insert a provider | |
210 | * with a specific n ame, or an y name it chooses. U sers shoul d use the | |
211 | * "insert Provider" permission instead. | |
212 | * <p>This would all ow somebod y to intro duce a pos sibly | |
213 | * malicio us provide r (e.g., o ne that di scloses th e private keys passe d | |
214 | * to it) as the hig hest-prior ity provid er. This w ould be po ssible | |
215 | * because the Secur ity object (which ma nages the installed providers) | |
216 | * current ly does no t check th e integrit y or authe nticity of a provide r | |
217 | * before attaching it.</td> | |
218 | * </tr> | |
219 | * | |
220 | * <tr> | |
221 | * <td>s etSystemSc ope</td> | |
222 | * <td>S etting of the system identity scope</td> | |
223 | * <td>T his would allow an a ttacker to configure the syste m identity scope wit h | |
224 | * certifi cates that should no t be trust ed, thereb y granting applet or | |
225 | * applica tion code signed wit h those ce rtificates privilege s that | |
226 | * would h ave been d enied by t he system' s original identity scope.</td > | |
227 | * </tr> | |
228 | * | |
229 | * <tr> | |
230 | * <td>s etIdentity PublicKey< /td> | |
231 | * <td>S etting of the public key for a n Identity </td> | |
232 | * <td>I f the iden tity is ma rked as "t rusted", t his allows an attack er to | |
233 | * introdu ce a diffe rent publi c key (e.g ., its own ) that is not truste d | |
234 | * by the system's i dentity sc ope, there by grantin g applet o r | |
235 | * applica tion code signed wit h that pub lic key pr ivileges t hat | |
236 | * would h ave been d enied othe rwise.</td > | |
237 | * </tr> | |
238 | * | |
239 | * <tr> | |
240 | * <td>s etIdentity Info</td> | |
241 | * <td>S etting of a general informatio n string f or an Iden tity</td> | |
242 | * <td>T his allows attackers to set th e general descriptio n for | |
243 | * an iden tity. Thi s may tric k applicat ions into using a di fferent | |
244 | * identit y than int ended or m ay prevent applicati ons from f inding a | |
245 | * particu lar identi ty.</td> | |
246 | * </tr> | |
247 | * | |
248 | * <tr> | |
249 | * <td>a ddIdentity Certificat e</td> | |
250 | * <td>A ddition of a certifi cate for a n Identity </td> | |
251 | * <td>T his allows attackers to set a certificat e for | |
252 | * an iden tity's pub lic key. This is da ngerous be cause it a ffects | |
253 | * the tru st relatio nship acro ss the sys tem. This public key suddenly | |
254 | * becomes trusted t o a wider audience t han it oth erwise wou ld be.</td > | |
255 | * </tr> | |
256 | * | |
257 | * <tr> | |
258 | * <td>r emoveIdent ityCertifi cate</td> | |
259 | * <td>R emoval of a certific ate for an Identity< /td> | |
260 | * <td>T his allows attackers to remove a certifi cate for | |
261 | * an iden tity's pub lic key. T his is dan gerous bec ause it af fects | |
262 | * the tru st relatio nship acro ss the sys tem. This public key suddenly | |
263 | * becomes considere d less tru stworthy t han it oth erwise wou ld be.</td > | |
264 | * </tr> | |
265 | * | |
266 | * <tr> | |
267 | * <td>pr intIdentit y</td> | |
268 | * <td>Vi ewing the name of a principal | |
269 | * and opt ionally th e scope in which it is used, a nd whether | |
270 | * or not it is cons idered "tr usted" in that scope </td> | |
271 | * <td>Th e scope th at is prin ted out ma y be a fil ename, in which case | |
272 | * it may convey loc al system informatio n. For exa mple, here 's a sampl e | |
273 | * printou t of an id entity nam ed "carol" , who is | |
274 | * marked not truste d in the u ser's iden tity datab ase:<br> | |
275 | * carol [/home/lue he/identit ydb.obj][n ot trusted ]</td> | |
276 | *</tr> | |
277 | * | |
278 | * <tr> | |
279 | * <td>g etSignerPr ivateKey</ td> | |
280 | * <td>R etrieval o f a Signer 's private key</td> | |
281 | * <td>I t is very dangerous to allow a ccess to a private k ey; privat e | |
282 | * keys ar e supposed to be kep t PW . Otherwis e, code ca n use the | |
283 | * private key to si gn various files and claim the signature came from | |
284 | * the Sig ner.</td> | |
285 | * </tr> | |
286 | * | |
287 | * <tr> | |
288 | * <td>s etSignerKe yPair</td> | |
289 | * <td>S etting of the key pa ir (public key and p rivate key ) for a Si gner</td> | |
290 | * <td>T his would allow an a ttacker to replace s omebody el se's (the "target's" ) | |
291 | * keypair with a po ssibly wea ker keypai r (e.g., a keypair o f a smalle r | |
292 | * keysize ). This a lso would allow the attacker t o listen i n on encry pted | |
293 | * communi cation bet ween the t arget and its peers. The targe t's peers | |
294 | * might w rap an enc ryption se ssion key under the target's " new" publi c | |
295 | * key, wh ich would allow the attacker ( who posses ses the co rrespondin g | |
296 | * private key) to u nwrap the session ke y and deci pher the c ommunicati on | |
297 | * data en crypted un der that s ession key .</td> | |
298 | * </tr> | |
299 | * | |
300 | * </table > | |
301 | * | |
302 | * @see ja va.securit y.BasicPer mission | |
303 | * @see ja va.securit y.Permissi on | |
304 | * @see ja va.securit y.Permissi ons | |
305 | * @see ja va.securit y.Permissi onCollecti on | |
306 | * @see ja va.lang.Se curityMana ger | |
307 | * | |
308 | * | |
309 | * @author Marianne Mueller | |
310 | * @author Roland Sc hemers | |
311 | */ | |
312 | ||
313 | public fin al class S ecurityPer mission ex tends Basi cPermissio n { | |
314 | ||
315 | privat e static f inal long serialVers ionUID = 5 2361099362 24050470L; | |
316 | ||
317 | /** | |
318 | * Cre ates a new SecurityP ermission with the s pecified n ame. | |
319 | * The name is t he symboli c name of the Securi tyPermissi on. An ast erisk | |
320 | * may appear at the end o f the name , followin g a ".", o r by itsel f, to | |
321 | * sig nify a wil dcard matc h. | |
322 | * | |
323 | * @pa ram name t he name of the Secur ityPermiss ion | |
324 | * | |
325 | * @th rows NullP ointerExce ption if { @code name } is {@cod e null}. | |
326 | * @th rows Illeg alArgument Exception if {@code name} is e mpty. | |
327 | */ | |
328 | public SecurityP ermission( String nam e) | |
329 | { | |
330 | su per(name); | |
331 | } | |
332 | ||
333 | /** | |
334 | * Cre ates a new SecurityP ermission object wit h the spec ified name . | |
335 | * The name is t he symboli c name of the Securi tyPermissi on, and th e | |
336 | * act ions Strin g is curre ntly unuse d and shou ld be null . | |
337 | * | |
338 | * @pa ram name t he name of the Secur ityPermiss ion | |
339 | * @pa ram action s should b e null. | |
340 | * | |
341 | * @th rows NullP ointerExce ption if { @code name } is {@cod e null}. | |
342 | * @th rows Illeg alArgument Exception if {@code name} is e mpty. | |
343 | */ | |
344 | public SecurityP ermission( String nam e, String actions) | |
345 | { | |
346 | su per(name, actions); | |
347 | } | |
348 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.