Sun Java Solaris Communities My SDN Account Join SDN
» search tips 
Sun Developer Network
SDN Home > Products & Technologies > Java Technology > Learning > Tutorials and Code Camps > Advanced Programming for the Java 2 Platform >
 
Tutorials & Code Camps

Appendix B: Classes, Methods, and Permissions

 
  Print-friendly VersionPrint-friendly Version

Training Index

[<<BACK] [CONTENTS] [NEXT>>]

A number of Java 2 platform methods are implemented to verify access permissions. This means that before they execute, they verify that there is a system, user, or program has a policy file with the required permissions for execution to continue. If no such permission is found, execution stops with an error condition.

The access verification code passes the required permissions to the security manager, and the security manager checks that permission against the policy file permissions to determine whether to access. This means that Java 2 platform API methods are associated with specific permissions, and specific permissions are associated with specific java.security.SecurityManager methods.

This appendix lists the Java 2 platform methods, the permission associated with each method, and the java.security.SecurityManager method called to verify the existence of that permission. You need this information when you implement certain abstract methods or create your own security manager so you can include access verification code to keep your implementations in line with Java 2 platform security policy. If you do not include access verification code, your implementations will bypass the built-in Java 2 platform security checks.

java.awt.Graphics2D 

public abstract void setComposite(Composite comp)
java.Security.SecurityManager.checkPermission
java.awt.AWTPermission "readDisplayPixels"

The access verification code for setComposite should call java.Security.SecurityManager.checkPermission and pass it java.awt.AWTPermission "readDisplayPixels" when a Graphics2D context draws to a Component on the display screen and the Composite is a custom object rather than an AlphaComposite object.

java.awt.Toolkit

public void addAWTEventListener(
	AWTEventListener listener, 
        long eventMask)
public void removeAWTEventListener(
	AWTEventListener listener)
checkPermission
java.awt.AWTPermission "listenToAllAWTEvents"

~~~~~~~~~
public abstract PrintJob getPrintJob(
	Frame frame, String jobtitle,
	Properties props)
checkPrintJobAccess
java.lang.RuntimePermission "queuePrintJob"

~~~~~~~~~
public abstract Clipboard 
	getSystemClipboard()
checkSystemClipboardAccess
java.awt.AWTPermission "accessClipboard"
~~~~~~~~~
public final EventQueue 
	getSystemEventQueue()
checkAwtEventQueueAccess
java.awt.AWTPermission "accessEventQueue"
java.awt.Window

Window()
checkTopLevelWindow
java.awt.AWTPermission 
	"showWindowWithoutWarningBanner"
java.beans.Beans

public static void setDesignTime(
	boolean isDesignTime)
public static void setGuiAvailable(
	boolean isGuiAvailable)
checkPropertiesAccess
java.util.PropertyPermissions "*", "read,write"

java.beans.Introspector

public static synchronized void 
	setBeanInfoSearchPath(String path[])
checkPropertiesAccess
java.util.PropertyPermissions "*", "read,write"
java.beans.PropertyEditorManager

public static void registerEditor(
	Class targetType, 
	Class editorClass)
public static synchronized void 
	setEditorSearchPath(String path[])
checkPropertiesAccess
java.util.PropertyPermissions "*", "read,write"

java.io.File

public boolean delete()
public void deleteOnExit()
checkDelete(String)
java.io.FilePermission "{name}", "delete"
~~~~~~~~~
public boolean exists()
public boolean canRead()
public boolean isFile()
public boolean isDirectory()
public boolean isHidden()
public long lastModified()
public long length()
public String[] list()
public String[] list(FilenameFilter filter)
public File[] listFiles()
public File[] listFiles(FilenameFilter filter)
public File[] listFiles(FileFilter filter)
checkRead(String)
java.io.FilePermission "{name}", "read"

~~~~~~~~~
public boolean canWrite()
public boolean createNewFile()
public static File createTempFile(
        String prefix, String suffix)
public static File createTempFile(
        String prefix,  String suffix,
        File directory)
public boolean mkdir()
public boolean mkdirs()
public boolean renameTo(File dest)
public boolean setLastModified(long time)
public boolean setReadOnly()
checkWrite(String)
java.io.FilePermission "{name}", "write"

java.io.FileInputStream

FileInputStream(FileDescriptor fdObj)
checkRead(FileDescriptor)
java.lang.RuntimePermission "readFileDescriptor"
~~~~~~~~~
FileInputStream(String name)
FileInputStream(File file)
checkRead(String)
java.io.FilePermission "{name}", "read"
java.io.FileOutputStream

FileOutputStream(FileDescriptor fdObj)
checkWrite(FileDescriptor)
java.lang.RuntimePermission "writeFileDescriptor"
~~~~~~~~~
FileOutputStream(File file)
FileOutputStream(String name)
FileOutputStream(String name, boolean append)
checkWrite(String)
java.io.FilePermission "{name}", "write"

java.io.ObjectInputStream

protected final boolean 
	enableResolveObject(boolean enable);
checkPermission
java.io.SerializablePermission 
	"enableSubstitution"

~~~~~~~~~
protected ObjectInputStream()
protected ObjectOutputStream()
checkPermission
java.io.SerializablePermission 
	"enableSubclassImplementation"

java.io.ObjectOutputStream

protected final boolean 
	enableReplaceObject(boolean enable)
checkPermission
java.io.SerializablePermission 
	"enableSubstitution"

java.io.RandomAccessFile

RandomAccessFile(String name, String mode)
RandomAccessFile(File file, String mode)
checkRead(String)
java.io.FilePermission "{name}", "read"
In both these methods the mode is r.
~~~~~~~~~
RandomAccessFile(String name, String mode)
checkRead(String) and checkWrite(String)
java.io.FilePermission "{name}", "read,write"
In this method the mode is rw.
~~~~~~~~~
java.lang.Class

public static Class forName(
	String name, boolean initialize, 
	ClassLoader loader)
checkPermission
java.lang.RuntimePermission("getClassLoader")

The access verification code for this method calls checkPermission and pass it java.lang.RuntimePermission("getClassLoader") when loader is null and the caller's class loader is not null.
~~~~~~~~~
public Class[] getClasses()
checkMemberAccess(this, Member.DECLARED)
java.lang.RuntimePermission 
	"accessDeclaredMembers"
java.lang.RuntimePermission 
	"accessClassInPackage.{pkgName}

The access verification code for this class and each of its superclasses calls checkMemberAccess(this, Member.DECLARED). If the class is in a package, checkPackageAccess({pkgName}) is also called. By default, checkMemberAccess does not require permission if this class's classloader is the same as that of the caller. Otherwise, it requires java.lang.RuntimePermission "accessDeclaredMembers". If the class is in a package, java.lang.RuntimePermission "accessClassInPackage.{pkgName}" is also required.
~~~~~~~~~
public ClassLoader getClassLoader()
checkPermission
java.lang.RuntimePermission "getClassLoader"
If the caller's class loader is null, or is the same as or an ancestor of the class loader for the class whose class loader is being requested, no permission is needed. Otherwise, java.lang.RuntimePermission "getClassLoader" is required.
~~~~~~~~~
public Class[] getDeclaredClasses()
public Field[] getDeclaredFields()
public Method[] getDeclaredMethods()
public Constructor[] 
	getDeclaredConstructors()
public Field getDeclaredField(
	String name)
public Method getDeclaredMethod(...)
public Constructor 
	getDeclaredConstructor(...)
checkMemberAccess(this, Member.DECLARED)
checkPackageAccess({pkgName})
java.lang.RuntimePermission 
	"accessDeclaredMembers
java.lang.RuntimePermission 
	"accessClassInPackage.{pkgName}

If Class is in a package, the access verification code should call checkPackageAccess({pkgName}) and pass it java.lang.RuntimePermission "accessClassInPackage.{pkgName}.

If Class is not in a package, the access verification code for these methods should call checkMemberAccess(this, Member.DECLARED) and pass it java.lang.RuntimePermission "accessClassInPackage.{pkgName}.

~~~~~~~~~
public Field[] getFields()
public Method[] getMethods()
public Constructor[] getConstructors()
public Field getField(String name)
public Method getMethod(...)
public Constructor getConstructor(...)
checkMemberAccess(this, Member.PUBLIC)
checkPackageAccess({pkgName})
java.lang.RuntimePermission 
	"accessClassInPackage.{pkgName}

If Class is not in a package, the access verification code for these methods calls checkMemberAccess(this, Member.PUBLIC), but no permission is passed.

If Class is in a package, the access verification code for these methods should call checkPackageAccess({pkgName}) and pass it checkPackageAccess({pkgName}).

~~~~~~~~~
public ProtectionDomain 
	getProtectionDomain()
checkPermission
java.lang.RuntimePermission "getProtectionDomain"
java.lang.ClassLoader

ClassLoader()
ClassLoader(ClassLoader parent)
checkCreateClassLoader
java.lang.RuntimePermission "createClassLoader"
~~~~~~~~~
public static ClassLoader 
	getSystemClassLoader()
public ClassLoader getParent()
checkPermission
java.lang.RuntimePermission "getClassLoader"

If the caller's class loader is null or is the same as or an ancestor of the class loader for the class whose class loader is being requested, no permission is needed. Otherwise, java.lang.RuntimePermission "getClassLoader" is required. java.lang.Runtime

public Process exec(String command)
public Process exec(String command, 
	String envp[])
public Process exec(String cmdarray[])
public Process exec(String cmdarray[], 
	String envp[])
checkExec
java.io.FilePermission "{command}", "execute"

~~~~~~~~~
public void exit(int status)
public static void 
	runFinalizersOnExit(boolean value)
checkExit(status) where status is 0 for 
	runFinalizersOnExit
java.lang.RuntimePermission "exitVM"

~~~~~~~~~
public void load(String lib)
public void loadLibrary(String lib)
checkLink({libName}) 
java.lang.RuntimePermission 
	"loadLibrary.{libName}"

In these methods {libName} is the lib, filename or libname argument. java.lang.SecurityManager

<all methods>
checkPermission
See Security Manager Methods.
java.lang.System

public static void exit(int status)
public static void
        runFinalizersOnExit(boolean value)
checkExit(status) where status is 0 for 
	runFinalizersOnExit
java.lang.RuntimePermission "exitVM"

~~~~~~~~~
public static void load(String filename)
public static void loadLibrary(
        String libname)
checkLink({libName})
java.lang.RuntimePermission 
	"loadLibrary.{libName}"

In these methods {libName} is the lib, filename or libname argument.
~~~~~~~~~
public static Properties getProperties()
public static void setProperties(Properties props)
checkPropertiesAccess
java.util.PropertyPermission "*", "read,write"
~~~~~~~~~
public static String getProperty(String key)
public static String getProperty(String key, 
				 String def)
checkPropertyAccess
java.util.PropertyPermission "{key}", "read"

~~~~~~~~~
public static void setIn(InputStream in)
public static void setOut(PrintStream out)
public static void setErr(PrintStream err)
checkPermission
java.lang.RuntimePermission "setIO"

~~~~~~~~~
public static String setProperty(String key, 
				 String value)
checkPermission
java.util.PropertyPermission "{key}", "write"
~~~~~~~~~
public static synchronized void
        setSecurityManager(SecurityManager s)
checkPermission
java.lang.RuntimePermission "setSecurityManager"
java.lang.Thread

public ClassLoader getContextClassLoader()
checkPermission
java.lang.RuntimePermission "getClassLoader"
If the caller's class loader is null or is the same as or an ancestor of the context class loader for the thread whose context class loader is being requested, no permission is needed. Otherwise, java.lang.RuntimePermission "getClassLoader" is required.
~~~~~~~~~
public void setContextClassLoader
	(ClassLoader cl)
checkPermission
java.lang.RuntimePermission 
	"setContextClassLoader"

~~~~~~~~~
public final void checkAccess()
public void interrupt()
public final void suspend()
public final void resume()
public final void setPriority
	(int newPriority)
public final void setName(String name)
public final void setDaemon(boolean on)
checkAccess(this)
java.lang.RuntimePermission "modifyThread"

~~~~~~~~~
public static int 
	enumerate(Thread tarray[])
checkAccess({threadGroup})
java.lang.RuntimePermission "modifyThreadGroup"
~~~~~~~~~
public final void stop()
checkAccess(this). 
checkPermission
java.lang.RuntimePermission "modifyThread"
java.lang.RuntimePermission "stopThread"

The access verification code should call checkAccess and pass it java.lang.RuntimePermission "modifyThread", unless the current thread is trying to stop a thread other than itself. In this case, the access verification code should call checkPermission and pass it java.lang.RuntimePermission "stopThread".
~~~~~~~~~
public final synchronized void 
	stop(Throwable obj)
checkAccess(this). 
checkPermission
java.lang.RuntimePermission "modifyThread"
java.lang.RuntimePermission "stopThread"

The access verification code should call checkAccess and pass it java.lang.RuntimePermission "modifyThread" unless the current thread is trying to stop a thread other than itself or obj is not an instance of ThreadDeath. In this case, the access verification code should call checkPermission and pass it java.lang.RuntimePermission "stopThread".
~~~~~~~~~
Thread()
Thread(Runnable target)
Thread(String name)
Thread(Runnable target, String name)
checkAccess({parentThreadGroup})
java.lang.RuntimePermission "modifyThreadGroup"

~~~~~~~~~
Thread(ThreadGroup group, ...)
checkAccess(this) for ThreadGroup methods, or
checkAccess(group) for Thread methods
java.lang.RuntimePermission "modifyThreadGroup"
java.lang.ThreadGroup

public final void checkAccess()
public int enumerate(Thread list[])
public int enumerate(Thread list[],
	boolean recurse)
public int enumerate(ThreadGroup list[])
public int enumerate(ThreadGroup list[],
	boolean recurse)
public final ThreadGroup getParent()
public final void 
	setDaemon(boolean daemon)
public final void setMaxPriority(int pri)
public final void suspend()
public final void resume()
public final void destroy()
checkAccess(this) for ThreadGroup methods, or
checkAccess(group) for Thread methods
java.lang.RuntimePermission "modifyThreadGroup"

~~~~~~~~~
ThreadGroup(String name)
ThreadGroup(ThreadGroup parent,
String name)
checkAccess({parentThreadGroup})
java.lang.RuntimePermission "modifyThreadGroup"

~~~~~~~~~
public final void interrupt()
checkAccess(this)
java.lang.RuntimePermission "modifyThreadGroup"
java.lang.RuntimePermission "modifyThread"
The access verification code for this method also requires java.lang.RuntimePermission "modifyThread" because the java.lang.Thread interrupt() method is called for each thread in the thread group and in all of its subgroups.
~~~~~~~~~
public final void stop()
checkAccess(this)
java.lang.RuntimePermission "modifyThreadGroup"
java.lang.RuntimePermission "modifyThread"
java.lang.RuntimePermission "stopThread"

The access verification code for this method also requires java.lang.RuntimePermission "modifyThread" and possibly java.lang.RuntimePermission "stopThread" because the java.lang.Thread stop() method is called for each thread in the thread group and in all of its subgroups. java.lang.reflect.AccessibleObject

public static void setAccessible(...)
public void setAccessible(...)
checkPermission
java.lang.reflect.ReflectPermission 
	"suppressAccessChecks"

java.net.Authenticator

public static PasswordAuthentication 
  requestPasswordAuthentication(InetAddress addr,
    				int port, 
				String protocol, 
				String prompt, 
				String scheme)
checkPermission
java.net.NetPermission 
	"requestPasswordAuthentication"

~~~~~~~~~
public static void 
	setDefault(Authenticator a)
checkPermission
java.net.NetPermission "setDefaultAuthenticator"
java.net.DatagramSocket

public void send(DatagramPacket p)
checkMulticast(p.getAddress()) 
checkConnect(p.getAddress().getHostAddress(),  
	     p.getPort())
java.net.SocketPermission((
	     p.getAddress()).getHostAddress(), 
	     "accept,connect")
java.net.SocketPermission "{host}","resolve"

The access verification code for send calls checkMulticast in the following case: 
if (p.getAddress().isMulticastAddress()) {
  java.net.SocketPermission(
    (p.getAddress()).getHostAddress(), 
     "accept,connect")
}

The access verification code for send calls checkConnect in the following case: 
else {
  port = p.getPort();
  host = p.getAddress().getHostAddress();
  if (port == -1) java.net.SocketPermission 
			"{host}","resolve";
  else java.net.SocketPermission 
			"{host}:{port}","connect"
}

~~~~~~~~~
public InetAddress getLocalAddress()
checkConnect({host}, -1)
java.net.SocketPermission "{host}", "resolve"
~~~~~~~~~
DatagramSocket(...)
checkListen({port})
The access verification code for this method calls checkListen and passes in socket permissions as follows: 
if (port == 0)
  java.net.SocketPermission "localhost:1024-",
			    "listen";
else
  java.net.SocketPermission "localhost:{port}",
			    "listen"

~~~~~~~~~
public synchronized void receive(DatagramPacket p)
checkAccept({host}, {port})
java.net.SocketPermission "{host}:{port}", 
			  "accept"
java.net.HttpURLConnection

public static void setFollowRedirects(boolean set)
checkSetFactory
java.lang.RuntimePermission "setFactory"
java.net.InetAddress

public String getHostName()
public static InetAddress[]
        getAllByName(String host)
public static InetAddress getLocalHost()
checkConnect({host}, -1)
java.net.SocketPermission "{host}", "resolve"

java.net.MulticastSocket

public void joinGroup(InetAddress mcastaddr)
public void leaveGroup(InetAddress mcastaddr)
checkMulticast(InetAddress)
java.net.SocketPermission(
		mcastaddr.getHostAddress(),
        "accept,connect")

~~~~~~~~~
public synchronized void 
	send(DatagramPacket p, byte ttl)
checkMulticast(p.getAddress(), ttl) 
checkConnect(p.getAddress().getHostAddress(),  
	     p.getPort())
java.net.SocketPermission((
	     p.getAddress()).getHostAddress(),
             "accept,connect")
java.net.SocketPermission "{host}","resolve"

The access verification code for send calls checkMulticast in the following case: 
if (p.getAddress().isMulticastAddress()) {
  java.net.SocketPermission(
    (p.getAddress()).getHostAddress(), 
     "accept,connect")
}

The access verification code for this method calls checkConnect in the following case: 
else {
  port = p.getPort();
  host = p.getAddress().getHostAddress();
  if (port == -1) java.net.SocketPermission 
	"{host}","resolve"
  else java.net.SocketPermission 
	"{host}:{port}","connect"
}

~~~~~~~~~
MulticastSocket(...) 
checkListen({port})
The access verification code for this method calls checkListen in the following case: 
if (port == 0)
  java.net.SocketPermission 
	"localhost:1024-", "listen";
else
  java.net.SocketPermission 
	"localhost:{port}","listen"

java.net.ServerSocket

ServerSocket(...)
checkListen({port})
The access verification code for this method calls checkListen in the following case: 
if (port == 0)
  java.net.SocketPermission 
	"localhost:1024-","listen";
else
  java.net.SocketPermission 
	"localhost:{port}","listen"

~~~~~~~~~
public Socket accept()
protected final void implAccept(Socket s)
checkAccept({host}, {port})
java.net.SocketPermission 
	"{host}:{port}", "accept"

~~~~~~~~~
public static synchronized void 
	setSocketFactory(...)
checkSetFactory
java.lang.RuntimePermission "setFactory"
java.net.Socket

public static synchronized void 
	setSocketImplFactory(...)
checkSetFactory
java.lang.RuntimePermission "setFactory"
~~~~~~~~~
Socket(...)
checkConnect({host}, {port})
java.net.SocketPermission 
	"{host}:{port}", "connect"
java.net.URL

public static synchronized void 
	setURLStreamHandlerFactory(...)
checkSetFactory
java.lang.RuntimePermission "setFactory"
~~~~~~~~~
URL(...)
checkPermission
java.net.NetPermission "specifyStreamHandler"
java.net.URLConnection

public static synchronized void 
	setContentHandlerFactory(...)
public static void setFileNameMap(
	FileNameMap map)
checkSetFactory
java.lang.RuntimePermission "setFactory"

java.net.URLClassLoader

URLClassLoader(...)
checkCreateClassLoader
java.lang.RuntimePermission "createClassLoader"
java.rmi.activation.ActivationGroup

public static synchronized ActivationGroup 
	createGroup(...)
public static synchronized void setSystem(
	ActivationSystem system)
checkSetFactory
java.lang.RuntimePermission "setFactory"

java.rmi.server.RMISocketFactory

public synchronized static void setSocketFactory(...)
checkSetFactory
java.lang.RuntimePermission "setFactory"
java.security.Identity

public void addCertificate(...)
checkSecurityAccess("addIdentityCertificate")
java.security.SecurityPermission 
	"addIdentityCertificate"
~~~~~~~~~
public void removeCertificate(...)
checkSecurityAccess("removeIdentityCertificate")
java.security.SecurityPermission 
	"removeIdentityCertificate"
~~~~~~~~~
public void setInfo(String info)
checkSecurityAccess("setIdentityInfo")
java.security.SecurityPermission 
	"setIdentityInfo"
~~~~~~~~~
public void setPublicKey(PublicKey key)
checkSecurityAccess("setIdentityPublicKey")
java.security.SecurityPermission 
	"setIdentityPublicKey"
~~~~~~~~~
public String toString(...)
checkSecurityAccess("printIdentity")
java.security.SecurityPermission 
	"printIdentity"
java.security.IdentityScope

protected static void setSystemScope()
checkSecurityAccess("setSystemScope")
java.security.SecurityPermission 
	"setSystemScope"
java.security.Permission

public void checkGuard(Object object) 
checkPermission(this)
This Permission object is the permission checked. java.security.Policy

public static Policy getPolicy()
checkPermission
java.security.SecurityPermission "getPolicy"
~~~~~~~~~
public static void setPolicy(Policy policy);
checkPermission
java.security.SecurityPermission "setPolicy"
~~~~~~~~~
java.security.Provider

public synchronized void clear()
checkSecurityAccess("clearProviderProperties."
		    +{name})
java.security.SecurityPermission 
	"clearProviderProperties.{name}"

In this method name is the provider name.
~~~~~~~~~
public synchronized Object put(Object key, 
			       Object value)
checkSecurityAccess("putProviderProperty."
			       +{name})
java.security.SecurityPermission 
	"putProviderProperty.{name}"

In this method name is the provider name.
~~~~~~~~~
public synchronized Object remove(Object key)
checkSecurityAccess("removeProviderProperty."
		    +{name})
java.security.SecurityPermission 
	"removeProviderProperty.{name}"

In this method name is the provider name. java.security.SecureClassLoader

SecureClassLoader(...)
checkCreateClassLoader
java.lang.RuntimePermission "createClassLoader"
java.security.Security

public static void getProperty(String key)
checkPermission
java.security.SecurityPermission "getProperty.{key}"
~~~~~~~~~
public static int addProvider(Provider provider)
public static int insertProviderAt(
			Provider provider, 
			int position);
checkSecurityAccess("insertProvider."
			+provider.getName())
java.security.SecurityPermission 
		"insertProvider.{name}"

~~~~~~~~~
public static void removeProvider(String name)
checkSecurityAccess("removeProvider."+name)
java.security.SecurityPermission "removeProvider.{name}"
~~~~~~~~~
public static void setProperty( String key, 
			       	String datum)
checkSecurityAccess("setProperty."+key)
java.security.SecurityPermission 
				"setProperty.{key}"

java.security.Signer

public PrivateKey getPrivateKey()
checkSecurityAccess("getSignerPrivateKey")
java.security.SecurityPermission 
	"getSignerPrivateKey"
~~~~~~~~~
public final void setKeyPair(KeyPair pair) 
checkSecurityAccess("setSignerKeypair")
java.security.SecurityPermission 
	"setSignerKeypair"
java.util.Locale

public static synchronized void setDefault(
	Locale newLocale)
checkPermission
java.util.PropertyPermission 
	"user.language","write"

java.util.zip.ZipFile 

ZipFile(String name)
checkRead
java.io.FilePermission "{name}","read"

[TOP]

Oracle is reviewing the Sun product roadmap and will provide guidance to customers in accordance with Oracle's standard product communication policies. Any resulting features and timing of release of such features as determined by Oracle's review of roadmaps, are at the sole discretion of Oracle. All product roadmap information, whether communicated by Sun Microsystems or by Oracle, does not represent a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. It is intended for information purposes only, and may not be incorporated into any contract.
About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment  |  How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
© 2010, Oracle Corporation and/or its affiliates
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Sun Developer RSS Feeds