java.lang.Object
java.security.Permission
java.security.BasicPermission
jakarta.xml.bind.JAXBPermission
- All Implemented Interfaces:
Serializable,Guard
This class is for Jakarta XML Binding permissions. A
JAXBPermission
contains a name (also referred to as a "target name") but
no actions list; you either have the named permission
or you don't.
The target name is the name of the Jakarta XML Binding permission (see below).
The following table lists all the possible JAXBPermission target names,
and for each provides a description of what the permission allows
and a discussion of the risks of granting code the permission.
| Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
|---|---|---|
| setDatatypeConverter |
Allows the code to set VM-wide DatatypeConverterInterface
via the setDatatypeConverter method
that all the methods on DatatypeConverter uses.
|
Malicious code can set DatatypeConverterInterface, which has
VM-wide singleton semantics, before a genuine Jakarta XML Binding implementation sets one.
This allows malicious code to gain access to objects that it may otherwise
not have access to, such as java.awt.Frame#getFrames() that belongs to
another application running in the same JVM.
|
- Author:
- Joe Fialli
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionJAXBPermission(String name) Creates a new JAXBPermission with the specified name. -
Method Summary
Methods inherited from class java.security.BasicPermission
equals, getActions, hashCode, implies, newPermissionCollectionMethods inherited from class java.security.Permission
checkGuard, getName, toString
-
Constructor Details
-
JAXBPermission
Creates a new JAXBPermission with the specified name.- Parameters:
name- The name of the JAXBPermission. As of 2.2 only "setDatatypeConverter" is defined.
-