public final class JAXBPermission extends BasicPermission
JAXBPermission
contains a name (also referred to as a "target name") but
no actions list; you either have the named permission
or you don't.
The target name is the name of the JAXB permission (see below).
The following table lists all the possible JAXBPermission target names,
and for each provides a description of what the permission allows
and a discussion of the risks of granting code the permission.
| Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
|---|---|---|
| setDatatypeConverter |
Allows the code to set VM-wide DatatypeConverterInterface
via the setDatatypeConverter method
that all the methods on DatatypeConverter uses.
|
Malicious code can set DatatypeConverterInterface, which has
VM-wide singleton semantics, before a genuine JAXB implementation sets one.
This allows malicious code to gain access to objects that it may otherwise
not have access to, such as Frame.getFrames() that belongs to
another application running in the same JVM.
|
BasicPermission,
Permission,
Permissions,
PermissionCollection,
SecurityManager,
Serialized Form| Constructor and Description |
|---|
JAXBPermission(String name)
Creates a new JAXBPermission with the specified name.
|
equals, getActions, hashCode, implies, newPermissionCollectioncheckGuard, getName, toStringpublic JAXBPermission(String name)
name - The name of the JAXBPermission. As of 2.2 only "setDatatypeConverter"
is defined. Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2023, Oracle and/or its affiliates. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.