public final class FilePermission extends Permission implements Serializable
Pathname is the pathname of the file or directory granted the specified actions. A pathname that ends in "/*" (where
"/" is the file separator character, File.separatorChar
) indicates all the files and directories
contained in that directory. A pathname that ends with "/-" indicates (recursively) all files and subdirectories
contained in that directory. A pathname consisting of the special token "<<ALL FILES>>" matches
any file.
Note: A pathname consisting of a single "*" indicates all the files in the current directory, while a pathname consisting of a single "-" indicates all the files in the current directory and (recursively) all files and subdirectories contained in the current directory.
The actions to be granted are passed to the constructor in a string containing a list of one or more comma-separated keywords. The possible keywords are "read", "write", "execute", "delete", and "readlink". Their meaning is defined as follows:
Runtime.exec
to be called. Corresponds to
SecurityManager.checkExec
.
File.delete
to be called. Corresponds to
SecurityManager.checkDelete
.
The actions string is converted to lowercase before processing.
Be careful when granting FilePermissions. Think about the implications of granting read and especially write access to various files and directories. The "<<ALL FILES>>" permission with write action is especially dangerous. This grants permission to write to the entire file system. One thing this effectively allows is replacement of the system binary, including the JVM runtime environment.
Please note: Code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.
Permission
Constructor and Description |
---|
FilePermission(String path,
String actions)
Creates a new FilePermission object with the specified actions.
|
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object obj)
Checks two FilePermission objects for equality.
|
String |
getActions()
Returns the "canonical string representation" of the actions.
|
int |
hashCode()
Returns the hash code value for this object.
|
boolean |
implies(Permission p)
Checks if this FilePermission object "implies" the specified permission.
|
getName, toString
public FilePermission(String path, String actions)
A pathname that ends in "/*" (where "/" is the file separator character, File.separatorChar
)
indicates all the files and directories contained in that directory. A pathname that ends with "/-" indicates
(recursively) all files and subdirectories contained in that directory. The special pathname "<<ALL
FILES>>" matches any file.
A pathname consisting of a single "*" indicates all the files in the current directory, while a pathname consisting of a single "-" indicates all the files in the current directory and (recursively) all files and subdirectories contained in the current directory.
A pathname containing an empty string represents an empty path.
path
- the pathname of the file/directory.actions
- the action string.IllegalArgumentException
- If actions is null
, empty or contains an action other than the specified possible
actions.public boolean implies(@Nullable Permission p)
More specifically, this method returns true if:
implies
in class Permission
p
- the permission to check against.true
if the specified permission is not null
and is implied by this object,
false
otherwise.public boolean equals(@Nullable Object obj)
equals
in class Permission
obj
- the object we are testing for equality with this object.true
if obj is a FilePermission, and has the same pathname and actions as this
FilePermission object, false
otherwise.Object.hashCode()
,
HashMap
public int hashCode()
hashCode
in class Permission
Object.equals(java.lang.Object)
,
System.identityHashCode(java.lang.Object)
public String getActions()
getActions
will return the string "read,write".getActions
in class Permission