Permissions in the JDK (original) (raw)

Method

SecurityManager Method Called

Permission

java.awt.Graphics2d public abstract void setComposite(Composite comp)

checkPermission

java.awt.AWTPermission "readDisplayPixels" if this Graphics2D context is drawing to a Component on the display screen and the Composite is a custom object rather than an instance of the AlphaComposite class. Note: The setComposite method is actually abstract and thus can't invoke security checks. Each actual implementation of the method should call the java.lang.SecurityManager checkPermission method with a java.awt.AWTPermission("readDisplayPixels") permission under the conditions noted.

java.awt.Robot public Robot() public Robot(GraphicsDevice screen)

checkPermission

java.awt.AWTPermission "createRobot"

java.awt.Toolkit public void addAWTEventListener( AWTEventListener listener, long eventMask) public void removeAWTEventListener( AWTEventListener listener)

checkPermission

java.awt.AWTPermission "listenToAllAWTEvents"

java.awt.Toolkit public abstract PrintJob getPrintJob( Frame frame, String jobtitle, Properties props)

checkPrintJobAccess

java.lang.RuntimePermission "queuePrintJob"

Note: The getPrintJob method is actually abstract and thus can't invoke security checks. Each actual implementation of the method should call the java.lang.SecurityManager checkPrintJobAccess method, which is successful only if the java.lang.RuntimePermission "queuePrintJob" permission is currently allowed.

java.awt.Toolkit public abstract Clipboard getSystemClipboard()

checkSystemClipboardAccess

java.awt.AWTPermission "accessClipboard"

Note: The getSystemClipboard method is actually abstract and thus can't invoke security checks. Each actual implementation of the method should call the java.lang.SecurityManager checkSystemClipboardAccess method, which is successful only if the java.awt.AWTPermission "accessClipboard" permission is currently allowed.

java.awt.Toolkit public final EventQueue getSystemEventQueue()

checkAwtEventQueueAccess

java.awt.AWTPermission "accessEventQueue"

java.awt.Window Window()

checkTopLevelWindow

If java.awt.AWTPermission "showWindowWithoutWarningBanner" is set, the window will be displayed without a banner warning that the window was created by an applet. It it's not set, such a banner will be displayed.

java.beans.Beans public static void setDesignTime( boolean isDesignTime) public static void setGuiAvailable( boolean isGuiAvailable)

java.beans.Introspector public static synchronized void setBeanInfoSearchPath(String path[])

java.beans.PropertyEditorManager public static void registerEditor( Class targetType, Class editorClass) public static synchronized void setEditorSearchPath(String path[])

checkPropertiesAccess

java.util.PropertyPermission "*", "read,write"

java.io.File public boolean delete() public void deleteOnExit()

checkDelete(String)

java.io.FilePermission "{name}", "delete"

java.io.FileInputStream FileInputStream(FileDescriptor fdObj)

checkRead(FileDescriptor)

java.lang.RuntimePermission "readFileDescriptor"

java.io.FileInputStream FileInputStream(String name) FileInputStream(File file)

java.io.File public boolean exists() public boolean canRead() public boolean isFile() public boolean isDirectory() public boolean isHidden() public long lastModified() public long length() public String[] list() public String[] list( FilenameFilter filter) public File[] listFiles() public File[] listFiles( FilenameFilter filter) public File[] listFiles( FileFilter filter)

java.io.RandomAccessFile RandomAccessFile(String name, String mode) RandomAccessFile(File file, String mode) (where mode is "r" in both of these)

checkRead(String)

java.io.FilePermission "{name}", "read"

java.io.FileOutputStream FileOutputStream(FileDescriptor fdObj)

checkWrite(FileDescriptor)

java.lang.RuntimePermission "writeFileDescriptor"

java.io.FileOutputStream FileOutputStream(File file) FileOutputStream(String name) FileOutputStream(String name, boolean append)

java.io.File public boolean canWrite() public boolean createNewFile() public static File createTempFile( String prefix, String suffix) public static File createTempFile( String prefix, String suffix, File directory) public boolean mkdir() public boolean mkdirs() public boolean renameTo(File dest) public boolean setLastModified(long time) public boolean setReadOnly()

checkWrite(String)

java.io.FilePermission "{name}", "write"

java.io.ObjectInputStream protected final boolean enableResolveObject(boolean enable);

java.io.ObjectOutputStream protected final boolean enableReplaceObject(boolean enable)

checkPermission

java.io.SerializablePermission "enableSubstitution"

java.io.ObjectInputStream protected ObjectInputStream()

java.io.ObjectOutputStream protected ObjectOutputStream()

checkPermission

java.io.SerializablePermission "enableSubclassImplementation"

java.io.RandomAccessFile RandomAccessFile(String name, String mode) (where mode is "rw")

checkRead(String) and checkWrite(String)

java.io.FilePermission "{name}", "read,write"

java.lang.Class public static Class forName( String name, boolean initialize, ClassLoader loader)

checkPermission

If loader is null, and the caller's class loader is not null, then java.lang.RuntimePermission("getClassLoader")

java.lang.Class public Class[] getClasses()

For this class and each of its superclasses, checkMemberAccess(this, Member.DECLARED) is called and, if the class is in a package, checkPackageAccess({pkgName}) is called.

Default checkMemberAccess does not require any permissions if "this" class's classloader is the same as that of the caller. Otherwise, it requires java.lang.RuntimePermission "accessDeclaredMembers". If the class is in a package, java.lang.RuntimePermission "accessClassInPackage.{pkgName}" is also required.

java.lang.Class public ClassLoader getClassLoader()

checkPermission

If the caller's class loader is null, or is the same as or an ancestor of the class loader for the class whose class loader is being requested, no permission is needed. Otherwise,
java.lang.RuntimePermission "getClassLoader"
is required.

java.lang.Class public Class[] getDeclaredClasses() public Field[] getDeclaredFields() public Method[] getDeclaredMethods() public Constructor[] getDeclaredConstructors() public Field getDeclaredField( String name) public Method getDeclaredMethod(...) public Constructor getDeclaredConstructor(...)

checkMemberAccess(this, Member.DECLARED) and, if this class is in a package, checkPackageAccess({pkgName})

Default checkMemberAccess does not require any permissions if "this" class's classloader is the same as that of the caller. Otherwise, it requires java.lang.RuntimePermission "accessDeclaredMembers". If this class is in a package, java.lang.RuntimePermission "accessClassInPackage.{pkgName}" is also required.

java.lang.Class public Field[] getFields() public Method[] getMethods() public Constructor[] getConstructors() public Field getField(String name) public Method getMethod(...) public Constructor getConstructor(...)

checkMemberAccess(this, Member.PUBLIC) and, if class is in a package, checkPackageAccess({pkgName})

Default checkMemberAccess does not require any permissions when the access type is Member.PUBLIC. If this class is in a package, java.lang.RuntimePermission "accessClassInPackage.{pkgName}" is required.

java.lang.Class public ProtectionDomain getProtectionDomain()

checkPermission

java.lang.RuntimePermission "getProtectionDomain"

java.lang.ClassLoader ClassLoader() ClassLoader(ClassLoader parent)

checkCreateClassLoader

java.lang.RuntimePermission "createClassLoader"

java.lang.ClassLoader public static ClassLoader getSystemClassLoader() public ClassLoader getParent()

checkPermission

If the caller's class loader is null, or is the same as or an ancestor of the class loader for the class whose class loader is being requested, no permission is needed. Otherwise,
java.lang.RuntimePermission "getClassLoader"
is required.

java.lang.Runtime public Process exec(String command) public Process exec(String command, String envp[]) public Process exec(String cmdarray[]) public Process exec(String cmdarray[], String envp[])

checkExec

java.io.FilePermission "{command}", "execute"

java.lang.Runtime public void exit(int status) public static void runFinalizersOnExit(boolean value) java.lang.System public static void exit(int status) public static void runFinalizersOnExit(boolean value)

checkExit(status) where status is 0 for runFinalizersOnExit

java.lang.RuntimePermission "exitVM"

java.lang.Runtime public void addShutdownHook(Thread hook) public boolean removeShutdownHook(Thread hook)

checkPermission

java.lang.RuntimePermission "shutdownHooks"

java.lang.Runtime public void load(String lib) public void loadLibrary(String lib) java.lang.System public static void load(String filename) public static void loadLibrary( String libname)

checkLink({libName}) where {libName} is the lib, filename or libname argument

java.lang.RuntimePermission "loadLibrary.{libName}"

java.lang.SecurityManager methods

checkPermission

See the next table.

java.lang.System public static Properties getProperties() public static void setProperties(Properties props)

checkPropertiesAccess

java.util.PropertyPermission "*", "read,write"

java.lang.System public static String getProperty(String key) public static String getProperty(String key, String def)

checkPropertyAccess

java.util.PropertyPermission "{key}", "read"

java.lang.System public static void setIn(InputStream in) public static void setOut(PrintStream out) public static void setErr(PrintStream err)

checkPermission

java.lang.RuntimePermission "setIO"

java.lang.System public static String setProperty(String key, String value)

checkPermission

java.util.PropertyPermission "{key}", "write"

java.lang.System public static synchronized void setSecurityManager(SecurityManager s)

checkPermission

java.lang.RuntimePermission "setSecurityManager"

java.lang.Thread public ClassLoader getContextClassLoader()

checkPermission

If the caller's class loader is null, or is the same as or an ancestor of the context class loader for the thread whose context class loader is being requested, no permission is needed. Otherwise,
java.lang.RuntimePermission "getClassLoader"
is required.

java.lang.Thread public void setContextClassLoader (ClassLoader cl)

checkPermission

java.lang.RuntimePermission "setContextClassLoader"

java.lang.Thread public final void checkAccess() public void interrupt() public final void suspend() public final void resume() public final void setPriority (int newPriority) public final void setName(String name) public final void setDaemon(boolean on)

checkAccess(this)

java.lang.RuntimePermission "modifyThread"

java.lang.Thread public static int enumerate(Thread tarray[])

checkAccess({threadGroup})

java.lang.RuntimePermission "modifyThreadGroup"

java.lang.Thread public final void stop()

checkAccess(this). Also checkPermission if the current thread is trying to stop a thread other than itself.

java.lang.RuntimePermission "modifyThread".
Also java.lang.RuntimePermission "stopThread" if the current thread is trying to stop a thread other than itself.

java.lang.Thread public final synchronized void stop(Throwable obj)

checkAccess(this). Also checkPermission if the current thread is trying to stop a thread other than itself or obj is not an instance of ThreadDeath.

java.lang.RuntimePermission "modifyThread".
Also java.lang.RuntimePermission "stopThread" if the current thread is trying to stop a thread other than itself or obj is not an instance of ThreadDeath.

java.lang.Thread Thread() Thread(Runnable target) Thread(String name) Thread(Runnable target, String name)

java.lang.ThreadGroup ThreadGroup(String name) ThreadGroup(ThreadGroup parent, String name)

checkAccess({parentThreadGroup})

java.lang.RuntimePermission "modifyThreadGroup"

java.lang.Thread Thread(ThreadGroup group, ...)

java.lang.ThreadGroup public final void checkAccess() public int enumerate(Thread list[]) public int enumerate(Thread list[], boolean recurse) public int enumerate(ThreadGroup list[]) public int enumerate(ThreadGroup list[], boolean recurse) public final ThreadGroup getParent() public final void setDaemon(boolean daemon) public final void setMaxPriority(int pri) public final void suspend() public final void resume() public final void destroy()

checkAccess(this) for ThreadGroup methods, or checkAccess(group) for Thread methods

java.lang.RuntimePermission "modifyThreadGroup"

java.lang.ThreadGroup public final void interrupt()

checkAccess(this)

Requires java.lang.RuntimePermission "modifyThreadGroup".
Also requires java.lang.RuntimePermission "modifyThread", since the java.lang.Thread interrupt() method is called for each thread in the thread group and in all of its subgroups. See the Thread interrupt() method.

java.lang.ThreadGroup public final void stop()

checkAccess(this)

Requires java.lang.RuntimePermission "modifyThreadGroup".
Also requires java.lang.RuntimePermission "modifyThread" and possibly java.lang.RuntimePermission "stopThread", since the java.lang.Thread stop() method is called for each thread in the thread group and in all of its subgroups. See the Thread stop() method.

java.lang.reflect.AccessibleObject public static void setAccessible(...) public void setAccessible(...)

checkPermission

java.lang.reflect.ReflectPermission "suppressAccessChecks"

java.net.Authenticator public static PasswordAuthentication requestPasswordAuthentication( InetAddress addr, int port, String protocol, String prompt, String scheme)

checkPermission

java.net.NetPermission "requestPasswordAuthentication"

java.net.Authenticator public static void setDefault(Authenticator a)

checkPermission

java.net.NetPermission "setDefaultAuthenticator"

java.net.MulticastSocket public void joinGroup(InetAddress mcastaddr) public void leaveGroup(InetAddress mcastaddr)

checkMulticast(InetAddress)

java.net.SocketPermission( mcastaddr.getHostAddress(), "accept,connect")

java.net.DatagramSocket public void send(DatagramPacket p)

checkMulticast(p.getAddress()) or checkConnect(
p.getAddress().getHostAddress(), p.getPort())

if (p.getAddress().isMulticastAddress()) {
java.net.SocketPermission(
(p.getAddress()).getHostAddress(), "accept,connect")
}
else {
port = p.getPort();
host = p.getAddress().getHostAddress();
if (port == -1) java.net.SocketPermission "{host}","resolve";
else java.net.SocketPermission "{host}:{port}","connect"
}

java.net.MulticastSocket public synchronized void send(DatagramPacket p, byte ttl)

checkMulticast(p.getAddress(), ttl) or checkConnect(
p.getAddress().getHostAddress(), p.getPort())

if (p.getAddress().isMulticastAddress()) {
java.net.SocketPermission(
(p.getAddress()).getHostAddress(), "accept,connect")
}
else {
port = p.getPort();
host = p.getAddress().getHostAddress();
if (port == -1) java.net.SocketPermission "{host}","resolve";
else java.net.SocketPermission "{host}:{port}","connect"
}

java.net.InetAddress public String getHostName() public static InetAddress[] getAllByName(String host) public static InetAddress getLocalHost()

java.net.DatagramSocket public InetAddress getLocalAddress()

checkConnect({host}, -1)

java.net.SocketPermission "{host}", "resolve"

java.net.ServerSocket ServerSocket(...)

java.net.DatagramSocket DatagramSocket(...)

java.net.MulticastSocket MulticastSocket(...)

checkListen({port})

if (port == 0) java.net.SocketPermission "localhost:1024-","listen";
else java.net.SocketPermission "localhost:{port}","listen"

java.net.ServerSocket public Socket accept() protected final void implAccept(Socket s)

checkAccept({host}, {port})

java.net.SocketPermission "{host}:{port}", "accept"

java.net.ServerSocket public static synchronized void setSocketFactory(...)

java.net.Socket public static synchronized void setSocketImplFactory(...)

java.net.URL public static synchronized void setURLStreamHandlerFactory(...)

java.net.URLConnection public static synchronized void setContentHandlerFactory(...) public static void setFileNameMap(FileNameMap map)

java.net.HttpURLConnection public static void setFollowRedirects(boolean set)

java.rmi.activation.ActivationGroup public static synchronized ActivationGroup createGroup(...) public static synchronized void setSystem(ActivationSystem system)

java.rmi.server.RMISocketFactory public synchronized static void setSocketFactory(...)

checkSetFactory

java.lang.RuntimePermission "setFactory"

java.net.Socket Socket(...)

checkConnect({host}, {port})

java.net.SocketPermission "{host}:{port}", "connect"

java.net.DatagramSocket public synchronized void receive(DatagramPacket p)

checkAccept({host}, {port})

java.net.SocketPermission "{host}:{port}", "accept"

java.net.URL URL(...)

checkPermission

java.net.NetPermission "specifyStreamHandler"

java.net.URLClassLoader URLClassLoader(...)

checkCreateClassLoader

java.lang.RuntimePermission "createClassLoader"

java.security.AccessControlContext public AccessControlContext(AccessControlContext acc, DomainCombiner combiner) public DomainCombiner getDomainCombiner()

checkPermission

java.security.SecurityPermission "createAccessControlContext"

java.security.Identity public void addCertificate(...)

checkSecurityAccess(
"addIdentityCertificate")

java.security.SecurityPermission "addIdentityCertificate"

java.security.Identity public void removeCertificate(...)

checkSecurityAccess(
"removeIdentityCertificate")

java.security.SecurityPermission "removeIdentityCertificate"

java.security.Identity public void setInfo(String info)

checkSecurityAccess(
"setIdentityInfo")

java.security.SecurityPermission "setIdentityInfo"

java.security.Identity public void setPublicKey(PublicKey key)

checkSecurityAccess(
"setIdentityPublicKey")

java.security.SecurityPermission "setIdentityPublicKey"

java.security.Identity public String toString(...)

checkSecurityAccess(
"printIdentity")

java.security.SecurityPermission "printIdentity"

java.security.IdentityScope protected static void setSystemScope()

checkSecurityAccess(
"setSystemScope")

java.security.SecurityPermission "setSystemScope"

java.security.Permission public void checkGuard(Object object)

checkPermission(this)

this Permission object is the permission checked

java.security.Policy public static Policy getPolicy()

checkPermission

java.security.SecurityPermission "getPolicy"

java.security.Policy public static void setPolicy(Policy policy);

checkPermission

java.security.SecurityPermission "setPolicy"

java.security.Provider public synchronized void clear()

checkSecurityAccess(
"clearProviderProperties."+{name})

java.security.SecurityPermission "clearProviderProperties.{name}" where name is the provider name.

java.security.Provider public synchronized Object put(Object key, Object value)

checkSecurityAccess(
"putProviderProperty."+{name})

java.security.SecurityPermission "putProviderProperty.{name}" where name is the provider name.

java.security.Provider public synchronized Object remove(Object key)

checkSecurityAccess(
"removeProviderProperty."+{name})

java.security.SecurityPermission "removeProviderProperty.{name}" where name is the provider name.

java.security.SecureClassLoader SecureClassLoader(...)

checkCreateClassLoader

java.lang.RuntimePermission "createClassLoader"

java.security.Security public static void getProperty(String key)

checkPermission

java.security.SecurityPermission "getProperty.{key}"

java.security.Security public static int addProvider(Provider provider) public static int insertProviderAt(Provider provider, int position);

checkSecurityAccess(
"insertProvider."+provider.getName())

java.security.SecurityPermission "insertProvider.{name}"

java.security.Security public static void removeProvider(String name)

checkSecurityAccess(
"removeProvider."+name)

java.security.SecurityPermission "removeProvider.{name}"

java.security.Security public static void setProperty(String key, String datum)

checkSecurityAccess(
"setProperty."+key)

java.security.SecurityPermission "setProperty.{key}"

java.security.Signer public PrivateKey getPrivateKey()

checkSecurityAccess(
"getSignerPrivateKey")

java.security.SecurityPermission "getSignerPrivateKey"

java.security.Signer public final void setKeyPair(KeyPair pair)

checkSecurityAccess(
"setSignerKeypair")

java.security.SecurityPermission "setSignerKeypair"

java.sql.DriverManager public static synchronized void setLogWriter(PrintWriter out)

checkPermission

java.sql.SQLPermission "setLog"

java.sql.DriverManager public static synchronized void setLogStream(PrintWriter out)

checkPermission

java.sql.SQLPermission "setLog"

java.util.Locale public static synchronized void setDefault(Locale newLocale)

checkPermission

java.util.PropertyPermission "user.language","write"

java.util.zip.ZipFile ZipFile(String name)

checkRead

java.io.FilePermission "{name}","read"

javax.security.auth.Subject public static Subject getSubject(final AccessControlContext acc)

checkPermission

javax.security.auth.AuthPermission "getSubject"

javax.security.auth.Subject public void setReadOnly()

checkPermission

javax.security.auth.AuthPermission "setReadOnly"

javax.security.auth.Subject public static Object doAs(final Subject subject, final PrivilegedAction action)

checkPermission

javax.security.auth.AuthPermission "doAs"

javax.security.auth.Subject public static Object doAs(final Subject subject, final PrivilegedExceptionAction action) throws java.security.PrivilegedActionException

checkPermission

javax.security.auth.AuthPermission "doAs"

javax.security.auth.Subject public static Object doAsPrivileged(final Subject subject, final PrivilegedAction action, final AccessControlContext acc)

checkPermission

javax.security.auth.AuthPermission "doAsPrivileged"

javax.security.auth.Subject public static Object doAsPrivileged(final Subject subject, final PrivilegedExceptionAction action, final AccessControlContext acc) throws java.security.PrivilegedActionException

checkPermission

javax.security.auth.AuthPermission "doAsPrivileged"

javax.security.auth.SubjectDomainCombiner public Subject getSubject()

checkPermission

javax.security.auth.AuthPermission "getSubjectFromDomainCombiner"

javax.security.auth.SubjectDomainCombiner public Subject getSubject()

checkPermission

javax.security.auth.AuthPermission "getSubjectFromDomainCombiner"

javax.security.auth.login.LoginContext public LoginContext(String name) throws LoginException

checkPermission

javax.security.auth.AuthPermission "createLoginContext.{name}"

javax.security.auth.login.LoginContext public LoginContext(String name, Subject subject) throws LoginException

checkPermission

javax.security.auth.AuthPermission "createLoginContext.{name}"

javax.security.auth.login.LoginContext public LoginContext(String name, CallbackHandler callbackHandler) throws LoginException

checkPermission

javax.security.auth.AuthPermission "createLoginContext.{name}"

javax.security.auth.login.LoginContext public LoginContext(String name, Subject subject, CallbackHandler callbackHandler) throws LoginException

checkPermission

javax.security.auth.AuthPermission "createLoginContext.{name}"

javax.security.auth.login.Configuration public static Configuration getConfiguration()

checkPermission

javax.security.auth.AuthPermission "getLoginConfiguration"

javax.security.auth.login.Configuration public static void setConfiguration(Configuration configuration)

checkPermission

javax.security.auth.AuthPermission "setLoginConfiguration"

javax.security.auth.login.Configuration public static void refresh()

checkPermission

javax.security.auth.AuthPermission "refreshLoginConfiguration"