public final class SerializablePermission extends BasicPermission
目标名称是Serializable权限的名称(见下文)。
下表列出了所有可能的SerializablePermission目标名称,每个都提供了许可允许的描述,并讨论授予代码许可的风险。
Permission Target Name What the Permission Allows Risks of Allowing this Permission enableSubclassImplementation Subclass implementation of ObjectOutputStream or ObjectInputStream to override the default serialization or deserialization, respectively, of objects Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserialization it could, for example, deserialize a class with all its private fields zeroed out. enableSubstitution Substitution of one object for another during serialization or deserialization This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data.BasicPermission
, Permission
, Permissions
, PermissionCollection
, SecurityManager
, Serialized Form
Constructor and Description |
---|
SerializablePermission(String name)
创建一个具有指定名称的新SerializablePermission。
|
SerializablePermission(String name, String actions)
创建一个具有指定名称的新SerializablePermission对象。
|
equals, getActions, hashCode, implies, newPermissionCollection
checkGuard, getName, toString
public SerializablePermission(String name)
name
-
name
的名称。
NullPointerException
- 如果
name
是
null
。
IllegalArgumentException
- 如果
name
为空。
public SerializablePermission(String name, String actions)
name
-
name
的名称。
actions
- 当前未使用,必须设置为null
NullPointerException
- 如果
name
是
null
。
IllegalArgumentException
- 如果
name
为空。