All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.tangosol.net.security.LocalPermission Maven / Gradle / Ivy

There is a newer version: 24.09
Show newest version
/*
 * Copyright (c) 2000, 2020, Oracle and/or its affiliates.
 *
 * Licensed under the Universal Permissive License v 1.0 as shown at
 * http://oss.oracle.com/licenses/upl.
 */

package com.tangosol.net.security;

import java.security.BasicPermission;


/**
 * This class is for local (non-clustered) permissions. A LocalPermission contains
 * a name (also referred to as a "target name") but no actions list;
 * the caller either has the named permission or it doesn't.
 * 

* The target name is the name of the local permission (see the list below). The * naming convention follows the hierarchical property naming convention defined * in {@link BasicPermission}. *

* The following table lists all the possible LocalPermission target names, * and for each provides a description of what the permission allows * and a discussion of the risks of granting code the permission. * *

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Permission Target NameWhat the Permission AllowsRisks of Allowing this Permission
CacheFactory.setCacheFactoryBuilderSetting the CacheFactoryBuilderThis is an extremely dangerous permission to grant. * Malicious applications that can set their own CacheFactoryBuilder could * intercept any access or mutation requests to any caches and have access * to any data that flows into and from those caches. *
Cluster.shutdownShutting down all clustered servicesThis allows an attacker to mount a denial-of-service attack by forcing * all clustered service to shutdown. *
BackingMapManagerContext.getBackingMapGetting a reference to the underlying backing map for a cacheThis is a dangerous permission to grant. * Malicious code that can get a reference to the backing map can access * any stored data without any additional security checks. *
BackingMapManagerContext.setClassLoaderSetting a ClassLoader used by the CacheService associated with the contextThe class loader is used by the cache service to load application classes * that might not exist in the system class loader. Granting this permission * would allow code to change which class loader is used for a particular service. *
Service.getInternalServiceAccess to the internal Service, Cluster or Cache referenceThis allows an attacker to obtain direct access to the underlying Service, * Cluster or cache Storage implementation. *
Service.registerResourceRegistering a resource associated with a clustered serviceThis allows an attacker to re-register or unregister various resources * associated with the service. *
Service.registerEventInterceptorRegistering an event interceptor for a cache serviceThis is a dangerous permission to grant. This allows an attacker to change * or remove event interceptors associated with the cache service thus either * getting access to underlying data or removing live events that are designed * to protect the data integrity. *
{@link com.tangosol.net.management.MBeanServerProxy#execute(com.tangosol.util.function.Remote.Function) MBeanServerProxy.execute}Execute a {@link com.tangosol.util.function.Remote.Function function} on the management node and return a serializable result.This is a dangerous permission to grant. This allows an attacker to execute code in management node.
* * @author gg 2014.08.05 * @since Coherence 12.2.1 */ public class LocalPermission extends BasicPermission { /** * Create a new LocalPermission with the specified target name. * * @param sName the name of the LocalPermission */ public LocalPermission(String sName) { super(sName); } // ----- constants for frequently used permissions ----------------------- /** * "Service.getInternalService" permission. */ public final static LocalPermission INTERNAL_SERVICE = new LocalPermission("Service.getInternalService"); /** * "BackingMapManagerContext.getBackingMap" permission. */ public final static LocalPermission BACKING_MAP = new LocalPermission("BackingMapManagerContext.getBackingMap"); }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy