com.tangosol.net.security.LocalPermission Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of coherence Show documentation

Oracle Coherence Community Edition

There is a newer version: 24.09

/*
 * Copyright (c) 2000, 2020, Oracle and/or its affiliates.
 *
 * Licensed under the Universal Permissive License v 1.0 as shown at
 * http://oss.oracle.com/licenses/upl.
 */

package com.tangosol.net.security;

import java.security.BasicPermission;


/**
 * This class is for local (non-clustered) permissions. A LocalPermission contains
 * a name (also referred to as a "target name") but no actions list;
 * the caller either has the named permission or it doesn't.
 * 
 * The target name is the name of the local permission (see the list below). The
 * naming convention follows the hierarchical property naming convention defined
 * in {@link BasicPermission}.
 * 

 * The following table lists all the possible LocalPermission target names,
 * and for each provides a description of what the permission allows
 * and a discussion of the risks of granting code the permission.
 *
 * 
 * 
 * 
 * 
 * 
 * 
 *
 * 
 *   
 *   
 *   
 * 
 *
 * 
 *   
 *   
 *   
 * 
 *
 * 
 *   
 *   
 *   
 * 
 *
 * 
 *   
 *   
 *   
 * 
 *
 * 
 *   
 *   
 *   
 *
 * 
 *   
 *   
 *   
 *
 * 
 *   
 *   
 *   
 * 
 * 
 *     
 *     
 *     
 * 
 * Permission Target Name What the Permission Allows Risks of Allowing this Permission
CacheFactory.setCacheFactoryBuilder Setting the CacheFactoryBuilder This is an extremely dangerous permission to grant.
 *       Malicious applications that can set their own CacheFactoryBuilder could
 *       intercept any access or mutation requests to any caches and have access
 *       to any data that flows into and from those caches.
 *    
Cluster.shutdown Shutting down all clustered services This allows an attacker to mount a denial-of-service attack by forcing
 *       all clustered service to shutdown.
 *   
BackingMapManagerContext.getBackingMap Getting a reference to the underlying backing map for a cache This is a dangerous permission to grant.
 *       Malicious code that can get a reference to the backing map can access
 *       any stored data without any additional security checks.
 *   
BackingMapManagerContext.setClassLoader Setting a ClassLoader used by the CacheService associated with the context The class loader is used by the cache service to load application classes
 *       that might not exist in the system class loader. Granting this permission
 *       would allow code to change which class loader is used for a particular service.
 *   
Service.getInternalService Access to the internal Service, Cluster or Cache reference This allows an attacker to obtain direct access to the underlying Service,
 *       Cluster or cache Storage implementation.
 *   
Service.registerResource Registering a resource associated with a clustered service This allows an attacker to re-register or unregister various resources
 *       associated with the service.
 *   
Service.registerEventInterceptor Registering an event interceptor for a cache service This is a dangerous permission to grant. This allows an attacker to change
 *       or remove event interceptors associated with the cache service thus either
 *       getting access to underlying data or removing live events that are designed
 *       to protect the data integrity.
 *   
{@link com.tangosol.net.management.MBeanServerProxy#execute(com.tangosol.util.function.Remote.Function) MBeanServerProxy.execute} Execute a {@link com.tangosol.util.function.Remote.Function function} on the management node and return a serializable result. This is a dangerous permission to grant. This allows an attacker to execute code in management node.
 *
 * @author gg 2014.08.05
 * @since Coherence 12.2.1
 */
public class LocalPermission
        extends BasicPermission
    {
    /**
     * Create a new LocalPermission with the specified target name.
     *
     * @param sName the name of the LocalPermission
     */
    public LocalPermission(String sName)
        {
        super(sName);
        }


    // ----- constants for frequently used permissions -----------------------

    /**
     * "Service.getInternalService" permission.
     */
    public final static LocalPermission INTERNAL_SERVICE =
        new LocalPermission("Service.getInternalService");

    /**
     * "BackingMapManagerContext.getBackingMap" permission.
     */
    public final static LocalPermission BACKING_MAP =
        new LocalPermission("BackingMapManagerContext.getBackingMap");
    }

Permission Target Name	What the Permission Allows	Risks of Allowing this Permission
CacheFactory.setCacheFactoryBuilder	Setting the CacheFactoryBuilder	This is an extremely dangerous permission to grant. * Malicious applications that can set their own CacheFactoryBuilder could * intercept any access or mutation requests to any caches and have access * to any data that flows into and from those caches. *
Cluster.shutdown	Shutting down all clustered services	This allows an attacker to mount a denial-of-service attack by forcing * all clustered service to shutdown. *
BackingMapManagerContext.getBackingMap	Getting a reference to the underlying backing map for a cache	This is a dangerous permission to grant. * Malicious code that can get a reference to the backing map can access * any stored data without any additional security checks. *
BackingMapManagerContext.setClassLoader	Setting a ClassLoader used by the CacheService associated with the context	The class loader is used by the cache service to load application classes * that might not exist in the system class loader. Granting this permission * would allow code to change which class loader is used for a particular service. *
Service.getInternalService	Access to the internal Service, Cluster or Cache reference	This allows an attacker to obtain direct access to the underlying Service, * Cluster or cache Storage implementation. *
Service.registerResource	Registering a resource associated with a clustered service	This allows an attacker to re-register or unregister various resources * associated with the service. *
Service.registerEventInterceptor	Registering an event interceptor for a cache service	This is a dangerous permission to grant. This allows an attacker to change * or remove event interceptors associated with the cache service thus either * getting access to underlying data or removing live events that are designed * to protect the data integrity. *
{@link com.tangosol.net.management.MBeanServerProxy#execute(com.tangosol.util.function.Remote.Function) MBeanServerProxy.execute}	Execute a {@link com.tangosol.util.function.Remote.Function function} on the management node and return a serializable result.	This is a dangerous permission to grant. This allows an attacker to execute code in management node.