public class LocalPermission extends BasicPermission
The target name is the name of the local permission (see the list below). The naming convention follows the hierarchical property naming convention defined in BasicPermission
.
The following table lists all the possible LocalPermission target names, and for each provides a description of what the permission allows and a discussion of the risks of granting code the permission.
Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
---|---|---|
CacheFactory.setCacheFactoryBuilder | Setting the CacheFactoryBuilder | This is an extremely dangerous permission to grant. Malicious applications that can set their own CacheFactoryBuilder could intercept any access or mutation requests to any caches and have access to any data that flows into and from those caches. |
Cluster.shutdown | Shutting down all clustered services | This allows an attacker to mount a denial-of-service attack by forcing all clustered service to shutdown. |
BackingMapManagerContext.getBackingMap | Getting a reference to the underlying backing map for a cache | This is a dangerous permission to grant. Malicious code that can get a reference to the backing map can access any stored data without any additional security checks. |
BackingMapManagerContext.setClassLoader | Setting a ClassLoader used by the CacheService associated with the context | The class loader is used by the cache service to load application classes that might not exist in the system class loader. Granting this permission would allow code to change which class loader is used for a particular service. |
Service.getInternalService | Access to the internal Service, Cluster or Cache reference | This allows an attacker to obtain direct access to the underlying Service, Cluster or cache Storage implementation. |
Service.registerResource | Registering a resource associated with a clustered service | This allows an attacker to re-register or unregister various resources associated with the service. |
Service.registerEventInterceptor | Registering an event interceptor for a cache service | This is a dangerous permission to grant. This allows an attacker to change or remove event interceptors associated with the cache service thus either getting access to underlying data or removing live events that are designed to protect the data integrity. |
Modifier and Type | Field and Description |
---|---|
static LocalPermission |
BACKING_MAP
"BackingMapManagerContext.getBackingMap" permission.
|
static LocalPermission |
INTERNAL_SERVICE
"Service.getInternalService" permission.
|
Constructor and Description |
---|
LocalPermission(String sName)
Create a new LocalPermission with the specified target name.
|
equals, getActions, hashCode, implies, newPermissionCollection
checkGuard, getName, toString
public static final LocalPermission INTERNAL_SERVICE
public static final LocalPermission BACKING_MAP
public LocalPermission(String sName)
sName
- the name of the LocalPermission