Permissions in JDK1.2

Last Modified: 16 February, 1998

This document contains two tables listing the permissions in JDK1.2. (A permission represents access to a system resource.) The tables are the following:

Methods and the Permissions They Require
java.lang.SecurityManager Method Permission Checks

For information about specifying permissions in policy files, see Default Policy Implementation and Policy File Syntax


Methods and the Permissions They Require

The following table contains a list of all the permissions in JDK1.2, and which methods require them.

A call to a method in the left-hand column can only be successful if the permission specified in the corresponding entry in the right-hand column is allowed by the policy currently in effect. For example, the following row:

Method Permission
  java.awt.Toolkit
    getSystemEventQueue(); 
java.awt.AWTPermission "eventQueue";

specifies that a call to the getSystemEventQueue method in the java.awt.Toolkit class can only be successful if the following permission is set:

    java.awt.AWTPermission "eventQueue";

The convention of:

Method Permission
 some.package.class
   public static void someMethod(String foo); 
SomePermission "{foo}";

means the runtime value of foo replaces the string {foo} in the permission name.

As an example, here is one table entry:

Method Permission
  java.io.FileInputStream
    FileInputStream(String name) 
java.io.FilePermission "{name}", "read";

If the FileInputStream method (in this case, a constructor) is called with "/test/MyTestFile" as the name argument, as in

    FileInputStream("/test/MyTestFile");
then in order for the call to succeed, the following permission must be set in the current policy, allowing read access to the file "/test/MyTestFile":
    java.io.FilePermission "/test/MyTestFile", "read";
More specifically, the permission must either be explicitly set, as above, or implied by another permission, such as the following:
    java.io.FilePermission "/test/*", "read";
which allows read access to any files in the "/test" directory.

The following table is ordered by package name. That is, the methods in classes in the java.awt package are listed first, followed by methods in classes in the java.io package, and so on.


Permissions and the methods that check for them
Method Permission
  java.awt.Toolkit
    getPrintJob(Frame frame, String jobtitle, Properties props);
java.lang.RuntimePermission "print.queueJob";

Note: The getPrintJob method is actually abstract and thus can't invoke security checks. Each actual implementation of the method should call the java.lang.SecurityManager checkPrintJobAccess method, which is successful only if the java.lang.RuntimePermission "print.queueJob" permission is currently allowed.

  java.awt.Toolkit
    getSystemClipboard();
java.awt.AWTPermission "systemClipboard";

Note: The getSystemClipboard method is actually abstract and thus can't invoke security checks. Each actual implementation of the method should call the java.lang.SecurityManager checkSystemClipboardAccess method, which is successful only if the java.awt.AWTPermission "systemClipboard" permission is currently allowed.

  java.awt.Toolkit
    getSystemEventQueue();
java.awt.AWTPermission "eventQueue";
  java.awt.Window
    Window()
java.awt.AWTPermission "topLevelWindow";
  java.io.File
    public boolean delete();
java.io.FilePermission "{name}", "delete";
  java.io.FileInputStream
    FileInputStream(FileDescriptor fdObj);
java.lang.RuntimePermission "fileDescriptor.read";
  java.io.FileInputStream
    FileInputStream(String name)

  java.io.File
    public boolean exists();
    public boolean canRead();
    public boolean isFile();
    public boolean isDirectory();
    public long lastModified();
    public long length();
    public String[] list();
      
  java.io.RandomAccessFile
    RandomAccessFile(String name, String mode)
        (where mode is "r")
java.io.FilePermission "{name}", "read";
  java.io.FileOutputStream
    FileOutputStream(FileDescriptor fdObj)
java.lang.RuntimePermission "fileDescriptor.write";
  java.io.FileOutputStream 
    FileOutputStream(String name)
    FileOutputStream(String name, boolean append)

  java.io.File
    public boolean canWrite();
    public boolean mkdir();
    public boolean renameTo(File dest);
java.io.FilePermission "{name}", "write";
  java.io.ObjectInputStream
    protected final boolean 
      enableResolveObject(boolean enable);

  java.io.ObjectOutputStream
    protected final boolean 
      enableReplaceObject(boolean enable)
java.io.SerializablePermission "enableSubstitution";
  java.io.RandomAccessFile
    RandomAccessFile(String name, String mode)
        (where mode is "rw")
java.io.FilePermission "{name}", "read,write";
  java.lang.Class
    public Class[] getDeclaredClasses();
    public Field[] getDeclaredFields();
    public Method[] getDeclaredMethods();
    public Constructor[] getDeclaredConstructors();
    public Field getDeclaredField(String name);
    public Method getDeclaredMethod(...);
    public Constructor getDeclaredConstructor(...);
java.lang.RuntimePermission "reflect.declared.{classname}";
  java.lang.Class
    public ProtectionDomain getProtectionDomain()
java.lang.RuntimePermission "Class.getProtectionDomain";
  java.lang.Class
    public void setProtectionDomain(ProtectionDomain pd)
java.lang.RuntimePermission "Class.setProtectionDomain";
  java.lang.ClassLoader
    ClassLoader();
java.lang.RuntimePermission "createClassLoader";
  java.lang.Runtime
    public Process exec(String command);
    public Process exec(String command, String envp[]);
    public Process exec(String cmdarray[]);
    public Process exec(String cmdarray[], String envp[]);
java.io.FilePermission "{command}", "execute";
  java.lang.Runtime
    public void exit(int status);
    public static void runFinalizersOnExit(boolean value);
java.lang.RuntimePermission "exit";
  java.lang.Runtime
    public void load(String lib);
    public void loadLibrary(String lib);
java.lang.RuntimePermission "loadLibrary.{lib}";
  java.lang.System
    public static Properties getProperties();
    public static void setProperties(Properties props);
java.util.PropertyPermission "*", "read,write";
  java.lang.System
    public static String getProperty(String key);
    public static String getProperty(String key, 
                                     String def);
java.util.PropertyPermission "{key}", "read";
  java.lang.System
   public static void setIn(InputStream in);
   public static void setOut(PrintStream out);
   public static void setErr(PrintStream err);
java.lang.RuntimePermission "setIO";
  java.lang.System
    public static String setProperty(String key, String value);
java.util.PropertyPermission "{key}", "write";
  java.lang.Thread
    Thread(...)
    public final void stop();
    public final synchronized void stop(Throwable o);
    public void interrupt();
    public final void suspend();
    public final void resume();
    public final void setPriority(int newPriority);
    public final void setName(String name);
    public final void setDaemon(boolean on);

  java.lang.ThreadGroup
    ThreadGroup(ThreadGroup parent, String name)
    public final void setDaemon(boolean daemon);
    public final void setMaxPriority(int pri);
    public final void stop();
    public final void suspend();
    public final void resume();
    public final void destroy();
java.lang.RuntimePermission "thread";
  java.lang.reflect.AccessibleObject
    public static void setAccessible(...);
    public void setAccessible(...);
java.lang.reflect.ReflectPermission "access";
  java.net.Authenticator
    public static PasswordAuthentication
           requestPasswordAuthentication(
		    InetAddress addr,
		    int port,
		    String protocol,
		    String prompt,
		    String scheme);
java.net.NetPermission "Authenticator.requestPasswordAuthentication";
  java.net.Authenticator
    public static void setDefault(Authenticator a);
java.net.NetPermission "Authenticator.setDefault";
  java.net.DatagramSocket
    public void send(DatagramPacket p);

  java.net.MulticastSocket
    public void joinGroup(InetAddress mcastaddr);
    public void leaveGroup(InetAddress mcastaddr);
    public synchronized void send(DatagramPacket p,
                                  byte ttl);
java.net.NetPermission "multicast";
  java.net.InetAddress
    public String getHostName();
    public static InetAddress getAllByName(String host);
    public static InetAddress getLocalHost();

  java.net.DatagramSocket
    public InetAddress getLocalAddress();
java.net.SocketPermission "{host}", "resolve";
  java.net.ServerSocket
    ServerSocket(int port, int backlog, 
                              InetAddress bindAddr)

  java.net.DatagramSocket
    DatagramSocket(...)

  java.net.MulticastSocket
    MulticastSocket(...)
java.net.SocketPermission "localhost:{port}", "listen";
  java.net.ServerSocket
    public Socket accept();
java.net.SocketPermission "{host}:{port}", "accept";
  java.net.ServerSocket
    public static synchronized void 
        setSocketFactory(...);

  java.net.Socket
    public static synchronized void
        setSocketImplFactory(...);
  java.net.URL
    public static synchronized void
        setURLStreamHandlerFactory(...);

  java.net.URLConnection
     public static synchronized void
        setContentHandlerFactory(...);

  java.net.HttpURLConnection
     public static void setFollowRedirects(boolean set);

  java.rmi.server.RMISocketFactory
     public synchronized static void
        setSocketFactory(...);
java.lang.RuntimePermission "setFactory";
  java.net.Socket
    Socket(InetAddress host, int port, boolean stream)

  java.net.DatagramSocket
    public void send(DatagramPacket p);
    public synchronized void receive(DatagramPacket p);

  java.net.MulticastSocket
    public synchronized void send(DatagramPacket p,
                                  byte ttl);
java.net.SocketPermission "{host}:{port}", "connect";
  java.security.Identity
    public void addCertificate(...);

java.security.SecurityPermission "Identity.addCertificate";
  java.security.Identity
    public void removeCertificate(..);
java.security.SecurityPermission "Identity.removeCertificate";
  java.security.Identity
    public void setInfo(String info);
java.security.SecurityPermission "Identity.setInfo";
  java.security.Identity
    public void setPublicKey(PublicKey key);
java.security.SecurityPermission "Identity.setPublicKey";
  java.security.IdentityScope
    protected static void setSystemScope();
java.security.SecurityPermission "IdentityScope.setSystemScope";
  java.security.Policy
    public static Policy getPolicy();
java.security.SecurityPermission "Policy.getPolicy";
  java.security.Policy
    public static void setPolicy(Policy policy);
java.security.SecurityPermission "Policy.setPolicy";
  java.security.Provider
    public synchronized void clear();
java.security.SecurityPermission "Provider.clear.{name}";
  java.security.Provider
    public synchronized Object put(Object key,
                                   Object value);
java.security.SecurityPermission "Provider.put.{name}";
  java.security.Provider
    public synchronized Object remove(Object key);
java.security.SecurityPermission "Provider.remove.{name}";
  java.security.Security
    public static void getProperty(String key);
java.security.SecurityPermission "Security.getProperty.{key}";
  java.security.Security
    public static int 
      insertProviderAt(Provider provider,int position);
java.security.SecurityPermission "Security.insertProvider.{name}";
  java.security.Security
    public static void removeProvider(String name);
java.security.SecurityPermission "Security.removeProvider.{name}";
  java.security.Security
    public static void setProperty(String key,
                                   String datum);
java.security.SecurityPermission "Security.setProperty.{key}";
  java.security.Signer
    public PrivateKey getPrivateKey();
java.security.SecurityPermission "Signer.getPrivateKey";
  java.security.Signer
    public final void setKeyPair(KeyPair pair) 
java.security.SecurityPermission "Signer.setPrivateKeypair";
  java.util.Locale
    public static synchronized void setDefault(Locale newLocale)
java.util.PropertyPermission "user.language","write";


java.lang.SecurityManager Method Permission Checks

java.lang.SecurityManager methods and corresponding permission checks
Method Permission
public void checkAccept(String host, int port); java.net.SocketPermission "{host}:{port}", "accept";
public void checkAccess(Thread g); java.lang.RuntimePermission "thread");
public void checkAccess(ThreadGroup g); java.lang.RuntimePermission "thread");
public void checkAwtEventQueueAccess(); java.awt.AWTPermission "eventQueue";
public void checkConnect(String host, int port); if (port == -1) java.net.SocketPermission "{host}","resolve";
else java.net.SocketPermissio "{host}:{port}","connect";
public void checkCreateClassLoader(); java.lang.RuntimePermission "createClassLoader";
public void checkDelete(String file); java.io.FilePermission "{file}", "delete";
public void checkExec(String cmd); if cmd is an absolute path: java.io.FilePermission "{cmd}", "execute";
else java.io.FilePermission "-", "execute";
public void checkExit(int status); java.lang.RuntimePermission "exit");
public void checkLink(String lib); java.lang.RuntimePermission "loadLibrary.{lib}";
public void checkListen(int port); if (port == 0) java.net.SocketPermission "localhost:1024-","listen";
else java.net.SocketPermission "localhost:{port}","listen";
public void checkMemberAccess(Class clazz, int which); if (which == Member.PUBLIC) return;
if (currentClassLoader() == clazz.getClassLoader()) return;
java.lang.RuntimePermission "reflect.declared.{classname}";
public void checkMulticast(InetAddress maddr); java.net.NetPermission "multicast";
public void checkMulticast(InetAddress maddr, byte ttl); java.net.NetPermission "multicast";
public void checkPackageAccess(String pkg); java.lang.RuntimePermission "package.access.{pkg}";
public void checkPackageDefinition(String pkg); java.lang.RuntimePermission "package.define.{pkg}";
public void checkPrintJobAccess(); java.lang.RuntimePermission "print.queueJob";
public void checkPropertiesAccess(); java.util.PropertyPermission "*", "read,write";
public void checkPropertyAccess(String key); java.util.PropertyPermission "{key}", "read,write";
public void checkRead(FileDescriptor fd); java.lang.RuntimePermission "fileDescriptor.read";
public void checkRead(String file); java.io.FilePermission "{file}", "read";
public void checkSecurityAccess(String action); java.security.SecurityPermission "{action}";
public void checkSetFactory(); java.lang.RuntimePermission "setFactory";
public void checkSystemClipboardAccess(); java.awt.AWTPermission "systemClipboard";
public boolean checkTopLevelWindow(Object window); java.awt.AWTPermission "topLevelWindow";
public void checkWrite(FileDescriptor fd); java.lang.RuntimePermission "fileDescriptor.write";
public void checkWrite(String file); java.io.FilePermission "{file}", "write";


Copyright © 1997-98 Sun Microsystems, Inc. All Rights Reserved.

Please send comments to:
Roland Schemers
Sun
JavaSoft