public interface RevocablePolicy extends DynamicPolicy
RevocablePolicy, is a Java Security Policy Provider that supports Runtime Dynamic addition and removal of PermissionGrant's
Warning: Not all Permission's are truly revocable, while any Permission can be dynamically added and later removed from this policy, many JVM Permission implementations are used in ways that allow references to escape
To quote Tim Blackman, from river-dev:
I remember talking with Bob and Mike Warres about this. The problem with removing permission grants is that when code is granted a permission, it can very likely squirrel away something -- an object, or another capability available through the granted permission -- that will permit it to perform the same operation again without the JVM checking for the permission again.
In order for a Permission to be fully revoked, the permission must be used to guard methods only, not Objects or their creation.
See "Inside Java 2 Platform Security" 2nd Edition, ISBN:0-201-78791-1, page 176.
A Security Delegate, may be used as a wrapper with an identical interface to the object it protects, a new Permission class must be implemented, for the Delegate's use, in a checkPermission call, to protect access to the underlying object's method. If an existing JVM Permission guards the underlying object, the delegate needs to be given the standard JVM Permission. DelegatePermission has been created for the purpose of encapsulating an existing Permission.
The ability to revoke a Permission fully is intended for smart proxy's to be given some trust temporarily, so that objects received from the smart proxy by a client cannot be used to continue gathering and sending information to a remote server after the proxy has been discarded.
A list of standard Java Permission's that are confirmed safely revocable will be provided here.
|Modifier and Type||Method and Description|
A dynamic grant.
Checks if policy supports revocation.
boolean grant(PermissionGrant p)
Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.