Module  java.base
软件包  java.io

Class SerializablePermission

  • All Implemented Interfaces:
    SerializableGuard


    public final class SerializablePermission
    extends BasicPermission
    这个类用于Serializable权限。 SerializablePermission包含一个名称(也称为“目标名称”),但没有操作列表; 你有指定的权限,或者你没有。

    目标名称是Serializable权限的名称(见下文)。

    下表列出了标准的SerializablePermission目标名称,每个都提供了许可允许的描述,并讨论授予代码授权的风险。

    Permission target name, what the permission allows, and associated risks Permission Target Name What the Permission Allows Risks of Allowing this Permission enableSubclassImplementation Subclass implementation of ObjectOutputStream or ObjectInputStream to override the default serialization or deserialization, respectively, of objects Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserialization it could, for example, deserialize a class with all its private fields zeroed out. enableSubstitution Substitution of one object for another during serialization or deserialization This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data. serialFilter Setting a filter for ObjectInputStreams. Code could remove a configured filter and remove protections already established.
    从以下版本开始:
    1.2
    另请参见:
    BasicPermissionPermissionPermissionsPermissionCollectionSecurityManagerSerialized Form
    • 构造方法详细信息

      • SerializablePermission

        public SerializablePermission​(String name)
        创建一个具有指定名称的新SerializablePermission。 该名称是SerializablePermission的符号名称,例如“enableSubstitution”等。
        参数
        name - SerializablePermission的名称。
        异常
        NullPointerException - 如果 namenull
        IllegalArgumentException - 如果 name为空。
      • SerializablePermission

        public SerializablePermission​(String name,
                                      String actions)
        创建一个具有指定名称的新SerializablePermission对象。 该名称是SerializablePermission的符号名称,并且操作String当前未使用,应为null。
        参数
        name - SerializablePermission的名称。
        actions - 当前未使用,必须设置为null
        异常
        NullPointerException - 如果 namenull
        IllegalArgumentException - 如果 name为空。