模块  java.base
软件包  java.io

Class SerializablePermission

  • 实现的所有接口
    SerializableGuard

    public final class SerializablePermission
    extends BasicPermission
    此类用于Serializable权限。 SerializablePermission包含一个名称(也称为“目标名称”)但没有动作列表; 您要么拥有命名权限,要么不拥有。

    目标名称是Serializable权限的名称(请参阅下文)。

    下表列出了标准SerializablePermission目标名称,每个目标名称都提供了权限允许的描述以及授予代码权限的风险的讨论。

    Permission target name, what the permission allows, and associated risks Permission Target Name What the Permission Allows Risks of Allowing this Permission enableSubclassImplementation Subclass implementation of ObjectOutputStream or ObjectInputStream to override the default serialization or deserialization, respectively, of objects Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserialization it could, for example, deserialize a class with all its private fields zeroed out. enableSubstitution Substitution of one object for another during serialization or deserialization This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data. serialFilter Setting a filter for ObjectInputStreams. Code could remove a configured filter and remove protections already established.
    从以下版本开始:
    1.2
    另请参见:
    BasicPermissionPermissionPermissionsPermissionCollectionSecurityManagerSerialized Form
    • 构造方法详细信息

      • SerializablePermission

        public SerializablePermission​(String name)
        创建具有指定名称的新SerializablePermission。 该名称是SerializablePermission的符号名称,例如“enableSubstitution”等。
        参数
        name - SerializablePermission的名称。
        异常
        NullPointerException - 如果 namenull
        IllegalArgumentException - 如果 name为空。
      • SerializablePermission

        public SerializablePermission​(String name,
                                      String actions)
        创建具有指定名称的新SerializablePermission对象。 该名称是SerializablePermission的符号名称,并且操作String当前未使用,应为null。
        参数
        name - SerializablePermission的名称。
        actions - 当前未使用且必须设置为null
        异常
        NullPointerException - 如果 namenull
        IllegalArgumentException - 如果 name为空。