一、概述
Permissions代表一组授予或撤销的在ant运行的JVM中执行特定的部分代码的安全许可。许可是通过一组嵌套的元素grant或者revoke指定的。在基本情况下,授予一组基本许可。授予的许可可以同过撤销许可被否决。如果许可的代码尝试使用未被授予的许可或者被撤销的许可,安全管理器将会抛出SecurityException异常。
二、属性
class:权限类的完全限定名。
name:许可的名称。实际的内容依赖于权限类。
actions:允许的操作,实际的内容依赖于权限类和名称。
permissions隐式的包含以下许可,如果需要可以通过revoke元素撤销这些许可:
<grant class="java.net.SocketPermission" name="localhost:1024-" actions="listen">
<grant class="java.util.PropertyPermission" name="java.version" actions="read">
<grant class="java.util.PropertyPermission" name="java.vendor" actions="read">
<grant class="java.util.PropertyPermission" name="java.vendor.url" actions="read">
<grant class="java.util.PropertyPermission" name="java.class.version" actions="read">
<grant class="java.util.PropertyPermission" name="os.name" actions="read">
<grant class="java.util.PropertyPermission" name="os.version" actions="read">
<grant class="java.util.PropertyPermission" name="os.arch" actions="read">
<grant class="java.util.PropertyPermission" name="file.encoding" actions="read">
<grant class="java.util.PropertyPermission" name="file.separator" actions="read">
<grant class="java.util.PropertyPermission" name="path.separator" actions="read">
<grant class="java.util.PropertyPermission" name="line.separator" actions="read">
<grant class="java.util.PropertyPermission" name="java.specification.version" actions="read">
<grant class="java.util.PropertyPermission" name="java.specification.vendor" actions="read">
<grant class="java.util.PropertyPermission" name="java.specification.name" actions="read">
<grant class="java.util.PropertyPermission" name="java.vm.specification.version" actions="read">
<grant class="java.util.PropertyPermission" name="java.vm.specification.vendor" actions="read">
<grant class="java.util.PropertyPermission" name="java.vm.specification.name" actions="read">
<grant class="java.util.PropertyPermission" name="java.vm.version" actions="read">
<grant class="java.util.PropertyPermission" name="java.vm.vendor" actions="read">
<grant class="java.util.PropertyPermission" name="java.vm.name" actions="read">
三、简单示例
<permissions>
<grant class="java.net.SocketPermission" name="foo.bar.com" action="connect"/>
<grant class="java.util.PropertyPermission" name="user.home" action="read,write"/>
<grant class="java.security.AllPermission"/>
<revoke class="java.util.PropertyPermission"/>
</permissions>