Code example for Permissions

Methods: add

0
 */ 
public class StandardScriptPermissions extends PermissionCollection {
 
    private static final long serialVersionUID = 1L;
 
    private Permissions perms = new Permissions();
     
    /** 
     * Creates a new instance with the default set of permissions 
     * already added.  
     */ 
    public StandardScriptPermissions() { 
        //the JBoss specific perms that must be set         
        add(new RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo"));
        add(new RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo "));
        add(new RuntimePermission("org.jboss.security.SecurityAssociation.setServer"));
        add(new RuntimePermission("org.jboss.security.SecurityAssociation.setRunAsRole"));
         
        //MBean perms 
        add(new MBeanPermission("*", "*", ObjectName.WILDCARD, "*")); 
         
        //JVM defined runtime perms 
        add(new RuntimePermission("createClassLoader"));
        add(new RuntimePermission("getClassLoader"));
        add(new RuntimePermission("getenv.*"));
        add(new RuntimePermission("getProtectionDomain"));
        add(new RuntimePermission("getFileSystemAttributes"));
        add(new RuntimePermission("readFileDescriptor"));
        add(new RuntimePermission("writeFileDescriptor"));
        add(new RuntimePermission("accessClassInPackage.*"));
        add(new RuntimePermission("defineClassInPackage.*"));
        add(new RuntimePermission("accessDeclaredMembers"));
        add(new RuntimePermission("queuePrintJob"));
        add(new RuntimePermission("getStackTrace"));
        add(new RuntimePermission("preferences"));
         
        //allow the scripts to connect via sockets 
        add(new SocketPermission("*", "connect,accept"));
         
        //allow access to the server's file system. let the file perms  
        //guard what is writeable and what is not. 
        add(new FilePermission("<<ALL FILES>>", "read,write,execute,delete"));
         
        //we don't suppose the serverside scripts to be malevolent, so let's 
        //give them the read access to the system properties. 
        add(new PropertyPermission("*", "read"));
         
        add(new ReflectPermission("suppressAccessChecks"));
         
        //these are required for server-side scripts to be able to  
        //invoke remote EJBs. 
        add(new SerializablePermission("creator"));
        add(new SerializablePermission("allowSerializationReflection"));
        add(new SerializablePermission("enableSubclassImplementation"));
        add(new RuntimePermission("reflectionFactoryAccess"));
 
        //by default allow the scripts access to any credentials of any user 
        //we don't consider the scripts malevolent. 
        add(new PrivateCredentialPermission("* * \"*\"", "read"));
 
        //adding this so that new classes with loggers can be initialized. 
        add(new LoggingPermission("control", null));
    } 
     
    public void add(Permission permission) {
        perms.add(permission);
    } 
 
    public boolean implies(Permission permission) {
        return perms.implies(permission);
    }