This class represents access to a path in the JNDI tree. A JndiPermission consists of a pathname and a set of actions valid for that pathname.
Pathname is the pathname of the file or directory granted the specified actions. A pathname that ends in "/*" indicates all the files and directories contained in that directory. A pathname that ends with "/-" indicates (recursively) all files and subdirectories contained in that directory. A pathname consisting of the special token "<<ALL BINDINGS>>" matches
any file.
The actions to be granted are passed to the constructor in an array of {@code Action} instances. The possible actions are "bind", "rebind","unbind", "lookup", "list", "listBindings", and "createSubcontext". Their meaning is defined as follows:
- bind
- Context.bind permission
- rebind
- Context.rebind permission
- unbind
- Context.unbind permission.
- lookup
- Context.lookup permission.
- list
- Context.list permission.
- listBindings
- Context.listBindings permission.
- createSubcontext
- Context.createSubcontext permission.
Be careful when granting JndiPermissions. Think about the implications of granting read and especially write access to various files and directories. The "<<ALL BINDINGS>>" permission with write action is especially dangerous. This grants permission to write to the entire file system. One thing this effectively allows is replacement of the system binary, including the JVM runtime environment.
Please note: Code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.
@author Marianne Mueller
@author Roland Schemers
@author Scott.Stark@jboss.org
@version $Revision: 81310 $
@serial exclude
@see java.security.Permission
@see java.security.Permissions
@see java.security.PermissionCollection