Name
SerializablePermission
Synopsis
This
class is a
java.security.Permission that governs the use of
certain sensitive features of serialization.
SerializablePermission objects have a name, or
target, but do not have an action list. The name
“enableSubclassImplementation”
represents permission to serialize and deserialize objects using
subclasses of ObjectOutputStream and
ObjectInputStream. This capability is protected by
a permission because malicious code can define object stream
subclasses that incorrectly serialize and deserialize objects.
The only other name supported by
SerializablePermission is
“enableSubstitution,” which
represents permission for one object to be substituted for another
during serialization or deserialization. Permission of this type is
required by the ObjectOutputStream.enableReplaceObject(
) and ObjectInputStream.enableResolveObject(
) methods.
Applications never need to use this class. Programmers writing system-level code may use it, and system administrators configuring security policies should be familiar with it.
Figure 9-56. java.io.SerializablePermission
public final class SerializablePermission extends java.security.BasicPermission { // Public Constructors public SerializablePermission(String name); public SerializablePermission(String name, String actions); }
Type Of
ObjectStreamConstants.{SUBCLASS_IMPLEMENTATION_PERMISSION,
SUBSTITUTION_PERMISSION} ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access