Java in a Nutshell, 5th Edition [Electronic resources]

نسخه متنی -صفحه : 1191/ 176

SerializablePermission

java.io

Java 1.2

serializable permission

This class is a java.security.Permission that governs the use of certain sensitive features of serialization. SerializablePermission objects have a name, or target, but do not have an action list. The name "enableSubclassImplementation" represents permission to serialize and deserialize objects using subclasses of ObjectOutputStream and ObjectInputStream. This capability is protected by a permission because malicious code can define object stream subclasses that incorrectly serialize and deserialize objects.

The only other name supported by SerializablePermission is "enableSubstitution," which represents permission for one object to be substituted for another during serialization or deserialization. Permission of this type is required by the ObjectOutputStream.enableReplaceObject( ) and ObjectInputStream.enableResolveObject( ) methods.

Applications never need to use this class. Programmers writing system-level code may use it, and system administrators configuring security policies should be familiar with it.

Figure 9-56. java.io.SerializablePermission

public final class

SerializablePermission extends java.security.BasicPermission { // Public Constructors public

SerializablePermission (String

name ); public

SerializablePermission (String

name , String

actions ); }

Type Of

ObjectStreamConstants.{SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION}