java.security.Permission
org.tanukisoftware.wrapper.security.WrapperServiceControlPermission
|
|||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
java.lang.Object
WrapperServiceControlPermissions are used to grant the right to start, stop, pause, continue, interrogate, or send custom codes to other services running on a Windows system.
These permissions are inherently quite dangerous so great care should be taken when granting them. When doing so, try to only grant permission to those services which really need to be controlled.
The following are examples of how to specify the permission within a policy file.
grant codeBase "file:../lib/-" {
// Grant various permissions to a specific service.
permission org.tanukisoftware.wrapper.security.WrapperServiceControlPermission "myservice", "interrogate";
permission org.tanukisoftware.wrapper.security.WrapperServiceControlPermission "myservice", "interrogate,start,stop";
permission org.tanukisoftware.wrapper.security.WrapperServiceControlPermission "myservice", "userCode";
permission org.tanukisoftware.wrapper.security.WrapperServiceControlPermission "myservice", "*";
// Grant various permissions to any service starting with "my".
permission org.tanukisoftware.wrapper.security.WrapperServiceControlPermission "my*", "*";
// Let the calling code do anything to any service on the system
permission org.tanukisoftware.wrapper.security.WrapperServiceControlPermission "*", "*";
permission org.tanukisoftware.wrapper.security.WrapperServiceControlPermission "*";
};
Possible actions include the following:
| Permission Action Name | What the Permission Allows | Risks of Allowing this Permission |
|---|---|---|
| start | Start a service which is installed but has not been started. | Malicious code could potentially start any service that is not currently running. This includes services which were previously stopped or that are configured to be started manually. Many Windows systems have several services stopped by default because of the security hazards that they pose. Starting such services could open the system up to attacks related to that service. |
| stop | Stop a service which is currently running. | Malicious code could potentially stop running service. This could result in a denial of service attack if the service is a web or database server. Or it result in more dangerous attacks if the service is a firewall or virus scanner. |
| pause | Pause a service which is currently running. | Malicious code could potentially pause running service. This could result in a denial of service attack if the service is a web or database server. Or it result in more dangerous attacks if the service is a firewall or virus scanner. |
| continue | Continue a service which was previously paused. | Malicious code could resume services which had been paused for a good reason. |
| interrogate | Interrogate a service as to its current state. | Malicious code learn a lot about a system and its weakness by probing which services are currently running. |
| userCode | Send any custom user code to a service. | The danger of this action depends on whether or not the service understands custom user codes, and what it does with them. This could potentially be a very dangerous permission to grant. |
| Field Summary | |
static java.lang.String |
ACTION_CONTINUE
|
static java.lang.String |
ACTION_INTERROGATE
|
static java.lang.String |
ACTION_PAUSE
|
static java.lang.String |
ACTION_START
|
static java.lang.String |
ACTION_STOP
|
static java.lang.String |
ACTION_USER_CODE
|
| Constructor Summary | |
WrapperServiceControlPermission(java.lang.String serviceName)
Creates a new WrapperServiceControlPermission for the specified service. |
|
WrapperServiceControlPermission(java.lang.String serviceName,
java.lang.String actions)
Creates a new WrapperServiceControlPermission for the specified service. |
|
| Method Summary | |
boolean |
equals(java.lang.Object obj)
Checks two Permission objects for equality. |
java.lang.String |
getActions()
Return the canonical string representation of the actions. |
int |
hashCode()
Returns the hash code value for this object. |
boolean |
implies(java.security.Permission p2)
Checks if this WrapperServiceControlPermission object "implies" the specified permission. |
java.security.PermissionCollection |
newPermissionCollection()
Returns an custom WSCCollection implementation of a PermissionCollection. |
| Methods inherited from class java.security.Permission |
checkGuard, getName, toString |
| Methods inherited from class java.lang.Object |
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
| Field Detail |
public static java.lang.String ACTION_START
public static java.lang.String ACTION_STOP
public static java.lang.String ACTION_PAUSE
public static java.lang.String ACTION_CONTINUE
public static java.lang.String ACTION_INTERROGATE
public static java.lang.String ACTION_USER_CODE
| Constructor Detail |
public WrapperServiceControlPermission(java.lang.String serviceName,
java.lang.String actions)
serviceName - The name of the service whose access is being
controlled.actions - The action or actions to be performed.public WrapperServiceControlPermission(java.lang.String serviceName)
serviceName - The name of the service whose access is being
controlled.| Method Detail |
public boolean equals(java.lang.Object obj)
Do not use the equals method for making access control decisions; use the implies method.
obj - The object we are testing for equality with this object.
public java.lang.String getActions()
public boolean implies(java.security.Permission p2)
More specifically, this method returns true if:
p2 - the permission to check against.
public java.security.PermissionCollection newPermissionCollection()
public int hashCode()
|
|||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||