|
Class NetIOPermission
public class NetIOPermission implements IPermission,
IEncodablePermission, IAdjustablePermission
{
// Fields
public static final int ALL_API_FLAGS;
public static final int ALLOW;
public static final int ALLOWALL;
public static final int ALLOWBIND;
public static final int ALLOWCONNECT;
public static final int ALLOWMULTICAST;
public static final int BIND;
public static final int CONNECT;
public static final int DENY;
public static final int DENYALL;
public static final int DENYBIND;
public static final int DENYCONNECT;
public static final int DENYMULTICAST;
public static final int HOSTS;
public static final int IPS;
public static final int MULTICAST;
// Constructors
public NetIOPermission ();
// Methods
public void addAddress (int flags, InetAddress addr);
public void addAddress (int flags, InetAddress addr,
IntRanges ports);
public void addAllFormsByName (int flags, String spec,
IntRanges ports);
public void addAllFormsByName (int flags, String spec);
public void addConnectHost (String hostspec, boolean fAllow);
public void addGlobalPortRules (int flags, String spec);
public void addGlobalPorts (int flags, int start, int end);
public void addHost (int flags, String hostspec);
public void addHost (int flags, String hostspec, IntRanges ports);
public void addHostRules (int flags, String spec);
public void addIP (int flags, int addr);
public void addIP (int flags, int addr, IntRanges ports);
public void addIP (int flags, byte[] addr);
public void addIP (int flags, byte[] addr, IntRanges ports);
public void addIPRules (int flags, String spec);
public void addIPs (int flags, int s, int e, IntRanges ports);
public void addIPs (int flags, int s, int e);
public void addIPs (int flags, byte[] s, byte[] e,
IntRanges ports);
public void addIPs (int flags, byte[] s, byte[] e);
public void addPattern (int flags, String spec);
public void addPattern (int flags, String spec, IntRanges ports);
public void adjustPermission (String tag, Object adjustment);
public void check (Object param) throws SecurityException;
public IPermission combine (IPermission source2);
public int compareSet (Object target);
public IPermission copy();
public boolean decode(String tag, InputStream data);
public boolean encode(String tag, OutputStream out);
public boolean getCanConnectToFileURLCodeBase();
public boolean getCanConnectToNonFileURLCodeBase();
public String getGlobalPortRules (int flags);
public IntRanges getGlobalPorts (int flags);
public String getHostRules (int flags);
public WildcardExpression getHosts (int flags);
public String getIPRules (int flags);
public IntRanges getIPs (int flags);
public IntRanges[] getPorts (int flags);
public String mapFormat(String format);
public void reset();
public void setCanConnectToFileURLCodeBase (boolean f);
public void setCanConnectToNonFileURLCodeBase (boolean f);
public String[] supportedFormats();
public String toString();
}
This class represents a permission that controls the ability to perform networking operations. A NetIOPermission object contains components for the following three basic types of network operations:
- CONNECT
- The ability to have general communication with specific hosts.
- BIND
- The ability to accept connections on specific interfaces and ports. The ability to accept a connection from a specific host is controlled by the CONNECT rules.
- MULTICAST
- The ability to join specific multicast groups. Communication with specific members of the multicast group is controlled by the CONNECT rules.
For each type of operation, the permissions are specified as ranges of IP (Internet Protocol) addresses, hostname patterns, and ports. Ports can be specified for individual ranges or patterns, or for all ranges or patterns. The global port rules supercede any individual port rules.
All the permission's operators are incremental. The reset method can be used to clear an existing permission of all components.
The components of the permission can be added individually or one hostname mask/address range/port range at a time. Multiple components can also be added in string format. For example, the string ".microsoft.com;myhost.com" could be used to indicate the specific host named "myhost.com." and all host names that end in ".microsoft.com".
Address ranges have the normal dotted IP form. An asterisk (*) can be used in place of a byte to represent any valid byte. A single address can be specified, or starting and ending ranges can be delimited by a dash.
Port lists must have the same syntax accepted by the string constructors of the com.ms.util.IntRanges class. For example, "80,1024-2000" is a valid port list. Ports can be specified on individual hostname patterns or addresses by appending a colon and a port range. For example, "*.microsoft.com:80" and "1.2.*.*:1024-5000" are both valid port specifications.
For hostnames, multiple addresses and address ranges are delimited by semicolons. For example, "1.2.*.*;4.5.6.7-4.5.6.50" is a valid hostname.
Some of the addXXX methods in this class take a flag parameter that consists of two values combined with a logical OR operator (|). The first value specifies the connection type by using one or more of MULTICAST, BIND, or CONNECT. The second value specifies ALLOW or DENY to indicate whether the address, port, or hostname being added is supposed to use the exclude or include rules. An IllegalArgumentException is thrown by these methods if the arguments don't apply to one or more of the specified types.
The flags can be used to update multiple aspects of the permission with one method call. For example, the following code sample adds "localhost" as a hostname that can be both connected and bound to.
NetIOPermission data;
data.addHost(NetIOPermission.ALLOWALL, "localhost");
The getXXX methods also take a flag parameter that consists of two values combined with a logical OR operator (|). To indicate the connection type, you must specify exactly one of MULTICAST, BIND or CONNECT. If more than one of these is specified, an IllegalArgumentException is thrown. For the second value, you should specify ALLOW or DENY.
For your convenience, combination flags are provided to use for the flag parameters. With these values, you don't have to use the OR (|) operator.
The addXXX methods accept all of the flags in the previous list, but the getXXX methods do not accept the last two.
Hostname masks are input to the permission as strings and retrieved as expressions.
IP addresses are only supported in 32-bit lengths. Addresses are added as integers, byte arrays (for use with the java.net.InetAddress.getAddress method), or as com.ms.util.IntRanges.
The setCanConnectToFileURLCodeBase and setCanConnectToNonFileURLCodeBase methods are used to control whether the permission allows connections to the host from which the classes with the permission were loaded. If set, the permission can be updated with the codebase by the com.ms.security.PermissionDataSet.adjustForCodebase method.
public NetIOPermission ();
Constructs an empty networking permission.
public void addAddress (int flags, InetAddress addr);
Adds an InetAddress object to the permissions with no port rules. The permission will allow access to all ports, unless global rules have been previously specified.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the InetAddress object being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| addr
| The Internet address that the access flags apply to.
|
public void addAddress (int flags, InetAddress addr, IntRanges ports);
Adds an InetAddress object to the permissions with the specified port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the InetAddress object being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
| addr
| The Internet address that the access flags apply to.
| ports
| The ports that apply on the address.
|
public void addAllFormsByName (int flags, String spec, IntRanges ports);
Adds all forms of the specified address. The address is added using the following procedure.
- If the address is in dotted IP form, it will be resolved to a hostname. The hostname and all addresses will be added. If the address cannot be resolved, only the specified address is added.
- If the address is a hostname, it will be resolved to its addresses. The hostname and all addresses will be added. If the hostname cannot be resolved, only the specified hostname is added. The hostname will be added in its fully-qualified form.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| spec
| The textual IP or host specification.
| ports
| The ports that apply to the hosts or IPs.
|
public void addAllFormsByName (int flags, String spec);
Adds all forms of the specified address.
- If the address is in dotted IP form, it will be resolved to a hostname. The hostname and all addresses will be added. If the address cannot be resolved, only the specified address is added.
- If the address is a hostname, it will be resolved to its addresses. The hostname and all addresses will be added. If the hostname cannot be resolved, only the specified hostname is added. The hostname will be added in its fully-qualified form.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| spec
| The textual IP or host specification.
|
public void addConnectHost (String hostspec, boolean fAllow);
Adds an allowed or denied hostname pattern to the connect permissions.
Return Value: No return value.
Parameter | Description |
hostspec
| The host specification.
| fAllow
| If the value is true, allow connections to the specified hosts. If the value is false, explicitly deny connections to the specified hosts.
|
public void addGlobalPortRules (int flags, String spec);
Adds global port rules for the specified connection type.
Return Value: No return value.
Parameter | Description |
flags
| The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the global port rules being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| spec
| The port rules to add.
|
public void addGlobalPorts (int flags, int start, int end);
Adds a global port range for the specified connection types.
Return Value: No return value.
Parameter | Description |
flags
| The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the port range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| start
| The beginning range value.
| end
| The ending range value.
|
public void addHost (int flags, String hostspec);
Adds a hostname pattern to the permissions with no port rules. The permission will allow access to all ports, unless global rules have been previously specified.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| hostspec
| The host specification.
|
public void addHost (int flags, String hostspec, IntRanges ports);
Adds a hostname pattern to the permissions with the specified port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be one of ALLOW or DENY to indicate whether the hostname pattern being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
| hostspec
| The host specification.
| ports
| The ports that apply to the hosts.
|
public void addHostRules (int flags, String spec);
Adds a set of host rules and per-host port rules for the specified access types.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules being added indicate inclusion or exclusion. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
| spec
| The textual host/port specification.
|
public void addIP (int flags, int addr);
Adds a single 32-bit address to the permissions with no port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| addr
| The 32-bit address.
|
public void addIP (int flags, int addr, IntRanges ports);
Adds a single 32-bit address to the permissions with the specified port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
| addr
| The 32-bit address.
| ports
| The ports that apply to this rule.
|
public void addIP (int flags, byte[] addr);
Adds a single address to the permissions with no port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| addr
| The address.
|
public void addIP (int flags, byte[] addr, IntRanges ports);
Adds a single address to the permissions with the specified port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
| addr
| The 32-bit address.
| ports
| The ports that apply to this rule.
|
public void addIPRules (int flags, String spec);
Adds a set of IP rules and per-IP port rules from the string form for the specified access types.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
| spec
| The textual IP/port specification.
|
public void addIPs (int flags, int s, int e, IntRanges ports);
Adds a 32-bit address range to the permissions with the specified port rules and the specified access types.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connect type. The second flag should be either ALLOW or DENY to indicate whether the address range being added should use the include or exclude rules. For convenience, instead of using two flags OR'd together, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
| s
| The starting address in the range.
| e
| The ending address in the range.
| ports
| The ports that apply.
|
public void addIPs (int flags, int s, int e);
Adds a 32-bit address range to the permissions with no port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| s
| The starting address in the range.
| e
| The ending address in the range.
|
public void addIPs (int flags, byte[] s, byte[] e, IntRanges ports);
Adds an address range to the permissions with the specified port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags. The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
| s
| The starting address in the range.
| e
| The ending address in the range.
| ports
| The ports that apply.
|
public void addIPs (int flags, byte[] s, byte[] e);
Adds an address range to the permissions with no port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| s
| The starting address in the range.
| e
| The ending address in the range.
|
public void addPattern (int flags, String spec);
Parses a pattern and adds it to the permission as an IP or host rule, as appropriate.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rule being added indicates inclusion or exclusion. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
| spec
| The textual IP/host specification.
|
public void addPattern (int flags, String spec, IntRanges ports);
Parses a pattern and adds it to the permission as an IP or host rule, as appropriate, with the specified port rules.
Return Value: No return value.
Parameter | Description |
flags
| The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rule being added indicates inclusion or exclusion. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND.
| spec
| The textual IP/host specification.
| ports
| The ports that apply to the hosts or IPs.
|
public void adjustPermission (String tag, Object adjustment);
Adjusts this permission object with some runtime state.
Return Value: No return value.
Parameter | Description |
tag
| The adjustment type. Everything but "codebase" is ignored.
| adjustment
| This parameter must be an instance of java.net.URL for the "codebase" tag.
|
Remarks: The NetIOPermission only responds to the "codebase" adjustment type, and expects the adjustment parameter to be URL in that case. All other adjustment types are ignored.
If the URL is a file:// URL, and this permission allows connection back to the localhost if the cobebase URL is a file:// URL, localhost is added to the set of hosts that this permission allows connections to.
If the URL is not a file:// URL, and this permission allows connections back to non file:// URL hosts, the host of the codebase URL is added to the set of hosts that this permission allows connections to.
public void check (Object param) throws SecurityException;
Determines whether the specified networking I/O operation is allowed by the permission object.
Return Value: No return value.
Parameter | Description |
param
| The security request parameter. It must be an instance of NetIORequest.
|
Exceptions: SecurityException
if this permission does not allow the specified networking operation.
public IPermission combine (IPermission source2);
Creates and returns a new NetIOPermission object that is a combination of the current permission object and the specified permission object. The new object allows access to exactly those resources allowed by either one of the permission objects that it was constructed from.
Return Value: Returns the resulting NetIOPermission object.
Exceptions: IllegalArgumentException
if the specified object to combine with is not an instance of NetIOPermission.
public int compareSet (Object target);
Compares the NetIOPermission instance with a specified permission object.
Return Value: Returns one of the following constants:
Parameter | Description |
target
| The permission object that the NetIOPermission instance is compared with.
|
public IPermission copy();
Retrieves a copy of the NetIOPermission instance.
Return Value: Returns the copy of the NetIOPermission instance.
public boolean decode(String tag, InputStream data);
Decodes the contents of the specified data stream into this permission object. The tag parameter specifies the type of data in the stream.
Return Value: Returns true if the decoding operation succeeded; otherwise, returns false.
Parameter | Description |
tag
| The encoding type identifier.
| data
| The raw data to construct the object from. The type of data is specified by the tag parameter.
|
public boolean encode(String tag, OutputStream out);
Encodes the contents of this permission object and sends the encoded data to the specified stream. The tag parameter specifies the type of encoding that should be used.
Return Value: Returns true if the encoding operation succeeded; otherwise, returns false.
Parameter | Description |
tag
| The encoding type identifier.
| out
| The output stream to send the encoded data to.
|
public boolean getCanConnectToFileURLCodeBase();
Returns the flag that controls whether classes that possess this permission can connect back to the local host if from a file:// URL codebase.
Return Value: Returns true if the permission allows connections back to file:// URL codebase hosts; otherwise, returns false.
public boolean getCanConnectToNonFileURLCodeBase();
Retrieves the flag that controls whether classes that possess this permission can connect back to non-file:// URL codebase hosts.
Return Value: Returns true if the permission allows connections back to non-file:// URL codebase hosts; otherwise, returns false.
public String getGlobalPortRules (int flags);
Obtains the global port rules for the specified connection type in String form.
Return Value: Returns the port ranges in textual form.
Parameter | Description |
flags
| The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
|
public IntRanges getGlobalPorts (int flags);
Obtains the global ports rules for the specified connection type.
Return Value: Returns the port ranges for the connection type.
Parameter | Description |
flags
| The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
|
public String getHostRules (int flags);
Obtains the combined set of hostname patterns and corresponding port rules for the specified connection type, in String form.
Return Value: Returns a String that describes the hosts that apply to the specified connection type.
Parameter | Description |
flags
| The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
|
public WildcardExpression getHosts (int flags);
Obtains a combined pattern that matches all the hostname patterns for the specified connection type.
Return Value: Returns a WildcardExpression that describes the hosts that apply to the specified connection type.
Parameter | Description |
flags
| The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the pattern should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
|
public String getIPRules (int flags);
Obtains the combined set of 32-bit IP ranges and corresponding port rules for the specified connection type, in String form.
Return Value: Returns the string form of the IP ranges that apply to the specified connection type.
Parameter | Description |
flags
| The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit IP ranges should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
|
public IntRanges getIPs (int flags);
Obtains the combined set of 32-bit IP ranges for the specified connection type.
Return Value: Returns the IP ranges that apply to the specified connection type.
Parameter | Description |
flags
| The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the IP ranges should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
|
public IntRanges[] getPorts (int flags);
Obtains the port rules corresponding to each of the hosts or IPs for the specified connection type.
Return Value: Returns the port ranges that apply to the hosts or IPs.
Parameter | Description |
flags
| The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
|
public String mapFormat(String format);
Retrieves a permission-specific tag, given an encoding format. The tag is then used with the encode and decode methods to specify an encoding type.
Return Value: Returns the permission-specific tag that corresponds to the specified format.
Parameter | Description |
format
| The encoding format to retrieve the tag for.
|
public void reset();
Resets the permission state to empty.
Return Value: No return value.
public void setCanConnectToFileURLCodeBase (boolean f);
Sets the flag that controls whether classes that possess this permission can connect to the local host if the codebase URL associated with the classes is a file:// URL.
Return Value: No return value.
Parameter | Description |
f
| If this value is true, the permission will allow connections back to the local host if the codebase URL is a file:// URL.
|
Remarks: If this flag is set to true, a later "codebase" adjustment using the adjustPermission method will include the local host in the set of hosts that this permission can connect to.
public void setCanConnectToNonFileURLCodeBase (boolean f);
Sets the flag that controls whether classes that possess this permission can connect back to their originating host if the codebase URL is not a file:// URL.
Return Value: No return value.
Parameter | Description |
f
| If this value is true, the permission allows connections back to the originating host if the codebase URL is not a file:// URL.
|
Remarks: If this flag is set to true, a later "codebase" adjustment using the adjustPermission method will include the host of the codebase URL to the set of hosts that this permission can connect to.
public String[] supportedFormats();
Retrieves the encoding formats that the permission type supports.
Return Value: Returns an array of the supported format identifiers.
public String toString();
Retrieves a textual representation of the permission object.
Return Value: Returns the string representation of the permission object.
- ALL_API_FLAGS
- A combination of the CONNECT, BIND, and MULTICAST flags.
- ALLOW
- A flag that indicates that some operation should be allowed by this permission.
- ALLOWALL
- A combination of the ALLOW, CONNECT, and BIND flags.
- ALLOWBIND
- A combination of the ALLOW and BIND flags.
- ALLOWCONNECT
- A combination of the ALLOW and CONNECT flags.
- ALLOWMULTICAST
- A combination of the ALLOW and MULTICAST flags.
- BIND
- A flag that indicates an operation that listens on a local port for network connections from other hosts.
- CONNECT
- A flag that indicates a network connection operation.
- DENY
- A flag that indicates that some operation should be denied by this permission.
- DENYALL
- A combination of the DENY, CONNECT, and BIND flags.
- DENYBIND
- A combination of the DENY and BIND flags.
- DENYCONNECT
- A combination of the DENY and CONNECT flags.
- DENYMULTICAST
- A combination of the DENY and MULTICAST flags.
- HOSTS
- A flag that indicates that network computers are identified by host name.
- IPS
- A flag that indicates that network computers are identified by an IP address.
- MULTICAST
- A flag that indicates a multicast socket operation.
|