Class NetIOPermission

In this topic

Package com.ms.security.permissions Previous This
Package Next

Class NetIOPermission

public class NetIOPermission implements IPermission, 
            IEncodablePermission, IAdjustablePermission
{
  // Fields
  public static final int ALL_API_FLAGS;
  public static final int ALLOW;
  public static final int ALLOWALL;
  public static final int ALLOWBIND;
  public static final int ALLOWCONNECT;
  public static final int ALLOWMULTICAST;
  public static final int BIND;
  public static final int CONNECT;
  public static final int DENY;
  public static final int DENYALL;
  public static final int DENYBIND;
  public static final int DENYCONNECT;
  public static final int DENYMULTICAST;
  public static final int HOSTS;
  public static final int IPS;
  public static final int MULTICAST;

  // Constructors
  public NetIOPermission ();

  // Methods
  public void addAddress (int flags, InetAddress addr);
  public void addAddress (int flags, InetAddress addr,
        IntRanges ports);
  public void addAllFormsByName (int flags, String spec,
        IntRanges ports);
  public void addAllFormsByName (int flags, String spec);
  public void addConnectHost (String hostspec, boolean fAllow);
  public void addGlobalPortRules (int flags, String spec);
  public void addGlobalPorts (int flags, int start, int end);
  public void addHost (int flags, String hostspec);
  public void addHost (int flags, String hostspec, IntRanges ports);
  public void addHostRules (int flags, String spec);
  public void addIP (int flags, int addr);
  public void addIP (int flags, int addr, IntRanges ports);
  public void addIP (int flags, byte[] addr);
  public void addIP (int flags, byte[] addr, IntRanges ports);
  public void addIPRules (int flags, String spec);
  public void addIPs (int flags, int s, int e, IntRanges ports);
  public void addIPs (int flags, int s, int e);
  public void addIPs (int flags, byte[] s, byte[] e,
        IntRanges ports);
  public void addIPs (int flags, byte[] s, byte[] e);
  public void addPattern (int flags, String spec);
  public void addPattern (int flags, String spec, IntRanges ports);
  public void adjustPermission (String tag, Object adjustment);
  public void check (Object param) throws SecurityException;
  public IPermission combine (IPermission source2);
  public int compareSet (Object target);
  public IPermission copy();
  public boolean decode(String tag, InputStream data);
  public boolean encode(String tag, OutputStream out);
  public boolean getCanConnectToFileURLCodeBase();
  public boolean getCanConnectToNonFileURLCodeBase();
  public String getGlobalPortRules (int flags);
  public IntRanges getGlobalPorts (int flags);
  public String getHostRules (int flags);
  public WildcardExpression getHosts (int flags);
  public String getIPRules (int flags);
  public IntRanges getIPs (int flags);
  public IntRanges[] getPorts (int flags);
  public String mapFormat(String format);
  public void reset();
  public void setCanConnectToFileURLCodeBase (boolean f);
  public void setCanConnectToNonFileURLCodeBase (boolean f);
  public String[] supportedFormats();
  public String toString();
}

This class represents a permission that controls the ability to perform networking operations. A NetIOPermission object contains components for the following three basic types of network operations:

CONNECT: The ability to have general communication with specific hosts.
BIND: The ability to accept connections on specific interfaces and ports. The ability to accept a connection from a specific host is controlled by the CONNECT rules.
MULTICAST: The ability to join specific multicast groups. Communication with specific members of the multicast group is controlled by the CONNECT rules.

For each type of operation, the permissions are specified as ranges of IP (Internet Protocol) addresses, hostname patterns, and ports. Ports can be specified for individual ranges or patterns, or for all ranges or patterns. The global port rules supercede any individual port rules.

All the permission's operators are incremental. The reset method can be used to clear an existing permission of all components.

The components of the permission can be added individually or one hostname mask/address range/port range at a time. Multiple components can also be added in string format. For example, the string ".microsoft.com;myhost.com" could be used to indicate the specific host named "myhost.com." and all host names that end in ".microsoft.com".

Address ranges have the normal dotted IP form. An asterisk (*) can be used in place of a byte to represent any valid byte. A single address can be specified, or starting and ending ranges can be delimited by a dash.

Port lists must have the same syntax accepted by the string constructors of the com.ms.util.IntRanges class. For example, "80,1024-2000" is a valid port list. Ports can be specified on individual hostname patterns or addresses by appending a colon and a port range. For example, "*.microsoft.com:80" and "1.2.*.*:1024-5000" are both valid port specifications.

For hostnames, multiple addresses and address ranges are delimited by semicolons. For example, "1.2.*.*;4.5.6.7-4.5.6.50" is a valid hostname.

Some of the addXXX methods in this class take a flag parameter that consists of two values combined with a logical OR operator (|). The first value specifies the connection type by using one or more of MULTICAST, BIND, or CONNECT. The second value specifies ALLOW or DENY to indicate whether the address, port, or hostname being added is supposed to use the exclude or include rules. An IllegalArgumentException is thrown by these methods if the arguments don't apply to one or more of the specified types.

The flags can be used to update multiple aspects of the permission with one method call. For example, the following code sample adds "localhost" as a hostname that can be both connected and bound to.


     NetIOPermission data;
     data.addHost(NetIOPermission.ALLOWALL, "localhost");

The getXXX methods also take a flag parameter that consists of two values combined with a logical OR operator (|). To indicate the connection type, you must specify exactly one of MULTICAST, BIND or CONNECT. If more than one of these is specified, an IllegalArgumentException is thrown. For the second value, you should specify ALLOW or DENY.

For your convenience, combination flags are provided to use for the flag parameters. With these values, you don't have to use the OR (|) operator.

The addXXX methods accept all of the flags in the previous list, but the getXXX methods do not accept the last two.

Hostname masks are input to the permission as strings and retrieved as expressions.

IP addresses are only supported in 32-bit lengths. Addresses are added as integers, byte arrays (for use with the java.net.InetAddress.getAddress method), or as com.ms.util.IntRanges.

The setCanConnectToFileURLCodeBase and setCanConnectToNonFileURLCodeBase methods are used to control whether the permission allows connections to the host from which the classes with the permission were loaded. If set, the permission can be updated with the codebase by the com.ms.security.PermissionDataSet.adjustForCodebase method.

Constructors

NetIOPermission

public NetIOPermission ();
Constructs an empty networking permission.

Methods

addAddress

public void addAddress (int flags, InetAddress addr);
Adds an InetAddress object to the permissions with no port rules. The permission will allow access to all ports, unless global rules have been previously specified.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the InetAddress object being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
addr The Internet address that the access flags apply to.

addAddress

public void addAddress (int flags, InetAddress addr, IntRanges ports);
Adds an InetAddress object to the permissions with the specified port rules.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the InetAddress object being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
addr The Internet address that the access flags apply to.
ports The ports that apply on the address.

addAllFormsByName

public void addAllFormsByName (int flags, String spec, IntRanges ports);
Adds all forms of the specified address. The address is added using the following procedure.
If the address is in dotted IP form, it will be resolved to a hostname. The hostname and all addresses will be added. If the address cannot be resolved, only the specified address is added.
If the address is a hostname, it will be resolved to its addresses. The hostname and all addresses will be added. If the hostname cannot be resolved, only the specified hostname is added. The hostname will be added in its fully-qualified form.

Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
spec The textual IP or host specification.
ports The ports that apply to the hosts or IPs.

addAllFormsByName

public void addAllFormsByName (int flags, String spec);
Adds all forms of the specified address.
If the address is in dotted IP form, it will be resolved to a hostname. The hostname and all addresses will be added. If the address cannot be resolved, only the specified address is added.
If the address is a hostname, it will be resolved to its addresses. The hostname and all addresses will be added. If the hostname cannot be resolved, only the specified hostname is added. The hostname will be added in its fully-qualified form.

Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
spec The textual IP or host specification.

addConnectHost

public void addConnectHost (String hostspec, boolean fAllow);
Adds an allowed or denied hostname pattern to the connect permissions.
Return Value:
No return value.

Parameter Description

hostspec The host specification.
fAllow If the value is true, allow connections to the specified hosts. If the value is false, explicitly deny connections to the specified hosts.

addGlobalPortRules

public void addGlobalPortRules (int flags, String spec);
Adds global port rules for the specified connection type.
Return Value:
No return value.

Parameter Description

flags The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the global port rules being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
spec The port rules to add.

addGlobalPorts

public void addGlobalPorts (int flags, int start, int end);
Adds a global port range for the specified connection types.
Return Value:
No return value.

Parameter Description

flags The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the port range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
start The beginning range value.
end The ending range value.

addHost

public void addHost (int flags, String hostspec);
Adds a hostname pattern to the permissions with no port rules. The permission will allow access to all ports, unless global rules have been previously specified.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
hostspec The host specification.

addHost

public void addHost (int flags, String hostspec, IntRanges ports);
Adds a hostname pattern to the permissions with the specified port rules.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be one of ALLOW or DENY to indicate whether the hostname pattern being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
hostspec The host specification.
ports The ports that apply to the hosts.

addHostRules

public void addHostRules (int flags, String spec);
Adds a set of host rules and per-host port rules for the specified access types.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules being added indicate inclusion or exclusion. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
spec The textual host/port specification.

addIP

public void addIP (int flags, int addr);
Adds a single 32-bit address to the permissions with no port rules.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
addr The 32-bit address.

addIP

public void addIP (int flags, int addr, IntRanges ports);
Adds a single 32-bit address to the permissions with the specified port rules.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
addr The 32-bit address.
ports The ports that apply to this rule.

addIP

public void addIP (int flags, byte[] addr);
Adds a single address to the permissions with no port rules.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
addr The address.

addIP

public void addIP (int flags, byte[] addr, IntRanges ports);
Adds a single address to the permissions with the specified port rules.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
addr The 32-bit address.
ports The ports that apply to this rule.

addIPRules

public void addIPRules (int flags, String spec);
Adds a set of IP rules and per-IP port rules from the string form for the specified access types.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
spec The textual IP/port specification.

addIPs

public void addIPs (int flags, int s, int e, IntRanges ports);
Adds a 32-bit address range to the permissions with the specified port rules and the specified access types.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connect type. The second flag should be either ALLOW or DENY to indicate whether the address range being added should use the include or exclude rules. For convenience, instead of using two flags OR'd together, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
s The starting address in the range.
e The ending address in the range.
ports The ports that apply.

addIPs

public void addIPs (int flags, int s, int e);
Adds a 32-bit address range to the permissions with no port rules.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
s The starting address in the range.
e The ending address in the range.

addIPs

public void addIPs (int flags, byte[] s, byte[] e, IntRanges ports);
Adds an address range to the permissions with the specified port rules.
Return Value:
No return value.

Parameter Description

flags The access flags. The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.
s The starting address in the range.
e The ending address in the range.
ports The ports that apply.

addIPs

public void addIPs (int flags, byte[] s, byte[] e);
Adds an address range to the permissions with no port rules.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the address range being added should use the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
s The starting address in the range.
e The ending address in the range.

addPattern

public void addPattern (int flags, String spec);
Parses a pattern and adds it to the permission as an IP or host rule, as appropriate.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, MULTICAST, or ALL_API_FLAGS to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rule being added indicates inclusion or exclusion. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.
spec The textual IP/host specification.

addPattern

public void addPattern (int flags, String spec, IntRanges ports);
Parses a pattern and adds it to the permission as an IP or host rule, as appropriate, with the specified port rules.
Return Value:
No return value.

Parameter Description

flags The access flags, which consist of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rule being added indicates inclusion or exclusion. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWALL, DENYALL, ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND.
spec The textual IP/host specification.
ports The ports that apply to the hosts or IPs.

adjustPermission

public void adjustPermission (String tag, Object adjustment);
Adjusts this permission object with some runtime state.
Return Value:
No return value.

Parameter Description

tag The adjustment type. Everything but "codebase" is ignored.
adjustment This parameter must be an instance of java.net.URL for the "codebase" tag.

Remarks:
The NetIOPermission only responds to the "codebase" adjustment type, and expects the adjustment parameter to be URL in that case. All other adjustment types are ignored.
If the URL is a file:// URL, and this permission allows connection back to the localhost if the cobebase URL is a file:// URL, localhost is added to the set of hosts that this permission allows connections to.
If the URL is not a file:// URL, and this permission allows connections back to non file:// URL hosts, the host of the codebase URL is added to the set of hosts that this permission allows connections to.

check

public void check (Object param) throws SecurityException;
Determines whether the specified networking I/O operation is allowed by the permission object.
Return Value:
No return value.

Parameter Description

param The security request parameter. It must be an instance of NetIORequest.

Exceptions:
SecurityException if this permission does not allow the specified networking operation.

combine

public IPermission combine (IPermission source2);
Creates and returns a new NetIOPermission object that is a combination of the current permission object and the specified permission object. The new object allows access to exactly those resources allowed by either one of the permission objects that it was constructed from.
Return Value:
Returns the resulting NetIOPermission object.

Parameter Description

source2 The NetIOPermission to combine with.

Exceptions:
IllegalArgumentException if the specified object to combine with is not an instance of NetIOPermission.

compareSet

public int compareSet (Object target);
Compares the NetIOPermission instance with a specified permission object.
Return Value:
Returns one of the following constants:
DISJOINT
EMPTY
OVERLAP
EQUAL
SUBSET
SUPERSET
EMPTY_SUBSET
EMPTY_SUPERSET

Parameter Description

target The permission object that the NetIOPermission instance is compared with.

copy

public IPermission copy();
Retrieves a copy of the NetIOPermission instance.
Return Value:
Returns the copy of the NetIOPermission instance.

decode

public boolean decode(String tag, InputStream data);
Decodes the contents of the specified data stream into this permission object. The tag parameter specifies the type of data in the stream.
Return Value:
Returns true if the decoding operation succeeded; otherwise, returns false.

Parameter Description

tag The encoding type identifier.
data The raw data to construct the object from. The type of data is specified by the tag parameter.

encode

public boolean encode(String tag, OutputStream out);
Encodes the contents of this permission object and sends the encoded data to the specified stream. The tag parameter specifies the type of encoding that should be used.
Return Value:
Returns true if the encoding operation succeeded; otherwise, returns false.

Parameter Description

tag The encoding type identifier.
out The output stream to send the encoded data to.

getCanConnectToFileURLCodeBase

public boolean getCanConnectToFileURLCodeBase();
Returns the flag that controls whether classes that possess this permission can connect back to the local host if from a file:// URL codebase.
Return Value:
Returns true if the permission allows connections back to file:// URL codebase hosts; otherwise, returns false.

getCanConnectToNonFileURLCodeBase

public boolean getCanConnectToNonFileURLCodeBase();
Retrieves the flag that controls whether classes that possess this permission can connect back to non-file:// URL codebase hosts.
Return Value:
Returns true if the permission allows connections back to non-file:// URL codebase hosts; otherwise, returns false.

getGlobalPortRules

public String getGlobalPortRules (int flags);
Obtains the global port rules for the specified connection type in String form.
Return Value:
Returns the port ranges in textual form.

Parameter Description

flags The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.

getGlobalPorts

public IntRanges getGlobalPorts (int flags);
Obtains the global ports rules for the specified connection type.
Return Value:
Returns the port ranges for the connection type.

Parameter Description

flags The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.

getHostRules

public String getHostRules (int flags);
Obtains the combined set of hostname patterns and corresponding port rules for the specified connection type, in String form.
Return Value:
Returns a String that describes the hosts that apply to the specified connection type.

Parameter Description

flags The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.

getHosts

public WildcardExpression getHosts (int flags);
Obtains a combined pattern that matches all the hostname patterns for the specified connection type.
Return Value:
Returns a WildcardExpression that describes the hosts that apply to the specified connection type.

Parameter Description

flags The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the pattern should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.

getIPRules

public String getIPRules (int flags);
Obtains the combined set of 32-bit IP ranges and corresponding port rules for the specified connection type, in String form.
Return Value:
Returns the string form of the IP ranges that apply to the specified connection type.

Parameter Description

flags The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be either BIND or CONNECT to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the 32-bit IP ranges should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, or DENYBIND.

getIPs

public IntRanges getIPs (int flags);
Obtains the combined set of 32-bit IP ranges for the specified connection type.
Return Value:
Returns the IP ranges that apply to the specified connection type.

Parameter Description

flags The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the IP ranges should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.

getPorts

public IntRanges[] getPorts (int flags);
Obtains the port rules corresponding to each of the hosts or IPs for the specified connection type.
Return Value:
Returns the port ranges that apply to the hosts or IPs.

Parameter Description

flags The connection type, which consists of two separate flags combined with a logical OR operator (|). The first flag should be BIND, CONNECT, or MULTICAST to specify the connection type. The second flag should be either ALLOW or DENY to indicate whether the rules should be obtained using the include or exclude rules. For convenience, instead of using the logical OR operator with the two flags, you can use one of the combination flags: ALLOWCONNECT, DENYCONNECT, ALLOWBIND, DENYBIND, ALLOWMULTICAST, or DENYMULTICAST.

mapFormat

public String mapFormat(String format);
Retrieves a permission-specific tag, given an encoding format. The tag is then used with the encode and decode methods to specify an encoding type.
Return Value:
Returns the permission-specific tag that corresponds to the specified format.

Parameter Description

format The encoding format to retrieve the tag for.

reset

public void reset();
Resets the permission state to empty.
Return Value:
No return value.

setCanConnectToFileURLCodeBase

public void setCanConnectToFileURLCodeBase (boolean f);
Sets the flag that controls whether classes that possess this permission can connect to the local host if the codebase URL associated with the classes is a file:// URL.

Return Value:
No return value.

Parameter Description

f If this value is true, the permission will allow connections back to the local host if the codebase URL is a file:// URL.

Remarks:
If this flag is set to true, a later "codebase" adjustment using the adjustPermission method will include the local host in the set of hosts that this permission can connect to.

setCanConnectToNonFileURLCodeBase

public void setCanConnectToNonFileURLCodeBase (boolean f);
Sets the flag that controls whether classes that possess this permission can connect back to their originating host if the codebase URL is not a file:// URL.

Return Value:
No return value.

Parameter Description

f If this value is true, the permission allows connections back to the originating host if the codebase URL is not a file:// URL.

Remarks:
If this flag is set to true, a later "codebase" adjustment using the adjustPermission method will include the host of the codebase URL to the set of hosts that this permission can connect to.

supportedFormats

public String[] supportedFormats();
Retrieves the encoding formats that the permission type supports.
Return Value:
Returns an array of the supported format identifiers.

toString

public String toString();
Retrieves a textual representation of the permission object.
Return Value:
Returns the string representation of the permission object.

Fields

ALL_API_FLAGS: A combination of the CONNECT, BIND, and MULTICAST flags.
ALLOW: A flag that indicates that some operation should be allowed by this permission.
ALLOWALL: A combination of the ALLOW, CONNECT, and BIND flags.
ALLOWBIND: A combination of the ALLOW and BIND flags.
ALLOWCONNECT: A combination of the ALLOW and CONNECT flags.
ALLOWMULTICAST: A combination of the ALLOW and MULTICAST flags.
BIND: A flag that indicates an operation that listens on a local port for network connections from other hosts.
CONNECT: A flag that indicates a network connection operation.
DENY: A flag that indicates that some operation should be denied by this permission.
DENYALL: A combination of the DENY, CONNECT, and BIND flags.
DENYBIND: A combination of the DENY and BIND flags.
DENYCONNECT: A combination of the DENY and CONNECT flags.
DENYMULTICAST: A combination of the DENY and MULTICAST flags.
HOSTS: A flag that indicates that network computers are identified by host name.
IPS: A flag that indicates that network computers are identified by an IP address.
MULTICAST: A flag that indicates a multicast socket operation.