Java Reference
In-Depth Information
2.5.5 Authorization Model
A signed MIDlet suite containing MIDlets which access protected APIs
must explicitly request the required permissions. The MIDP specification
defines two new attributes,
MIDlet-Permissions
and
MIDlet-
Permissions-Opt
, for this purpose. Critical permissions (those that
are required for MIDP access to protected APIs that are essential to the
operation of MIDlets) must be listed under the
MIDlet-Permissions
attribute. Non-critical permissions (those required to access protected
APIs without which the MIDlets can run in a restricted mode) should be
listed under the
MIDlet-Permissions-Opt
attribute.
The
MIDlet-Permissions
and
MIDlet-Permissions-Opt
at-
tributes may appear in the JAD file or the manifest of a signed MIDlet
suite, or in both, in which case their respective values in each must
be identical, but only the values in the manifest are 'protected' by the
signature of the JAR file.
It is important to note that a MIDlet suite that has been installed
as trusted is not granted any permission it has not explicitly requested
in either the
MIDlet-Permissions
or
MIDlet-Permissions-Opt
attributes, irrespective of whether it would be granted were it to be
requested.
The naming scheme for permissions is similar to that for Java package
names. The exact name of a permission to access an API or function is
defined in the specification for that API. For instance, an entry requesting
permission to open HTTP and secure HTTP connections would be as
follows:
MIDlet-Permissions: javax.microedition.io.Connector.http,
javax.microedition.io.Connector.https
The successful authorization of a trusted MIDlet suite requires that the
requested critical permissions are recognized by the device (for instance,
in the case of optional APIs) and are granted, or potentially granted, in
the protection domain to which the MIDlet suite would be bound, were
it to be installed. If either of these requirements cannot be satisfied, the
MIDlet suite is not installed.
2.5.6 Protection Domains
A protection domain is a set of permissions determining access to pro-
tected APIs or functions. A permission is either Allowed, in which case
MIDlets in MIDlet suites bound to this protection domain have automatic
access to this API, or User, in which case permission to access the pro-
tected API or function is requested from the user, who can then grant or
