Java Reference
In-Depth Information
access control for such resources. Utilization of the
SocketPermission
was prob-
lematic because this permission is unable to distinguish between HTTP connections,
and some other TCP connection that may not be permitted.
SocketPermission
s
also operate in terms of IP addresses, rather than host names. This limitation prevents
access control given a specified host name, rather than a single IP address. In the case
where more than one virtual server is being hosted at the same IP address, only one
could be accessed using a
SocketPermission
, whereas many could be accessed if
host name resolution were possible.
The
java.net.URLPermission
was introduced with the release of Java 8,
solving some of the issues that were presented with the use of the
SocketPermis-
sion
. The
java.net.URLPermission
class is used to represent permission for
access to a resource or set of resources that are defined by a specified URL. Along with
the specification of a URL, the required HTTP access can be specified via user-defin-
able setters and request headers. As such, the
URLPermission
class contains two
constructors, one that accepts a string-based URL, and the other that accepts a string-
based URL and a string of actions.
The URL that is passed to the
URLPermission
class can be in multiple formats,
so the string may vary depending on what resource is being accessed. In its simplest
format, the URL should use the following format:
scheme://authority/path
Eg.("
http://www.apress.com/*
"
)
The scheme of a URL is usually
http
or
https
, but it is not restricted. The
au-
thority
can contain a number of details. At the minimum, the authority will be the
host name of the remote resource. However, it could also contain user information, host
range, and/or port range. If specified, the optional user information would be a priv-
ileged username followed by the
@
character.
The host range is specified via a fully qualified DNS name, along with IPv4 ad-
dress or IPv6 address portions, each separated by a (
.
). The host range DNS name may
contain a wildcard character (
*
) to indicate portions of a DNS name. For example, you
can use the following to indicate a host name that matches only the rightmost domain
labels:
"*.apress.com"
.
The port range portion of the URL is used to specify a single port number or a
bounded or unbounded range of ports that the permission grants access against. Any in-
valid port number or range will result in the use of the default port of 80 for HTTP or
