Java OOPS Java 8
DBMS Interview Part 1 DBMS Interview Part 2 SQL Interview Part 1 SQL Interview Part 2 SQL Query Interview Part 3 Hibernate Interview JPA Interview Java Coding Interview GIT Interview command
Mysql Oracle MongoDb
Searching Sorting Matrix Graph Dynamic Programming Tree Backtracking Greedy Recursion
Array Queue Stack Linklist Vector
Hackerrank HackerEarth Leetcode CSES
Number Theory Math Conversion
Basic Programming 1 Basic Programming 2 Base Conversion Infix, Postfix, Prefix Conversion File Handling
Redis Part 1 Redis Part 2 Redis Part 3 Redis Part 4 Redis Part 5 Redis Part 6 Redis Part 7 Redis Part 8
Spring Boot Quarkus

SerializablePermission in Java

java.io.SerializablePermission

This class is for Serializable permissions. A SerializablePermissioncontains a name (also referred to as a "target name") but an actions list; you either have the named permission or you don't.

The target name is the name of the Serializable permission.

1. Permission Target Name: enableSubclassImplementation

What the Permission Allows: Subclass implementation of ObjectOutputStream or ObjectInputStreamto override the default serialization or deserialization, respectively, of objects

Risks of Allowing this Permission: Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserialization it could, for example, deserialize a class with all its private fields zeroed out.

2. Permission Target Name: enableSubstitution

What the Permission Allows: Substitution of one object for another during serialization or deserialization.

Risks of Allowing this Permission: This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data.

3. Permission Target Name: serialFilter

What the Permission Allows: Setting a filter for ObjectInputStreams.

Risks of Allowing this Permission: Code could remove a configured filter and remove protections already established.


Methods of SerializablePermission class

1. SerializablePermission(String name)

Syntax:

java.io.SerializablePermission.SerializablePermission(String name)

This method takes one argument. This method creates a new SerializablePermission with the specified name. The name is the symbolic name of the SerializablePermission, such as"enableSubstitution", etc.

Parameters: One parameter is required for this method.

name: the name of the SerializablePermission.

Throws:

1. NullPointerException - if the name is null.

2. IllegalArgumentException - if the name is empty.


Approach 1: When no exception

Java

import java.io.SerializablePermission;

public class SerializablePermission1 {
    public static void main(String[] args) {
        String name = "read";
        SerializablePermission serializablePermission = 
                   new SerializablePermission(name);

        System.out.println(serializablePermission);
    }
}

Output:

("java.io.SerializablePermission" "read")


Approach 2: NullPointerException 

Java

package com.SerializablePermission;

import java.io.SerializablePermission;

public class SerializablePermission1 {
    public static void main(String[] args) {
        String name = null;
        SerializablePermission serializablePermission =
                       new SerializablePermission(name);

        System.out.println(serializablePermission);
    }
}

Output:

Exception in thread "main" java.lang.NullPointerException: name can't be null
	at java.base/java.security.BasicPermission.init(BasicPermission.java:89)
	at java.base/java.security.BasicPermission.<init>(BasicPermission.java:131)
	at java.base/java.io.SerializablePermission.<init>(SerializablePermission.java:124)
	at com.SerializablePermission.SerializablePermission1.main(SerializablePermission1.java:8)


Approach 1: IllegalArgumentException

Java

package com.SerializablePermission;

import java.io.SerializablePermission;

public class SerializablePermission1 {
    public static void main(String[] args) {
        String name = "";
        SerializablePermission serializablePermission = 
                     new SerializablePermission(name);

        System.out.println(serializablePermission);
    }
}

Output:

Exception in thread "main" java.lang.IllegalArgumentException: name can't be empty
	at java.base/java.security.BasicPermission.init(BasicPermission.java:94)
	at java.base/java.security.BasicPermission.<init>(BasicPermission.java:131)
	at java.base/java.io.SerializablePermission.<init>(SerializablePermission.java:124)
	at com.SerializablePermission.SerializablePermission1.main(SerializablePermission1.java:8)


2. SerializablePermission(String name, String actions)

Syntax:

java.io.SerializablePermission.SerializablePermission(String name, String actions)

This method takes two arguments. This method creates a new SerializablePermission object with the specified name. The name is the symbolic name of the SerializablePermission, and the actions String is currently unused and should be null.

Parameters: Two parameters are required for this method.

name: the name of the SerializablePermission.

actions: currently unused and must be set to null.

Throws:

1. NullPointerException - if the name is null.

2. IllegalArgumentException - if the name is empty.


Approach 1: When no exception

Java

import java.io.SerializablePermission;

public class SerializablePermission2 {
    public static void main(String[] args) {
        String name = "read", actions = "write";
        SerializablePermission serializablePermission =
               new SerializablePermission(name, actions);

        System.out.println(serializablePermission);
    }
}

Output:

("java.io.SerializablePermission" "read")


Approach 2: NullPointerException 

Java

package com.SerializablePermission;

import java.io.SerializablePermission;

public class SerializablePermission2 {
    public static void main(String[] args) {
        String name = null, actions = "write";
        SerializablePermission serializablePermission = 
                    new SerializablePermission(name, actions);

        System.out.println(serializablePermission);
    }
}

Output:

Exception in thread "main" java.lang.NullPointerException: name can't be null
	at java.base/java.security.BasicPermission.init(BasicPermission.java:89)
	at java.base/java.security.BasicPermission.<init>(BasicPermission.java:148)
	at java.base/java.io.SerializablePermission.<init>(SerializablePermission.java:141)
	at com.SerializablePermission.SerializablePermission2.main(SerializablePermission2.java:8)


Approach 3: IllegalArgumentException 

Java

package com.SerializablePermission;

import java.io.SerializablePermission;

public class SerializablePermission2 {
    public static void main(String[] args) {
        String name = "", actions = "write";
        SerializablePermission serializablePermission =
                new SerializablePermission(name, actions);

        System.out.println(serializablePermission);
    }
}

Output:

Exception in thread "main" java.lang.IllegalArgumentException: name can't be empty
	at java.base/java.security.BasicPermission.init(BasicPermission.java:94)
	at java.base/java.security.BasicPermission.<init>(BasicPermission.java:148)
	at java.base/java.io.SerializablePermission.<init>(SerializablePermission.java:141)
	at com.SerializablePermission.SerializablePermission2.main(SerializablePermission2.java:8)


No comments:

Post a Comment

Subscribe to: Post Comments (Atom)