This class is a java.security.Permission that governs read and write access to system properties with System.getProperty( ) and System.setProperty( ). A PropertyPermission object has a name, or target, and a comma-separated list of actions. The name of the permission is the name of the property of interest. The action string can be "read" for getProperty( ) access, "write" for setProperty( ) access, or "read,write" for both types of access. PropertyPermission extends java.security.BasicPermission, so the name of the property supports simple wildcards. The name "*" represents any property name. If a name ends with ".*", it represents any property names that share the specified prefix. For example, the name "java.*" represents "java.version", "java.vendor", "java.vendor.url", and all other properties that begin with "java".

Granting access to system properties is not overtly dangerous, but caution is still necessary. Some properties, such as "user.home", reveal details about the host system that malicious code can use to mount an attack. Programmers writing system-level code and system administrators configuring security policies may need to use this class, but applications never need to use it.

Figure 16-49. java.util.PropertyPermission

public final class PropertyPermission extends java.security.BasicPermission {
// Public Constructors
     public PropertyPermission(String name, String actions);  
// Public Methods Overriding BasicPermission
     public boolean equals(Object obj);  
     public String getActions( );  
     public int hashCode( );  
     public boolean implies(java.security.Permission p);  
     public java.security.PermissionCollection newPermissionCollection( );  
}