Java permission reference

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

What you need to know about Java permission policies

If you are developing Java Callout policies, you need to know which permission policies are in effect in the Apigee JVM and how they will affect your code. For example, your custom Java code does not have unlimited access to the file system. However, in the case of file system access, you can read certain files, such as policy resource files. But most other file system access is blocked. This topic lists all of JDK permission types and their respective targets or actions. For each target or action, we specify the permission policy and any exceptions that you need to know about.

To learn more about the JDK permission types and what each permission allows, see Permissions in the Java Development Kit (JDK).

Permission Type Target or Action Name Permission Granted
java.awt.AWTPermission
accessClipboard NO
accessEventQueue NO
accessSystemTray NO
createRobot NO
fullScreenExclusive NO
listenToAllAWTEvents NO
readDisplayPixels NO
replaceKeyboardFocusManager NO
setAppletStub NO
setWindowsAlwaysOnTop NO
showWindowWithoutWarningBanner NO
toolkitModality NO
watchMousePointer NO
java.io.FilePermission

A java.io.FilePermission represents access to a file or directory. A FilePermission consists of a pathname and a set of actions valid for that pathname.
read YES but restrictions apply. See Restrictions.
write NO
execute NO
delete NO
readLink YES
java.io.SerializablePermission

A SerializablePermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
enableSubclassImplementation YES
enableSubstitution NO
java.lang.management.ManagementPermission

Methods defined in the management interface for the Java platform
control NO
monitor NO
java.lang.reflect.ReflectPermission

For reflective operations. A ReflectPermission is a named permission and has no actions
suppressAccessChecks NO
newProxyInPackage.{package name} NO
java.lang.RuntimePermission

Contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
createClassLoader NO
getClassLoader YES
setContextClassLoader YES
enableContextClassLoaderOverride YES
closeClassLoader NO
setSecurityManager NO
createSecurityManager NO
getenv.{variable name} NO
exitVM.{exit status} NO
shutdownHooks NO
setFactory NO
setIO NO
modifyThread YES
stopThread YES
modifyThreadGroup YES
getProtectionDomain YES
getFileSystemAttributes NO
readFileDescriptor YES
writeFileDescriptor NO
loadLibrary.{library name} NO
accessClassInPackage. {package name} YES
defineClassInPackage. {package name} NO
accessDeclaredMembers NO
queuePrintJob NO
getStackTrace NO
setDefaultUncaughtExceptionHandler NO
preferences NO
usePolicy NO
java.net.NetPermission

A NetPermission contains a name but no actions list; you either have the named permission or you don't.
setDefaultAuthenticator NO
requestPasswordAuthentication NO
specifyStreamHandler YES
setProxySelector NO
getProxySelector NO
setCookieHandler NO
getCookieHandler NO
setResponseCache NO
getResponseCache NO
getNetworkInformation NO
java.net.SocketPermission

Represents access to a network via sockets. A SocketPermission consists of a host specification and a set of "actions" specifying ways to connect to that host.
host = (hostname | IPaddress)[:portrange]
portrange = portnumber | -portnumber | portnumber-[portnumber]

The possible ways to connect to the host are

accept
connect
listen
resolve

The "listen" action is only meaningful when used with "localhost". The "resolve" (resolve host/ip name service lookups) action is implied when any of the other actions are present.
resolve YES
connect

YES but restrictions apply. See Restrictions.

Apigee restricts access to sitelocal, anylocal, loopback, and linklocal addresses.

listen,
accept
NO
java.net.URLPermission

Represents permission to access a resource or set of resources defined by a given url, and for a given set of user-settable request methods and request headers. The name of the permission is the url string. The actions string is a concatenation of the request methods and headers. The range of method and header names is not restricted by this class.
YES
LinkPermission

The Permission class for link creation operations.
hard NO
symbolic NO
java.security.SecurityPermission

A SecurityPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
The target name is the name of a security configuration parameter (see below). Currently the SecurityPermission object is used to guard access to the Policy, Security, Provider, Signer, and Identity objects.
createAccessControlContext NO
getDomainCombiner NO
getPolicy NO
setPolicy NO
createPolicy.{policy type} NO
getProperty.{key} NO
setProperty.{key} NO
insertProvider NO
removeProvider.{provider name} NO
clearProviderProperties.{provider name} NO
putProviderProperty.{provider name} NO
removeProviderProperty.{provider name} NO
SQLPermission setLog NO
callAbort NO
setSyncFactory NO
setNetworkTimeout NO
deregisterDriver NO
java.util.logging.LoggingPermission

A SecurityManager will check the java.util.logging.LoggingPermission object when code running with a SecurityManager calls one of the logging control methods (such as Logger.setLevel).
control NO
java.util.PropertyPermission
The name is the name of the property ("java.home", "os.name", etc). The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "java.*" or "*" is valid, "*java" or "a*b" is not valid.

The actions to be granted are passed to the constructor in a string containing a list of zero or more comma-separated keywords.
read YES
write NO
javax.xml.ws.WebServicePermission
publishEndpoint NO
javax.xml.bind.JAXBPermission setDatatypeConverter NO
javax.sound.sampled.AudioPermission

Access rights to the audio system resources.
play NO
record NO
javax.security.auth.PrivateCredentialPermission

Protect access to private Credentials belonging to a particular Subject. The Subject is represented by a Set of Principals. The target name of this Permission specifies a Credential class name, and a Set of Principals. The only valid value for this Permission's actions is, "read".
CredentialClass {PrincipalClass "PrincipalName"}* NO
javax.security.auth.kerberos.ServicePermission

Protect Kerberos services and the credentials necessary to access those services.
initiate NO
accept NO
javax.security.auth.kerberos.DelegationPermission

Used to restrict the usage of the Kerberos delegation model; ie, forwardable and proxiable tickets.

The target name of this Permission specifies a pair of kerberos service principals. The first is the subordinate service principal being entrusted to use the Ticket Granting Ticket (TGT). The second service principal designates the target service the subordinate service principal is to interact with on behalf of the initiating KerberosPrincipal.
initiate NO
accept NO
javax.security.auth.AuthPermission

Currently the AuthPermission object is used to guard access to the Subject, SubjectDomainCombiner, LoginContext and Configuration objects.
doAs NO
doAsPrivileged NO
getSubject NO
getSubjectFromDomainCombiner NO
setReadOnly NO
modifyPrincipals NO
modifyPublicCredentials NO
modifyPrivateCredentials NO
refreshCredential NO
destroyCredential NO
createLoginContext.{name} NO
getLoginConfiguration NO
setLoginConfiguration NO
createLoginConfiguration.{configuration type} NO
refreshLoginConfiguration NO
javax.net.ssl.SSLPermission
setHostnameVerifier NO
getSSLSessionContext NO
setDefaultSSLContext NO
javax.management.MBeanPermission

Permission controlling access to MBeanServer operations. If a security manager has been set using System.setSecurityManager(java.lang.SecurityManager), most operations on the MBeanServer require that the caller's permissions imply an MBeanPermission appropriate for the operation.

action className#member[objectName]

If you have an MBeanPermission, it allows operations only if all four of the items match.
addNotificationListener NO
getAttribute NO
getClassLoader NO
getClassLoaderFor NO
getClassLoaderRepository NO
getDomains NO
getMBeanInfo NO
getObjectInstance NO
instantiate NO
invoke NO
isInstanceOf NO
queryMBeans NO
queryNames NO
registerMBean NO
removeNotificationListener NO
setAttribute NO
unregisterMBean NO
javax.management.MBeanServerPermission
createMBeanServer NO
findMBeanServer NO
newMBeanServer NO
releaseMBeanServer NO
javax.management.MBeanTrustPermission

This permission represents "trust" in a signer or codebase.
register NO
* NO
javax.management.remote.SubjectDelegationPermission
NO