This page applies to Apigeeand Apigee hybrid.
View Apigee Edge
documentation.
What you need to know about Java permission policies
If you are developing JavCallout policy, you need to know which permission policies are in effect in the Apigee JVM and how they will affect your code. For example, your custom Java code does not have unlimited access to the file system. However, in the case of file system access, you can read certain files, such as policy resource files. But most other file system access is blocked. This topic lists all of JDK permission types and their respective targets or actions. For each target or action, we specify the permission policy and any exceptions that you need to know about.
To learn more about the JDK permission types and what each permission allows, see Permissions in the Java Development Kit (JDK) .
Permission Type
Target or Action Name
Permission Granted
java.awt.AWTPermission
accessClipboard
NO
accessEventQueue
NO
accessSystemTray
NO
createRobot
NO
fullScreenExclusive
NO
listenToAllAWTEvents
NO
readDisplayPixels
NO
replaceKeyboardFocusManager
NO
setAppletStub
NO
setWindowsAlwaysOnTop
NO
showWindowWithoutWarningBanner
NO
toolkitModality
NO
watchMousePointer
NO
java.io.FilePermission
A java.io.FilePermission represents access to a file or directory. A FilePermission consists of a pathname and a set of actions valid for that pathname.
A java.io.FilePermission represents access to a file or directory. A FilePermission consists of a pathname and a set of actions valid for that pathname.
read
write
NO
execute
NO
delete
NO
readLink
YES
java.io.SerializablePermission
A SerializablePermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
A SerializablePermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
enableSubclassImplementation
YES
enableSubstitution
NO
java.lang.management.ManagementPermission
Methods defined in the management interface for the Java platform
Methods defined in the management interface for the Java platform
control
NO
monitor
NO
java.lang.reflect.ReflectPermission
For reflective operations. A ReflectPermission is a named permission and has no actions
For reflective operations. A ReflectPermission is a named permission and has no actions
suppressAccessChecks
NO
newProxyInPackage.{package name}
NO
java.lang.RuntimePermission
Contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
Contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
createClassLoader
NO
getClassLoader
YES
setContextClassLoader
YES
enableContextClassLoaderOverride
YES
closeClassLoader
NO
setSecurityManager
NO
createSecurityManager
NO
getenv.{variable name}
NO
exitVM.{exit status}
NO
shutdownHooks
NO
setFactory
NO
setIO
NO
modifyThread
YES
stopThread
YES
modifyThreadGroup
YES
getProtectionDomain
YES
getFileSystemAttributes
NO
readFileDescriptor
YES
writeFileDescriptor
NO
loadLibrary.{library name}
NO
accessClassInPackage. {package name}
YES
defineClassInPackage. {package name}
NO
accessDeclaredMembers
NO
queuePrintJob
NO
getStackTrace
NO
setDefaultUncaughtExceptionHandler
NO
preferences
NO
usePolicy
NO
java.net.NetPermission
A NetPermission contains a name but no actions list; you either have the named permission or you don't.
A NetPermission contains a name but no actions list; you either have the named permission or you don't.
setDefaultAuthenticator
NO
requestPasswordAuthentication
NO
specifyStreamHandler
YES
setProxySelector
NO
getProxySelector
NO
setCookieHandler
NO
getCookieHandler
NO
setResponseCache
NO
getResponseCache
NO
getNetworkInformation
NO
java.net.SocketPermission
Represents access to a network via sockets. A SocketPermission consists of a host specification and a set of "actions" specifying ways to connect to that host.
host = (hostname | IPaddress)[:portrange]
portrange = portnumber | -portnumber | portnumber-[portnumber]
The possible ways to connect to the host are
accept
connect
listen
resolve
The "listen" action is only meaningful when used with "localhost". The "resolve" (resolve host/ip name service lookups) action is implied when any of the other actions are present.
Represents access to a network via sockets. A SocketPermission consists of a host specification and a set of "actions" specifying ways to connect to that host.
host = (hostname | IPaddress)[:portrange]
portrange = portnumber | -portnumber | portnumber-[portnumber]
The possible ways to connect to the host are
accept
connect
listen
resolve
The "listen" action is only meaningful when used with "localhost". The "resolve" (resolve host/ip name service lookups) action is implied when any of the other actions are present.
resolve
YES
connect
YES but restrictions apply. See Restrictions .
Apigee restricts access to sitelocal, anylocal, loopback, and linklocal addresses, as well as private IPv4 ranges defined in RFC1918.
listen,
accept
accept
NO
java.net.URLPermission
Represents permission to access a resource or set of resources defined by a given url, and for a given set of user-settable request methods and request headers. The name of the permission is the url string. The actions string is a concatenation of the request methods and headers. The range of method and header names is not restricted by this class.
Represents permission to access a resource or set of resources defined by a given url, and for a given set of user-settable request methods and request headers. The name of the permission is the url string. The actions string is a concatenation of the request methods and headers. The range of method and header names is not restricted by this class.
YES
LinkPermission
The Permission class for link creation operations.
The Permission class for link creation operations.
hard
NO
symbolic
NO
java.security.SecurityPermission
A SecurityPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
The target name is the name of a security configuration parameter (see below). Currently the SecurityPermission object is used to guard access to the Policy, Security, Provider, Signer, and Identity objects.
A SecurityPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
The target name is the name of a security configuration parameter (see below). Currently the SecurityPermission object is used to guard access to the Policy, Security, Provider, Signer, and Identity objects.
createAccessControlContext
NO
getDomainCombiner
NO
getPolicy
NO
setPolicy
NO
createPolicy.{policy type}
NO
getProperty.{key}
NO
setProperty.{key}
NO
insertProvider
NO
removeProvider.{provider name}
NO
clearProviderProperties.{provider name}
NO
putProviderProperty.{provider name}
NO
removeProviderProperty.{provider name}
NO
SQLPermission
setLog
NO
callAbort
NO
setSyncFactory
NO
setNetworkTimeout
NO
deregisterDriver
NO
java.util.logging.LoggingPermission
A SecurityManager will check the java.util.logging.LoggingPermission object when code running with a SecurityManager calls one of the logging control methods (such as Logger.setLevel).
A SecurityManager will check the java.util.logging.LoggingPermission object when code running with a SecurityManager calls one of the logging control methods (such as Logger.setLevel).
control
NO
java.util.PropertyPermission
The name is the name of the property ("java.home", "os.name", etc). The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "java.*" or "*" is valid, "*java" or "a*b" is not valid.
The actions to be granted are passed to the constructor in a string containing a list of zero or more comma-separated keywords.
The name is the name of the property ("java.home", "os.name", etc). The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "java.*" or "*" is valid, "*java" or "a*b" is not valid.
The actions to be granted are passed to the constructor in a string containing a list of zero or more comma-separated keywords.
read
YES
write
NO
javax.xml.ws.WebServicePermission
publishEndpoint
NO
javax.xml.bind.JAXBPermission
setDatatypeConverter
NO
javax.sound.sampled.AudioPermission
Access rights to the audio system resources.
Access rights to the audio system resources.
play
NO
record
NO
javax.security.auth.PrivateCredentialPermission
Protect access to private Credentials belonging to a particular Subject. The Subject is represented by a Set of Principals. The target name of this Permission specifies a Credential class name, and a Set of Principals. The only valid value for this Permission's actions is, "read".
Protect access to private Credentials belonging to a particular Subject. The Subject is represented by a Set of Principals. The target name of this Permission specifies a Credential class name, and a Set of Principals. The only valid value for this Permission's actions is, "read".
CredentialClass {PrincipalClass "PrincipalName"}*
NO
javax.security.auth.kerberos.ServicePermission
Protect Kerberos services and the credentials necessary to access those services.
Protect Kerberos services and the credentials necessary to access those services.
initiate
NO
accept
NO
javax.security.auth.kerberos.DelegationPermission
Used to restrict the usage of the Kerberos delegation model; ie, forwardable and proxiable tickets.
The target name of this Permission specifies a pair of kerberos service principals. The first is the subordinate service principal being entrusted to use the Ticket Granting Ticket (TGT). The second service principal designates the target service the subordinate service principal is to interact with on behalf of the initiating KerberosPrincipal.
Used to restrict the usage of the Kerberos delegation model; ie, forwardable and proxiable tickets.
The target name of this Permission specifies a pair of kerberos service principals. The first is the subordinate service principal being entrusted to use the Ticket Granting Ticket (TGT). The second service principal designates the target service the subordinate service principal is to interact with on behalf of the initiating KerberosPrincipal.
initiate
NO
accept
NO
javax.security.auth.AuthPermission
Currently the AuthPermission object is used to guard access to the Subject, SubjectDomainCombiner, LoginContext and Configuration objects.
Currently the AuthPermission object is used to guard access to the Subject, SubjectDomainCombiner, LoginContext and Configuration objects.
doAs
NO
doAsPrivileged
NO
getSubject
NO
getSubjectFromDomainCombiner
NO
setReadOnly
NO
modifyPrincipals
NO
modifyPublicCredentials
NO
modifyPrivateCredentials
NO
refreshCredential
NO
destroyCredential
NO
createLoginContext.{name}
NO
getLoginConfiguration
NO
setLoginConfiguration
NO
createLoginConfiguration.{configuration type}
NO
refreshLoginConfiguration
NO
javax.net.ssl.SSLPermission
setHostnameVerifier
NO
getSSLSessionContext
NO
setDefaultSSLContext
NO
javax.management.MBeanPermission
Permission controlling access to MBeanServer operations. If a security manager has been set using System.setSecurityManager(java.lang.SecurityManager), most operations on the MBeanServer require that the caller's permissions imply an MBeanPermission appropriate for the operation.
action className#member[objectName]
If you have an MBeanPermission, it allows operations only if all four of the items match.
Permission controlling access to MBeanServer operations. If a security manager has been set using System.setSecurityManager(java.lang.SecurityManager), most operations on the MBeanServer require that the caller's permissions imply an MBeanPermission appropriate for the operation.
action className#member[objectName]
If you have an MBeanPermission, it allows operations only if all four of the items match.
addNotificationListener
NO
getAttribute
NO
getClassLoader
NO
getClassLoaderFor
NO
getClassLoaderRepository
NO
getDomains
NO
getMBeanInfo
NO
getObjectInstance
NO
instantiate
NO
invoke
NO
isInstanceOf
NO
queryMBeans
NO
queryNames
NO
registerMBean
NO
removeNotificationListener
NO
setAttribute
NO
unregisterMBean
NO
javax.management.MBeanServerPermission
createMBeanServer
NO
findMBeanServer
NO
newMBeanServer
NO
releaseMBeanServer
NO
javax.management.MBeanTrustPermission
This permission represents "trust" in a signer or codebase.
This permission represents "trust" in a signer or codebase.
register
NO
*
NO
javax.management.remote.SubjectDelegationPermission
NO
