the same hash code. public final String getName Return the name that was used to construct this permission. public abstract String getActions Return the canonical form of the actions if any that were used to construct this permission. public String toString The convention for printing a permission is to print in parentheses the class name, the name of the permission, and the actions. For example, a file permission might return: java.io.FilePermission,myclassesxyzHRApplet.class,read public abstract boolean impliesPermission p This method is one of the keys of the Permission class: it is responsible for determining whether a class that is granted one permission is granted another. This method is normally responsible for performing wildcard matching so that, for example, the file permission myclasses− implies the file permission myclassesxyzHRApplet.class. But this method need not rely on wildcards; permission to write a particular object in a database would probably imply permission to read that object as well. public PermissionCollection newPermissionCollection Return a permission collection suitable for holding instances of this type of permission. Well discuss the topic of permission collections in the next section. This method returns null by default. public void checkGuardObject o Call the security manager to see if the permission i.e., the this variable has been granted, generating a SecurityException if the permission has not been granted. The object parameter of this method is unused. Well give more details about this method later in this chapter. Implementing your own permission means providing a class with concrete implementations of these abstract methods. Note that the notions of wildcard matching and actions are not generally present in this class −− if you want your class to support either of these features, youre responsible for implementing all of the necessary logic to do so although the BasicPermission class that well look at next can help us with that. Say that you are implementing a program to administer payroll information. Youll want to create permissions to allow users to view their payroll history. Youll also want to allow the HR department to update the pay rate for employees. Well need to implement a permission class to encapsulate all of that: package javasec.samples.ch05; import java.security.; import java.util.; public class XYZPayrollPermission extends Permission { protected int mask; static private int VIEW = 0x01; static private int UPDATE = 0x02; public XYZPayrollPermissionString name { Our permission must always have an action, so we choose a default one here. thisname, view; } public XYZPayrollPermissionString name, String action { Our superclass, however, does not support actions so we dont provide one to that. supername; parseaction; } private void parseString action { Look in the action string for the words view and update, separated by white space or by a comma StringTokenizer st = new StringTokenizeraction, ,\t ; mask = 0; while st.hasMoreTokens { String tok = st.nextToken ; if tok.equalsview mask |= VIEW; else if tok.equalsupdate mask |= UPDATE; else throw new IllegalArgumentException Unknown action + tok; } } public boolean impliesPermission permission { if permission instanceof XYZPayrollPermission return false; XYZPayrollPermission p = XYZPayrollPermission permission; String name = getName ; The name must be either the wildcard , which signifies all possible names, or the name must match our name if name.equals name.equalsp.getName return false; Similarly, the requested actions must all match actions that weve been constructed with. if mask p.mask = p.mask return false; Only if both the action and name match do we return true. return true; } public boolean equalsObject o { if o instanceof XYZPayrollPermission return false; For equality, we check the name and action mask. We must provide a method definition like this, since the security system expects us to do a deep check for equality rather than relying on object reference equality. XYZPayrollPermission p = XYZPayrollPermission o; return p.getName.equalsgetName p.mask == mask; }