MBeanServerPermission.java revision 0
2362N/A * Copyright 2001-2007 Sun Microsystems, Inc. All Rights Reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Sun designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Sun in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, 2362N/A * CA 95054 USA or visit www.sun.com if you need additional information or 0N/A/** A Permission to perform actions related to MBeanServers. 0N/A The <em>name</em> of the permission specifies the operation requested 0N/A or granted by the permission. For a granted permission, it can be 0N/A <code>*</code> to allow all of the MBeanServer operations specified below. 0N/A Otherwise, for a granted or requested permission, it must be one of the 0N/A <dt>createMBeanServer</dt> 0N/A <dd>Create a new MBeanServer object using the method 0N/A {@link MBeanServerFactory#createMBeanServer()} or 0N/A {@link MBeanServerFactory#createMBeanServer(java.lang.String)}. 0N/A <dt>findMBeanServer</dt> 0N/A <dd>Find an MBeanServer with a given name, or all MBeanServers in this 0N/A JVM, using the method {@link MBeanServerFactory#findMBeanServer}. 0N/A <dt>newMBeanServer</dt> 0N/A <dd>Create a new MBeanServer object without keeping a reference to it, 0N/A using the method {@link MBeanServerFactory#newMBeanServer()} or 0N/A {@link MBeanServerFactory#newMBeanServer(java.lang.String)}. 0N/A <dt>releaseMBeanServer</dt> 0N/A <dd>Remove the MBeanServerFactory's reference to an MBeanServer, 0N/A using the method {@link MBeanServerFactory#releaseMBeanServer}. 0N/A The <em>name</em> of the permission can also denote a list of one or more 0N/A comma-separated operations. Spaces are allowed at the beginning and 0N/A end of the <em>name</em> and before and after commas. 0N/A <code>MBeanServerPermission("createMBeanServer")</code> implies 0N/A <code>MBeanServerPermission("newMBeanServer")</code>. 0N/A private final static int 0N/A "createMBeanServer",
0N/A "releaseMBeanServer",
0N/A private final static int 0N/A * Map from permission masks to canonical names. This array is 0N/A * filled in on demand. 0N/A * This isn't very scalable. If we have more than five or six 0N/A * permissions, we should consider doing this differently, 0N/A * The target names mask. This is not private to avoid having to 0N/A * generate accessor methods for accesses from the collection class. 0N/A * This mask includes implied bits. So if it has CREATE_MASK then 0N/A * it necessarily has NEW_MASK too. 0N/A /** <p>Create a new MBeanServerPermission with the given name.</p> 0N/A <p>This constructor is equivalent to 0N/A <code>MBeanServerPermission(name,null)</code>.</p> 0N/A @param name the name of the granted permission. It must 0N/A respect the constraints spelt out in the description of the 0N/A {@link MBeanServerPermission} class. 0N/A @exception NullPointerException if the name is null. 0N/A @exception IllegalArgumentException if the name is not 0N/A <code>*</code> or one of the allowed names or a comma-separated 0N/A list of the allowed names. 0N/A /** <p>Create a new MBeanServerPermission with the given name.</p> 0N/A @param name the name of the granted permission. It must 0N/A respect the constraints spelt out in the description of the 0N/A {@link MBeanServerPermission} class. 0N/A @param actions the associated actions. This parameter is not 0N/A currently used and must be null or the empty string. 0N/A @exception NullPointerException if the name is null. 0N/A @exception IllegalArgumentException if the name is not 0N/A <code>*</code> or one of the allowed names or a comma-separated 0N/A list of the allowed names, or if <code>actions</code> is a non-null 0N/A * @throws NullPointerException if <code>name</code> is <code>null</code>. 0N/A * @throws IllegalArgumentException if <code>name</code> is empty or 0N/A * if arguments are invalid. 0N/A /* It's annoying to have to parse the name twice, but since 0N/A Permission.getName() is final and since we can't access "this" 0N/A until after the call to the superclass constructor, there 0N/A isn't any very clean way to do this. MBeanServerPermission 0N/A objects aren't constructed very often, luckily. */ 0N/A /* Check that actions is a null empty string */ 0N/A "actions must be null: " +
for (
int i =
0; i <
N_NAMES; i++) {
if ((
mask & (
1<<i)) !=
0) {
/* intern() avoids duplication when the mask has only one bit, so is equivalent to the string constants we have for the names[] array. */ /* Convert the string into a bitmask, including bits that are implied by the permissions in the string. */ /* Check that target name is a non-null non-empty string */ "target name can't be null");
/* If the name is empty, nameIndex will barf. */ for (
int i =
0; i <
N_NAMES; i++) {
"Invalid MBeanServerPermission name: \"" +
name +
"\"";
* <p>Checks if this MBeanServerPermission object "implies" the specified * <p>More specifically, this method returns true if:</p> * <li> <i>p</i> is an instance of MBeanServerPermission,</li> * <li> <i>p</i>'s target names are a subset of this object's target * <p>The <code>createMBeanServer</code> permission implies the * <code>newMBeanServer</code> permission.</p> * @param p the permission to check against. * @return true if the specified permission is implied by this object, * Checks two MBeanServerPermission objects for equality. Checks that * <i>obj</i> is an MBeanServerPermission, and represents the same * list of allowable actions as this object. * @param obj the object we are testing for equality with this object. * @return true if the objects are equal. * Class returned by {@link MBeanServerPermission#newPermissionCollection()}. * Since every collection of MBSP can be represented by a single MBSP, * that is what our PermissionCollection does. We need to define a * PermissionCollection because the one inherited from BasicPermission * doesn't know that createMBeanServer implies newMBeanServer. * Though the serial form is defined, the TCK does not check it. We do * not require independent implementations to duplicate it. Even though * PermissionCollection is Serializable, instances of this class will * hardly ever be serialized, and different implementations do not * typically exchange serialized permission collections. * If we did require that a particular form be respected here, we would * logically also have to require it for * MBeanPermission.newPermissionCollection, which would preclude an * implementation from defining a PermissionCollection there with an * optimized "implies" method. /** @serial Null if no permissions in collection, otherwise a single permission that is the union of all permissions that "Permission not an MBeanServerPermission: " +
permission;