MBeanServerPermission.java revision 2362
3909N/A * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A/** A Permission to perform actions related to MBeanServers. 0N/A The <em>name</em> of the permission specifies the operation requested 0N/A or granted by the permission. For a granted permission, it can be 0N/A <code>*</code> to allow all of the MBeanServer operations specified below. 0N/A Otherwise, for a granted or requested permission, it must be one of the 0N/A <dt>createMBeanServer</dt> 0N/A <dd>Create a new MBeanServer object using the method 0N/A {@link MBeanServerFactory#createMBeanServer()} or 0N/A {@link MBeanServerFactory#createMBeanServer(java.lang.String)}. 0N/A <dt>findMBeanServer</dt> 0N/A <dd>Find an MBeanServer with a given name, or all MBeanServers in this 0N/A JVM, using the method {@link MBeanServerFactory#findMBeanServer}. 0N/A <dt>newMBeanServer</dt> 0N/A <dd>Create a new MBeanServer object without keeping a reference to it, 0N/A using the method {@link MBeanServerFactory#newMBeanServer()} or 0N/A {@link MBeanServerFactory#newMBeanServer(java.lang.String)}. 0N/A <dt>releaseMBeanServer</dt> 0N/A <dd>Remove the MBeanServerFactory's reference to an MBeanServer, 0N/A using the method {@link MBeanServerFactory#releaseMBeanServer}. 0N/A The <em>name</em> of the permission can also denote a list of one or more 0N/A comma-separated operations. Spaces are allowed at the beginning and 0N/A end of the <em>name</em> and before and after commas. 0N/A <code>MBeanServerPermission("createMBeanServer")</code> implies 0N/A <code>MBeanServerPermission("newMBeanServer")</code>. 0N/A private final static int 0N/A "createMBeanServer",
0N/A "releaseMBeanServer",
0N/A private final static int 0N/A * Map from permission masks to canonical names. This array is 0N/A * filled in on demand. 0N/A * This isn't very scalable. If we have more than five or six 0N/A * permissions, we should consider doing this differently, 0N/A * The target names mask. This is not private to avoid having to 0N/A * generate accessor methods for accesses from the collection class. 0N/A * This mask includes implied bits. So if it has CREATE_MASK then 0N/A * it necessarily has NEW_MASK too. 0N/A /** <p>Create a new MBeanServerPermission with the given name.</p> 0N/A <p>This constructor is equivalent to 0N/A <code>MBeanServerPermission(name,null)</code>.</p> 0N/A @param name the name of the granted permission. It must 0N/A respect the constraints spelt out in the description of the 0N/A {@link MBeanServerPermission} class. 0N/A @exception NullPointerException if the name is null. 0N/A @exception IllegalArgumentException if the name is not 0N/A <code>*</code> or one of the allowed names or a comma-separated 0N/A list of the allowed names. 0N/A /** <p>Create a new MBeanServerPermission with the given name.</p> 0N/A @param name the name of the granted permission. It must 0N/A respect the constraints spelt out in the description of the 0N/A {@link MBeanServerPermission} class. 0N/A @param actions the associated actions. This parameter is not 0N/A currently used and must be null or the empty string. 0N/A @exception NullPointerException if the name is null. 0N/A @exception IllegalArgumentException if the name is not 0N/A <code>*</code> or one of the allowed names or a comma-separated 0N/A list of the allowed names, or if <code>actions</code> is a non-null 0N/A * @throws NullPointerException if <code>name</code> is <code>null</code>. 0N/A * @throws IllegalArgumentException if <code>name</code> is empty or 0N/A * if arguments are invalid. 0N/A /* It's annoying to have to parse the name twice, but since 0N/A Permission.getName() is final and since we can't access "this" 0N/A until after the call to the superclass constructor, there 0N/A isn't any very clean way to do this. MBeanServerPermission 0N/A objects aren't constructed very often, luckily. */ 0N/A /* Check that actions is a null empty string */ 0N/A "actions must be null: " +
0N/A /* intern() avoids duplication when the mask has only 0N/A one bit, so is equivalent to the string constants 0N/A we have for the names[] array. */ 0N/A /* Convert the string into a bitmask, including bits that 0N/A are implied by the permissions in the string. */ 0N/A /* Check that target name is a non-null non-empty string */ 0N/A "target name can't be null");
0N/A /* If the name is empty, nameIndex will barf. */ 0N/A "Invalid MBeanServerPermission name: \"" +
name +
"\"";
0N/A * <p>Checks if this MBeanServerPermission object "implies" the specified 0N/A * <p>More specifically, this method returns true if:</p> 0N/A * <li> <i>p</i> is an instance of MBeanServerPermission,</li> 1104N/A * <li> <i>p</i>'s target names are a subset of this object's target 0N/A * <p>The <code>createMBeanServer</code> permission implies the 0N/A * <code>newMBeanServer</code> permission.</p> 0N/A * @param p the permission to check against. 0N/A * @return true if the specified permission is implied by this object, 0N/A * Checks two MBeanServerPermission objects for equality. Checks that 0N/A * <i>obj</i> is an MBeanServerPermission, and represents the same 0N/A * list of allowable actions as this object. 0N/A * @param obj the object we are testing for equality with this object. 0N/A * @return true if the objects are equal. 0N/A * Class returned by {@link MBeanServerPermission#newPermissionCollection()}. * Since every collection of MBSP can be represented by a single MBSP, * that is what our PermissionCollection does. We need to define a * PermissionCollection because the one inherited from BasicPermission * doesn't know that createMBeanServer implies newMBeanServer. * Though the serial form is defined, the TCK does not check it. We do * not require independent implementations to duplicate it. Even though * PermissionCollection is Serializable, instances of this class will * hardly ever be serialized, and different implementations do not * typically exchange serialized permission collections. * If we did require that a particular form be respected here, we would * logically also have to require it for * MBeanPermission.newPermissionCollection, which would preclude an * implementation from defining a PermissionCollection there with an * optimized "implies" method. /** @serial Null if no permissions in collection, otherwise a single permission that is the union of all permissions that "Permission not an MBeanServerPermission: " +
permission;