Package org.apache.derby.security
Class SystemPermission
- java.lang.Object
-
- java.security.Permission
-
- java.security.BasicPermission
-
- org.apache.derby.security.SystemPermission
-
- All Implemented Interfaces:
java.io.Serializable
,java.security.Guard
public final class SystemPermission extends java.security.BasicPermission
This class represents access to system-wide Derby privileges.Permission Description Risk "jmx" "control" Controls the ability of JMX clients to control Derby and view security sensitive attributes through Derby's MBeans. JMX clients may be able to change the state of the running system "jmx" "monitor" Controls the ability of JMX clients to monitor Derby through Derby's MBeans, such as viewing number of current connections and configuration settings. Note: security related settings require control
action onjmx
JMX clients can see information about a runing system including software versions. - See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
SystemPermission.SystemPermissionCollection
A collection ofSystemPermission
objects.
-
Field Summary
Fields Modifier and Type Field Description private int
actionMask
Bit mask representing the actions.private java.lang.String
actions
Actions for this permission.static java.lang.String
CONTROL
Action ("control"
) to perform control actions through JMX on engine, server or jmx.static java.lang.String
ENGINE
Permission target name ("engine"
) for actions applicable to the core database engine.static SystemPermission
ENGINE_MONITOR
Constant representingSystemPermission("engine, "monitor")
.static java.lang.String
JMX
Permission target name ("jmx"
) for actions applicable to management of Derby's JMX MBeans.private static java.util.List<java.lang.String>
LEGAL_ACTIONS
Set of legal actions in their canonical form.private static java.util.Set<java.lang.String>
LEGAL_NAMES
The legal system permission names.static java.lang.String
MONITOR
Action ("monitor"
) to perform monitoring actions through JMX on engine and server.private static long
serialVersionUID
static java.lang.String
SERVER
Permission target name ("server"
) for actions applicable to the network server.static java.lang.String
SHUTDOWN
The server and engine shutdown action ("shutdown"
).static java.lang.String
USE_DERBY_INTERNALS
Action ("useDerbyInternals"
) by the engine to lookup Derby contexts.
-
Constructor Summary
Constructors Constructor Description SystemPermission(java.lang.String name, java.lang.String actions)
Creates a new SystemPermission with the specified name.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description (package private) static java.lang.String
buildActionsString(java.lang.Iterable<java.lang.String> actions)
Build a comma-separated actions string suitable for returning fromgetActions()
.private java.lang.String
doubleQuote(java.lang.String raw)
boolean
equals(java.lang.Object other)
Does this permission equal another object.private static int
getActionMask(java.lang.String actions)
Get a mask of bits that represents the actions and can be used for the implies method.java.lang.String
getActions()
Return the permission's actions in a canonical form.private static java.lang.String
getCanonicalForm(java.lang.String actions)
Return a canonical form of the passed in actions.boolean
implies(java.security.Permission permission)
Does this permission imply another.java.security.PermissionCollection
newPermissionCollection()
(package private) static java.util.Set<java.lang.String>
parseActions(java.lang.String actions)
Get a set of all actions specified in a string.private void
readObject(java.io.ObjectInputStream s)
Called upon deserialization for restoring the state of this SystemPermission from a stream.java.lang.String
toString()
private void
validateNameAndActions(java.lang.String name, java.lang.String actions)
Check if name and actions are valid, normalize the actions string, and calculate the actions mask.
-
-
-
Field Detail
-
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
-
SERVER
public static final java.lang.String SERVER
Permission target name ("server"
) for actions applicable to the network server.- See Also:
- Constant Field Values
-
ENGINE
public static final java.lang.String ENGINE
Permission target name ("engine"
) for actions applicable to the core database engine.- See Also:
- Constant Field Values
-
JMX
public static final java.lang.String JMX
Permission target name ("jmx"
) for actions applicable to management of Derby's JMX MBeans.- See Also:
- Constant Field Values
-
SHUTDOWN
public static final java.lang.String SHUTDOWN
The server and engine shutdown action ("shutdown"
).- See Also:
- Constant Field Values
-
CONTROL
public static final java.lang.String CONTROL
Action ("control"
) to perform control actions through JMX on engine, server or jmx.For JMX control permission is required to get attributes that are deemed sensiive from a security aspect, such as the network server's port number, security mechanisms and any information about the file system.
- See Also:
- Constant Field Values
-
MONITOR
public static final java.lang.String MONITOR
Action ("monitor"
) to perform monitoring actions through JMX on engine and server.- See Also:
- Constant Field Values
-
USE_DERBY_INTERNALS
public static final java.lang.String USE_DERBY_INTERNALS
Action ("useDerbyInternals"
) by the engine to lookup Derby contexts.- See Also:
- Constant Field Values
-
LEGAL_NAMES
private static final java.util.Set<java.lang.String> LEGAL_NAMES
The legal system permission names.
-
LEGAL_ACTIONS
private static final java.util.List<java.lang.String> LEGAL_ACTIONS
Set of legal actions in their canonical form.
-
ENGINE_MONITOR
public static final SystemPermission ENGINE_MONITOR
Constant representingSystemPermission("engine, "monitor")
.
-
actions
private java.lang.String actions
Actions for this permission.
-
actionMask
private transient int actionMask
Bit mask representing the actions. It is not serialized, and has to be recalculated when the object is deserialized.
-
-
Constructor Detail
-
SystemPermission
public SystemPermission(java.lang.String name, java.lang.String actions)
Creates a new SystemPermission with the specified name.- Parameters:
name
- the name of the SystemPermission- Throws:
java.lang.NullPointerException
- if name or actions is nulljava.lang.IllegalArgumentException
- if name is empty or not a legal SystemPermission- See Also:
BasicPermission(String)
-
-
Method Detail
-
validateNameAndActions
private void validateNameAndActions(java.lang.String name, java.lang.String actions)
Check if name and actions are valid, normalize the actions string, and calculate the actions mask.- Parameters:
name
- the name of the permissionactions
- the actions of the permission- Throws:
java.lang.NullPointerException
- if actions is nulljava.lang.IllegalArgumentException
- if name is not a legal SystemPermission
-
getActions
public java.lang.String getActions()
Return the permission's actions in a canonical form.- Overrides:
getActions
in classjava.security.BasicPermission
-
newPermissionCollection
public java.security.PermissionCollection newPermissionCollection()
- Overrides:
newPermissionCollection
in classjava.security.BasicPermission
-
getCanonicalForm
private static java.lang.String getCanonicalForm(java.lang.String actions)
Return a canonical form of the passed in actions. Actions are lower-cased, in the order of LEGAL_ACTIONS and only appear once.
-
parseActions
static java.util.Set<java.lang.String> parseActions(java.lang.String actions)
Get a set of all actions specified in a string. Actions are transformed to lower-case, and leading and trailing blanks are stripped off.- Parameters:
actions
- the specified actions string- Returns:
- a set of all the specified actions
-
buildActionsString
static java.lang.String buildActionsString(java.lang.Iterable<java.lang.String> actions)
Build a comma-separated actions string suitable for returning fromgetActions()
.- Parameters:
actions
- the list of actions- Returns:
- comma-separated string with the actions
-
equals
public boolean equals(java.lang.Object other)
Does this permission equal another object. True if its and identical class with same name and (canonical) actions.- Overrides:
equals
in classjava.security.BasicPermission
-
implies
public boolean implies(java.security.Permission permission)
Does this permission imply another. Only true if the other permission is a SystemPermission with the same name and all the actions of the permission are present in this. Note that none of the actions imply any other with this SystemPermission.- Overrides:
implies
in classjava.security.BasicPermission
-
getActionMask
private static int getActionMask(java.lang.String actions)
Get a mask of bits that represents the actions and can be used for the implies method.
-
readObject
private void readObject(java.io.ObjectInputStream s) throws java.io.IOException, java.lang.ClassNotFoundException
Called upon deserialization for restoring the state of this SystemPermission from a stream.- Throws:
java.io.IOException
java.lang.ClassNotFoundException
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.security.Permission
-
doubleQuote
private java.lang.String doubleQuote(java.lang.String raw)
-
-