API Overview API Index Package Overview Direct link to this page
JDK 1.6
  javax.management. MBeanServerPermission View Javadoc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354

/*
 * @(#)MBeanServerPermission.java	1.29 06/04/21
 * 
 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
 * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 */

package javax.management;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.security.BasicPermission;
import java.security.Permission;
import java.security.PermissionCollection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Set;
import java.util.StringTokenizer;

/** A Permission to perform actions related to MBeanServers.
    The <em>name</em> of the permission specifies the operation requested
    or granted by the permission.  For a granted permission, it can be
    <code>*</code> to allow all of the MBeanServer operations specified below.
    Otherwise, for a granted or requested permission, it must be one of the
    following:
    <dl>
    <dt>createMBeanServer</dt>
    <dd>Create a new MBeanServer object using the method
    {@link MBeanServerFactory#createMBeanServer()} or
    {@link MBeanServerFactory#createMBeanServer(java.lang.String)}.
    <dt>findMBeanServer</dt>
    <dd>Find an MBeanServer with a given name, or all MBeanServers in this
    JVM, using the method {@link MBeanServerFactory#findMBeanServer}.
    <dt>newMBeanServer</dt>
    <dd>Create a new MBeanServer object without keeping a reference to it,
    using the method {@link MBeanServerFactory#newMBeanServer()} or
    {@link MBeanServerFactory#newMBeanServer(java.lang.String)}.
    <dt>releaseMBeanServer</dt>
    <dd>Remove the MBeanServerFactory's reference to an MBeanServer,
    using the method {@link MBeanServerFactory#releaseMBeanServer}.
    </dl>
    The <em>name</em> of the permission can also denote a list of one or more
    comma-separated operations.  Spaces are allowed at the beginning and
    end of the <em>name</em> and before and after commas.
    <p>
    <code>MBeanServerPermission("createMBeanServer")</code> implies
    <code>MBeanServerPermission("newMBeanServer")</code>.
 *
 * @since 1.5
 * @since.unbundled JMX 1.1
 */
public class MBeanServerPermission extends BasicPermission {
    private static final long serialVersionUID = -5661980843569388590L;

    private final static int
	CREATE = 0,
	FIND = 1,
	NEW = 2,
	RELEASE = 3,
	N_NAMES = 4;

    private final static String[] names = {
	"createMBeanServer",
	"findMBeanServer",
	"newMBeanServer",
	"releaseMBeanServer",
    };

    private final static int
	CREATE_MASK = 1<<CREATE,
	FIND_MASK = 1<<FIND,
	NEW_MASK = 1<<NEW,
	RELEASE_MASK = 1<<RELEASE,
	ALL_MASK = CREATE_MASK|FIND_MASK|NEW_MASK|RELEASE_MASK;

    /*
     * Map from permission masks to canonical names.  This array is
     * filled in on demand.
     *
     * This isn't very scalable.  If we have more than five or six
     * permissions, we should consider doing this differently,
     * e.g. with a Map.
     */
    private final static String[] canonicalNames = new String[1 << N_NAMES];

    /*
     * The target names mask.  This is not private to avoid having to
     * generate accessor methods for accesses from the collection class.
     *
     * This mask includes implied bits.  So if it has CREATE_MASK then
     * it necessarily has NEW_MASK too.
     */
    transient int mask;

    /** <p>Create a new MBeanServerPermission with the given name.</p>
	<p>This constructor is equivalent to
	<code>MBeanServerPermission(name,null)</code>.</p>
	@param name the name of the granted permission.  It must
	respect the constraints spelt out in the description of the
	{@link MBeanServerPermission} class.
	@exception NullPointerException if the name is null.
	@exception IllegalArgumentException if the name is not
	<code>*</code> or one of the allowed names or a comma-separated
        list of the allowed names.
    */
    public MBeanServerPermission(String name) {
	this(name, null);
    }

    /** <p>Create a new MBeanServerPermission with the given name.</p>
	@param name the name of the granted permission.  It must
	respect the constraints spelt out in the description of the
	{@link MBeanServerPermission} class.
	@param actions the associated actions.  This parameter is not
	currently used and must be null or the empty string.
	@exception NullPointerException if the name is null.
	@exception IllegalArgumentException if the name is not
	<code>*</code> or one of the allowed names or a comma-separated
        list of the allowed names, or if <code>actions</code> is a non-null
        non-empty string.  
     *
     * @throws NullPointerException if <code>name</code> is <code>null</code>.
     * @throws IllegalArgumentException if <code>name</code> is empty or
     * if arguments are invalid.
     */
    public MBeanServerPermission(String name, String actions) {
        super(getCanonicalName(parseMask(name)), actions);

	/* It's annoying to have to parse the name twice, but since
	   Permission.getName() is final and since we can't access "this"
	   until after the call to the superclass constructor, there
	   isn't any very clean way to do this.  MBeanServerPermission
	   objects aren't constructed very often, luckily.  */
	mask = parseMask(name);

	/* Check that actions is a null empty string */
	if (actions != null && actions.length() > 0)
	    throw new IllegalArgumentException("MBeanServerPermission " +
					       "actions must be null: " +
					       actions);
    }

    MBeanServerPermission(int mask) {
	super(getCanonicalName(mask));
	this.mask = impliedMask(mask);
    }

    private void readObject(ObjectInputStream in)
	    throws IOException, ClassNotFoundException {
	in.defaultReadObject();
	mask = parseMask(getName());
    }

    static int simplifyMask(int mask) {
	if ((mask & CREATE_MASK) != 0)
	    mask &= ~NEW_MASK;
	return mask;
    }

    static int impliedMask(int mask) {
	if ((mask & CREATE_MASK) != 0)
	    mask |= NEW_MASK;
	return mask;
    }

    static String getCanonicalName(int mask) {
	if (mask == ALL_MASK)
	    return "*";

	mask = simplifyMask(mask);

	synchronized (canonicalNames) {
	    if (canonicalNames[mask] == null)
		canonicalNames[mask] = makeCanonicalName(mask);
	}

	return canonicalNames[mask];
    }

    private static String makeCanonicalName(int mask) {
	StringBuffer buf = new StringBuffer();
	for (int i = 0; i < N_NAMES; i++) {
	    if ((mask & (1<<i)) != 0) {
		if (buf.length() > 0)
		    buf.append(',');
		buf.append(names[i]);
	    }
	}
	return buf.toString().intern();
	/* intern() avoids duplication when the mask has only
	   one bit, so is equivalent to the string constants
	   we have for the names[] array.  */
    }

    /* Convert the string into a bitmask, including bits that
       are implied by the permissions in the string.  */
    private static int parseMask(String name) {
	/* Check that target name is a non-null non-empty string */
	if (name == null) {
	    throw new NullPointerException("MBeanServerPermission: " +
					   "target name can't be null");
	}

	name = name.trim();
	if (name.equals("*"))
	    return ALL_MASK;

	/* If the name is empty, nameIndex will barf. */
	if (name.indexOf(',') < 0)
	    return impliedMask(1 << nameIndex(name.trim()));

	int mask = 0;

	StringTokenizer tok = new StringTokenizer(name, ",");
	while (tok.hasMoreTokens()) {
	    String action = tok.nextToken();
	    int i = nameIndex(action.trim());
	    mask |= (1 << i);
	}

	return impliedMask(mask);
    }

    private static int nameIndex(String name)
	    throws IllegalArgumentException {
	for (int i = 0; i < N_NAMES; i++) {
	    if (names[i].equals(name))
		return i;
	}
	final String msg =
	    "Invalid MBeanServerPermission name: \"" + name + "\"";
	throw new IllegalArgumentException(msg);
    }

    public int hashCode() {
	return mask;
    }

    /**
     * <p>Checks if this MBeanServerPermission object "implies" the specified
     * permission.</p>
     *
     * <p>More specifically, this method returns true if:</p>
     *
     * <ul>
     * <li> <i>p</i> is an instance of MBeanServerPermission,</li>
     * <li> <i>p</i>'s target names are a subset of this object's target
     * names</li>
     * </ul>
     *
     * <p>The <code>createMBeanServer</code> permission implies the
     * <code>newMBeanServer</code> permission.</p>
     *
     * @param p the permission to check against.
     * @return true if the specified permission is implied by this object,
     * false if not.
     */
    public boolean implies(Permission p) {
	if (!(p instanceof MBeanServerPermission))
	    return false;

	MBeanServerPermission that = (MBeanServerPermission) p;

	return ((this.mask & that.mask) == that.mask);
    }

    /**
     * Checks two MBeanServerPermission objects for equality. Checks that
     * <i>obj</i> is an MBeanServerPermission, and represents the same
     * list of allowable actions as this object.
     * <P>
     * @param obj the object we are testing for equality with this object.
     * @return true if the objects are equal.
     */
    public boolean equals(Object obj) {
	if (obj == this)
	    return true;

	if (! (obj instanceof MBeanServerPermission))
	    return false;

	MBeanServerPermission that = (MBeanServerPermission) obj;

	return (this.mask == that.mask);
    }

    public PermissionCollection newPermissionCollection() {
	return new MBeanServerPermissionCollection();
    }
}

/**
 * Class returned by {@link MBeanServerPermission#newPermissionCollection()}.
 *
 * @serial include
 */

/*
 * Since every collection of MBSP can be represented by a single MBSP,
 * that is what our PermissionCollection does.  We need to define a
 * PermissionCollection because the one inherited from BasicPermission
 * doesn't know that createMBeanServer implies newMBeanServer.
 *
 * Though the serial form is defined, the TCK does not check it.  We do
 * not require independent implementations to duplicate it.  Even though
 * PermissionCollection is Serializable, instances of this class will
 * hardly ever be serialized, and different implementations do not
 * typically exchange serialized permission collections.
 *
 * If we did require that a particular form be respected here, we would
 * logically also have to require it for
 * MBeanPermission.newPermissionCollection, which would preclude an
 * implementation from defining a PermissionCollection there with an
 * optimized "implies" method.
 */
class MBeanServerPermissionCollection extends PermissionCollection {
    /** @serial Null if no permissions in collection, otherwise a
	single permission that is the union of all permissions that
	have been added.  */
    private MBeanServerPermission collectionPermission;

    private static final long serialVersionUID = -5661980843569388590L;

    public synchronized void add(Permission permission) {
	if (!(permission instanceof MBeanServerPermission)) {
	    final String msg =
		"Permission not an MBeanServerPermission: " + permission;
	    throw new IllegalArgumentException(msg);
	}
	if (isReadOnly())
	    throw new SecurityException("Read-only permission collection");
	MBeanServerPermission mbsp = (MBeanServerPermission) permission;
	if (collectionPermission == null)
	    collectionPermission = mbsp;
	else if (!collectionPermission.implies(permission)) {
	    int newmask = collectionPermission.mask | mbsp.mask;
	    collectionPermission = new MBeanServerPermission(newmask);
	}
    }

    public synchronized boolean implies(Permission permission) {
	return (collectionPermission != null &&
		collectionPermission.implies(permission));
    }

    public synchronized Enumeration<Permission> elements() {
	Set<Permission> set;
	if (collectionPermission == null)
	    set = Collections.emptySet();
	else
	    set = Collections.singleton((Permission) collectionPermission);
	return Collections.enumeration(set);
    }
}

Generated By: JavaOnTracks Doclet 0.1.4     ©Thibaut Colar