Package org.apache.derby.security
Class SystemPermission
java.lang.Object
java.security.Permission
java.security.BasicPermission
org.apache.derby.security.SystemPermission
- All Implemented Interfaces:
Serializable
,Guard
This class represents access to system-wide Derby privileges.
Permission | Description | Risk |
---|---|---|
"jmx" "control" | Controls the ability of JMX clients to control Derby and view security sensitive attributes through Derby's MBeans. | JMX clients may be able to change the state of the running system |
"jmx" "monitor" | Controls the ability of JMX clients to
monitor Derby through Derby's MBeans, such as viewing number of current connections and
configuration settings. Note: security related settings require control
action on jmx | JMX clients can see information about a runing system including software versions. |
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static class
A collection ofSystemPermission
objects. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate int
Bit mask representing the actions.private String
Actions for this permission.static final String
Action ("control"
) to perform control actions through JMX on engine, server or jmx.static final String
Permission target name ("engine"
) for actions applicable to the core database engine.static final SystemPermission
Constant representingSystemPermission("engine, "monitor")
.static final String
Permission target name ("jmx"
) for actions applicable to management of Derby's JMX MBeans.Set of legal actions in their canonical form.The legal system permission names.static final String
Action ("monitor"
) to perform monitoring actions through JMX on engine and server.private static final long
static final String
Permission target name ("server"
) for actions applicable to the network server.static final String
The server and engine shutdown action ("shutdown"
).static final String
Action ("useDerbyInternals"
) by the engine to lookup Derby contexts. -
Constructor Summary
ConstructorsConstructorDescriptionSystemPermission
(String name, String actions) Creates a new SystemPermission with the specified name. -
Method Summary
Modifier and TypeMethodDescription(package private) static String
buildActionsString
(Iterable<String> actions) Build a comma-separated actions string suitable for returning fromgetActions()
.private String
doubleQuote
(String raw) boolean
Does this permission equal another object.private static int
getActionMask
(String actions) Get a mask of bits that represents the actions and can be used for the implies method.Return the permission's actions in a canonical form.private static String
getCanonicalForm
(String actions) Return a canonical form of the passed in actions.boolean
implies
(Permission permission) Does this permission imply another.parseActions
(String actions) Get a set of all actions specified in a string.private void
Called upon deserialization for restoring the state of this SystemPermission from a stream.toString()
private void
validateNameAndActions
(String name, String actions) Check if name and actions are valid, normalize the actions string, and calculate the actions mask.Methods inherited from class java.security.BasicPermission
hashCode
Methods inherited from class java.security.Permission
checkGuard, getName
-
Field Details
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
SERVER
Permission target name ("server"
) for actions applicable to the network server.- See Also:
-
ENGINE
Permission target name ("engine"
) for actions applicable to the core database engine.- See Also:
-
JMX
Permission target name ("jmx"
) for actions applicable to management of Derby's JMX MBeans.- See Also:
-
SHUTDOWN
The server and engine shutdown action ("shutdown"
).- See Also:
-
CONTROL
Action ("control"
) to perform control actions through JMX on engine, server or jmx.For JMX control permission is required to get attributes that are deemed sensiive from a security aspect, such as the network server's port number, security mechanisms and any information about the file system.
- See Also:
-
MONITOR
Action ("monitor"
) to perform monitoring actions through JMX on engine and server.- See Also:
-
USE_DERBY_INTERNALS
Action ("useDerbyInternals"
) by the engine to lookup Derby contexts.- See Also:
-
LEGAL_NAMES
The legal system permission names. -
LEGAL_ACTIONS
Set of legal actions in their canonical form. -
ENGINE_MONITOR
Constant representingSystemPermission("engine, "monitor")
. -
actions
Actions for this permission. -
actionMask
private transient int actionMaskBit mask representing the actions. It is not serialized, and has to be recalculated when the object is deserialized.
-
-
Constructor Details
-
SystemPermission
Creates a new SystemPermission with the specified name.- Parameters:
name
- the name of the SystemPermission- Throws:
NullPointerException
- if name or actions is nullIllegalArgumentException
- if name is empty or not a legal SystemPermission- See Also:
-
-
Method Details
-
validateNameAndActions
Check if name and actions are valid, normalize the actions string, and calculate the actions mask.- Parameters:
name
- the name of the permissionactions
- the actions of the permission- Throws:
NullPointerException
- if actions is nullIllegalArgumentException
- if name is not a legal SystemPermission
-
getActions
Return the permission's actions in a canonical form.- Overrides:
getActions
in classBasicPermission
-
newPermissionCollection
- Overrides:
newPermissionCollection
in classBasicPermission
-
getCanonicalForm
Return a canonical form of the passed in actions. Actions are lower-cased, in the order of LEGAL_ACTIONS and only appear once. -
parseActions
Get a set of all actions specified in a string. Actions are transformed to lower-case, and leading and trailing blanks are stripped off.- Parameters:
actions
- the specified actions string- Returns:
- a set of all the specified actions
-
buildActionsString
Build a comma-separated actions string suitable for returning fromgetActions()
.- Parameters:
actions
- the list of actions- Returns:
- comma-separated string with the actions
-
equals
Does this permission equal another object. True if its and identical class with same name and (canonical) actions.- Overrides:
equals
in classBasicPermission
-
implies
Does this permission imply another. Only true if the other permission is a SystemPermission with the same name and all the actions of the permission are present in this. Note that none of the actions imply any other with this SystemPermission.- Overrides:
implies
in classBasicPermission
-
getActionMask
Get a mask of bits that represents the actions and can be used for the implies method. -
readObject
Called upon deserialization for restoring the state of this SystemPermission from a stream.- Throws:
IOException
ClassNotFoundException
-
toString
- Overrides:
toString
in classPermission
-
doubleQuote
-