Class SystemPermission

java.lang.Object
java.security.Permission
java.security.BasicPermission
org.apache.derby.security.SystemPermission
All Implemented Interfaces:
Serializable, Guard

public final class SystemPermission extends BasicPermission
This class represents access to system-wide Derby privileges.

Permission Description Risk
"jmx" "control" Controls the ability of JMX clients to control Derby and view security sensitive attributes through Derby's MBeans. JMX clients may be able to change the state of the running system
"jmx" "monitor" Controls the ability of JMX clients to monitor Derby through Derby's MBeans, such as viewing number of current connections and configuration settings. Note: security related settings require control action on jmx JMX clients can see information about a runing system including software versions.
See Also:
  • Field Details

    • serialVersionUID

      private static final long serialVersionUID
      See Also:
    • SERVER

      public static final String SERVER
      Permission target name ("server") for actions applicable to the network server.
      See Also:
    • ENGINE

      public static final String ENGINE
      Permission target name ("engine") for actions applicable to the core database engine.
      See Also:
    • JMX

      public static final String JMX
      Permission target name ("jmx") for actions applicable to management of Derby's JMX MBeans.
      See Also:
    • SHUTDOWN

      public static final String SHUTDOWN
      The server and engine shutdown action ("shutdown").
      See Also:
    • CONTROL

      public static final String CONTROL
      Action ("control") to perform control actions through JMX on engine, server or jmx.

      For JMX control permission is required to get attributes that are deemed sensiive from a security aspect, such as the network server's port number, security mechanisms and any information about the file system.

      See Also:
    • MONITOR

      public static final String MONITOR
      Action ("monitor") to perform monitoring actions through JMX on engine and server.
      See Also:
    • USE_DERBY_INTERNALS

      public static final String USE_DERBY_INTERNALS
      Action ("useDerbyInternals") by the engine to lookup Derby contexts.
      See Also:
    • ENGINE_MONITOR

      public static final SystemPermission ENGINE_MONITOR
      Constant representing SystemPermission("engine, "monitor").
    • actions

      private String actions
      Actions for this permission.
    • actionMask

      private transient int actionMask
      Bit mask representing the actions. It is not serialized, and has to be recalculated when the object is deserialized.
  • Constructor Details

  • Method Details

    • validateNameAndActions

      private void validateNameAndActions(String name, String actions)
      Check if name and actions are valid, normalize the actions string, and calculate the actions mask.
      Parameters:
      name - the name of the permission
      actions - the actions of the permission
      Throws:
      NullPointerException - if actions is null
      IllegalArgumentException - if name is not a legal SystemPermission
    • getActions

      public String getActions()
      Return the permission's actions in a canonical form.
      Overrides:
      getActions in class BasicPermission
    • newPermissionCollection

      public PermissionCollection newPermissionCollection()
      Overrides:
      newPermissionCollection in class BasicPermission
    • getCanonicalForm

      private static String getCanonicalForm(String actions)
      Return a canonical form of the passed in actions. Actions are lower-cased, in the order of LEGAL_ACTIONS and only appear once.
    • parseActions

      static Set<String> parseActions(String actions)
      Get a set of all actions specified in a string. Actions are transformed to lower-case, and leading and trailing blanks are stripped off.
      Parameters:
      actions - the specified actions string
      Returns:
      a set of all the specified actions
    • buildActionsString

      static String buildActionsString(Iterable<String> actions)
      Build a comma-separated actions string suitable for returning from getActions().
      Parameters:
      actions - the list of actions
      Returns:
      comma-separated string with the actions
    • equals

      public boolean equals(Object other)
      Does this permission equal another object. True if its and identical class with same name and (canonical) actions.
      Overrides:
      equals in class BasicPermission
    • implies

      public boolean implies(Permission permission)
      Does this permission imply another. Only true if the other permission is a SystemPermission with the same name and all the actions of the permission are present in this. Note that none of the actions imply any other with this SystemPermission.
      Overrides:
      implies in class BasicPermission
    • getActionMask

      private static int getActionMask(String actions)
      Get a mask of bits that represents the actions and can be used for the implies method.
    • readObject

      private void readObject(ObjectInputStream s) throws IOException, ClassNotFoundException
      Called upon deserialization for restoring the state of this SystemPermission from a stream.
      Throws:
      IOException
      ClassNotFoundException
    • toString

      public String toString()
      Overrides:
      toString in class Permission
    • doubleQuote

      private String doubleQuote(String raw)