Class DatabasePermission

java.lang.Object
java.security.Permission
org.apache.derby.security.DatabasePermission
All Implemented Interfaces:
Serializable, Guard

public final class DatabasePermission extends Permission
This class represents access to database-scoped privileges. An example of database-scoped privileges is the permission to create a database under a specified directory path.

A DatabasePermission is defined by two string attributes, similar to a java.io.FilePermission:

  • URL - a location description of or for a Derby database
  • Actions - a list of granted administrative actions
The database location URL may contain certain wildcard characters. The currently only supported database action is create.
See Also:
  • Field Details

    • URL_PROTOCOL_DIRECTORY

      public static final String URL_PROTOCOL_DIRECTORY
      The URL protocol scheme specifying a directory location.
      See Also:
    • URL_PATH_INCLUSIVE_STRING

      public static final String URL_PATH_INCLUSIVE_STRING
      The location text matching any database anywhere.
      See Also:
    • URL_PATH_INCLUSIVE_CHAR

      public static final char URL_PATH_INCLUSIVE_CHAR
      The path type character matching any database anywhere.
      See Also:
    • URL_PATH_SEPARATOR_CHAR

      public static final char URL_PATH_SEPARATOR_CHAR
      The URL file path separator character.
      See Also:
    • URL_PATH_RELATIVE_CHAR

      public static final char URL_PATH_RELATIVE_CHAR
      The relative path character.
      See Also:
    • URL_PATH_WILDCARD_CHAR

      public static final char URL_PATH_WILDCARD_CHAR
      The wildcard character matching any database in a directory.
      See Also:
    • URL_PATH_RECURSIVE_CHAR

      public static final char URL_PATH_RECURSIVE_CHAR
      The wildcard character matching any database under a directory or its subdirectories.
      See Also:
    • URL_PATH_SEPARATOR_STRING

      public static final String URL_PATH_SEPARATOR_STRING
    • URL_PATH_RELATIVE_STRING

      public static final String URL_PATH_RELATIVE_STRING
    • URL_PATH_RELATIVE_PREFIX

      public static final String URL_PATH_RELATIVE_PREFIX
    • URL_PATH_WILDCARD_STRING

      public static final String URL_PATH_WILDCARD_STRING
    • URL_PATH_WILDCARD_SUFFIX

      public static final String URL_PATH_WILDCARD_SUFFIX
    • URL_PATH_RECURSIVE_STRING

      public static final String URL_PATH_RECURSIVE_STRING
    • URL_PATH_RECURSIVE_SUFFIX

      public static final String URL_PATH_RECURSIVE_SUFFIX
    • CREATE

      public static final String CREATE
      The create database permission.
      See Also:
    • actions

      private String actions
      The actions of this permission, as returned by getActions().
    • path

      private transient String path
      This permission's canonical directory path. The path consists of a canonicalized form of the user-specified URL, stripped off the protocol specification and any recursive/wildcard characters, or "<<ALL FILES>>" for the "anywhere" permission. The canonical path is used when testing permissions with implies(), where real directory locations, not just notational differences, ought to be compared. Analog to java.io.FilePermission, the canonical path is also used by equals() and hashCode() to support hashing and mapping of permissions by their real directory locations. Because canonical file paths are platform dependent, this field must not be serialized (hence transient) but be recomputed from the original URL upon deserialization.
    • parentPath

      private transient String parentPath
      The parent directory of this permission's canonical directory path, or null if this permission's path does not have a parent directory. Because canonical file paths are platform dependent, this field must not be serialized (hence transient) but be recomputed from the original URL upon deserialization.
    • pathType

      private transient char pathType
      Indicates whether the path denotes an inclusive, recursive, wildcard, or single location. If the path denotes an inclusive, recursive or wildcard location, this field's value is URL_PATH_INCLUSIVE_CHAR, URL_PATH_RECURSIVE_CHAR, or URL_PATH_WILDCARD_CHAR, respectively; otherwise, it's URL_PATH_SEPARATOR_CHAR denoting a single location. This field gets recomputed upon deserialization.
  • Constructor Details

    • DatabasePermission

      public DatabasePermission(String url, String actions) throws IOException
      Creates a new DatabasePermission with the specified URL and actions.

      actions contains a comma-separated list of the desired actions granted on a database. Currently, the only supported action is create.

      URL denotes a database location URL, which, at this time, must start with directory: followed by a directory pathname. Note that in a URL, the separator character is always "/" rather than the file separator of the operating-system. The directory path may be absolute or relative, in which case it is prefixed with the current user directory. In addition, similar to java.io.FilePermission, the directory pathname may end with a wildcard character to allow for arbitrarily named databases under a path:

      • "directory:location" - refers to a database called location,
      • "directory:location/*" - matches any database in the directory location,
      • "directory:location/-" - matches any database under location or its subdirectories.
      • "directory:*" - matches any database in the user's current working directory.
      • "directory:-" - matches any database under the user's current working directory or its subdirectories.
      • "directory:<<ALL FILES>>" matches any database anywhere.
      Parameters:
      url - the database URL
      actions - the action string
      Throws:
      NullPointerException - if an argument is null
      IllegalArgumentException - if an argument is not legal
      IOException - if the location URL cannot be canonicalized
      See Also:
  • Method Details

    • initActions

      protected void initActions(String actions)
      Parses the list of database actions.
      Parameters:
      actions - the comma-separated action list
      Throws:
      NullPointerException - if actions is null
      IllegalArgumentException - if not a list of legal actions
    • initLocation

      protected void initLocation(String url) throws IOException
      Parses the database location URL.
      Parameters:
      url - the database URL
      Throws:
      NullPointerException - if the URL is null
      IllegalArgumentException - if the URL is not well-formed
      IOException - if the location URL cannot be canonicalized
    • implies

      public boolean implies(Permission p)
      Checks if this DatabasePermission implies a specified permission.

      This method returns true if:

      • p is an instanceof DatabasePermission and

      • p's directory pathname is implied by this object's pathname. For example, "/tmp/*" implies "/tmp/foo", since "/tmp/*" encompasses the "/tmp" directory and all files in that directory, including the one named "foo".
      Specified by:
      implies in class Permission
      Parameters:
      p - the permission to check against
      Returns:
      true if the specified permission is implied by this object, false if not
      See Also:
    • equals

      public boolean equals(Object obj)
      Checks two DatabasePermission objects for equality.

      Checks that obj is a DatabasePermission and has the same canonizalized URL and actions as this object.

      Specified by:
      equals in class Permission
      Parameters:
      obj - the object we are testing for equality with this object
      Returns:
      true if obj is a DatabasePermission, and has the same URL and actions as this DatabasePermission object, false if not
      See Also:
    • hashCode

      public int hashCode()
      Returns the hash code value for this object.
      Specified by:
      hashCode in class Permission
      Returns:
      a hash code value for this object
      See Also:
    • getActions

      public String getActions()
      Returns the "canonical string representation" of the actions.
      Specified by:
      getActions in class Permission
      Returns:
      the canonical string representation of the actions
      See Also:
    • writeObject

      private void writeObject(ObjectOutputStream s) throws IOException
      Called upon Serialization for saving the state of this DatabasePermission to a stream.
      Throws:
      IOException
    • readObject

      private void readObject(ObjectInputStream s) throws IOException, ClassNotFoundException
      Called upon Deserialization for restoring the state of this DatabasePermission from a stream.
      Throws:
      IOException
      ClassNotFoundException