Package org.apache.derby.security

Class SystemPermission

  • All Implemented Interfaces:
    java.io.Serializable, java.security.Guard
    public final class SystemPermission
extends java.security.BasicPermission
    This class represents access to system-wide Derby privileges.

    Permission Description Risk
    "jmx" "control" Controls the ability of JMX clients to control Derby and view security sensitive attributes through Derby's MBeans. JMX clients may be able to change the state of the running system
    "jmx" "monitor" Controls the ability of JMX clients to monitor Derby through Derby's MBeans, such as viewing number of current connections and configuration settings. Note: security related settings require control action on jmx JMX clients can see information about a runing system including software versions.
    See Also:
    Serialized Form

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private int actionMask
      Bit mask representing the actions.
      private java.lang.String actions
      Actions for this permission.
      static java.lang.String CONTROL
      Action ("control") to perform control actions through JMX on engine, server or jmx.
      static java.lang.String ENGINE
      Permission target name ("engine") for actions applicable to the core database engine.
      static SystemPermission ENGINE_MONITOR
      Constant representing SystemPermission("engine, "monitor").
      static java.lang.String JMX
      Permission target name ("jmx") for actions applicable to management of Derby's JMX MBeans.
      private static java.util.List<java.lang.String> LEGAL_ACTIONS
      Set of legal actions in their canonical form.
      private static java.util.Set<java.lang.String> LEGAL_NAMES
      The legal system permission names.
      static java.lang.String MONITOR
      Action ("monitor") to perform monitoring actions through JMX on engine and server.
      private static long serialVersionUID  
      static java.lang.String SERVER
      Permission target name ("server") for actions applicable to the network server.
      static java.lang.String SHUTDOWN
      The server and engine shutdown action ("shutdown").
      static java.lang.String USE_DERBY_INTERNALS
      Action ("useDerbyInternals") by the engine to lookup Derby contexts.

    • Constructor Summary

      Constructors 
      Constructor Description
      SystemPermission​(java.lang.String name, java.lang.String actions)
      Creates a new SystemPermission with the specified name.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      (package private) static java.lang.String buildActionsString​(java.lang.Iterable<java.lang.String> actions)
      Build a comma-separated actions string suitable for returning from getActions().
      private java.lang.String doubleQuote​(java.lang.String raw)  
      boolean equals​(java.lang.Object other)
      Does this permission equal another object.
      private static int getActionMask​(java.lang.String actions)
      Get a mask of bits that represents the actions and can be used for the implies method.
      java.lang.String getActions()
      Return the permission's actions in a canonical form.
      private static java.lang.String getCanonicalForm​(java.lang.String actions)
      Return a canonical form of the passed in actions.
      boolean implies​(java.security.Permission permission)
      Does this permission imply another.
      java.security.PermissionCollection newPermissionCollection()  
      (package private) static java.util.Set<java.lang.String> parseActions​(java.lang.String actions)
      Get a set of all actions specified in a string.
      private void readObject​(java.io.ObjectInputStream s)
      Called upon deserialization for restoring the state of this SystemPermission from a stream.
      java.lang.String toString()  
      private void validateNameAndActions​(java.lang.String name, java.lang.String actions)
      Check if name and actions are valid, normalize the actions string, and calculate the actions mask.

      • Methods inherited from class java.security.BasicPermission

        hashCode

      • Methods inherited from class java.security.Permission

        checkGuard, getName

      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, wait, wait, wait

    • Field Detail

      • SERVER

        public static final java.lang.String SERVER
        Permission target name ("server") for actions applicable to the network server.
        See Also:
        Constant Field Values

      • ENGINE

        public static final java.lang.String ENGINE
        Permission target name ("engine") for actions applicable to the core database engine.
        See Also:
        Constant Field Values

      • JMX

        public static final java.lang.String JMX
        Permission target name ("jmx") for actions applicable to management of Derby's JMX MBeans.
        See Also:
        Constant Field Values

      • SHUTDOWN

        public static final java.lang.String SHUTDOWN
        The server and engine shutdown action ("shutdown").
        See Also:
        Constant Field Values

      • CONTROL

        public static final java.lang.String CONTROL
        Action ("control") to perform control actions through JMX on engine, server or jmx.

        For JMX control permission is required to get attributes that are deemed sensiive from a security aspect, such as the network server's port number, security mechanisms and any information about the file system.

        See Also:
        Constant Field Values

      • MONITOR

        public static final java.lang.String MONITOR
        Action ("monitor") to perform monitoring actions through JMX on engine and server.
        See Also:
        Constant Field Values

      • USE_DERBY_INTERNALS

        public static final java.lang.String USE_DERBY_INTERNALS
        Action ("useDerbyInternals") by the engine to lookup Derby contexts.
        See Also:
        Constant Field Values

      • LEGAL_NAMES

        private static final java.util.Set<java.lang.String> LEGAL_NAMES
        The legal system permission names.

      • LEGAL_ACTIONS

        private static final java.util.List<java.lang.String> LEGAL_ACTIONS
        Set of legal actions in their canonical form.

      • ENGINE_MONITOR

        public static final SystemPermission ENGINE_MONITOR
        Constant representing SystemPermission("engine, "monitor").

      • actions

        private java.lang.String actions
        Actions for this permission.

      • actionMask

        private transient int actionMask
        Bit mask representing the actions. It is not serialized, and has to be recalculated when the object is deserialized.

    • Constructor Detail

      • SystemPermission

        public SystemPermission​(java.lang.String name,
                        java.lang.String actions)
        Creates a new SystemPermission with the specified name.
        Parameters:
        name - the name of the SystemPermission
        Throws:
        java.lang.NullPointerException - if name or actions is null
        java.lang.IllegalArgumentException - if name is empty or not a legal SystemPermission
        See Also:
        BasicPermission(String)

    • Method Detail

      • validateNameAndActions

        private void validateNameAndActions​(java.lang.String name,
                                    java.lang.String actions)
        Check if name and actions are valid, normalize the actions string, and calculate the actions mask.
        Parameters:
        name - the name of the permission
        actions - the actions of the permission
        Throws:
        java.lang.NullPointerException - if actions is null
        java.lang.IllegalArgumentException - if name is not a legal SystemPermission

      • getActions

        public java.lang.String getActions()
        Return the permission's actions in a canonical form.
        Overrides:
        getActions in class java.security.BasicPermission

      • newPermissionCollection

        public java.security.PermissionCollection newPermissionCollection()
        Overrides:
        newPermissionCollection in class java.security.BasicPermission

      • getCanonicalForm

        private static java.lang.String getCanonicalForm​(java.lang.String actions)
        Return a canonical form of the passed in actions. Actions are lower-cased, in the order of LEGAL_ACTIONS and only appear once.

      • parseActions

        static java.util.Set<java.lang.String> parseActions​(java.lang.String actions)
        Get a set of all actions specified in a string. Actions are transformed to lower-case, and leading and trailing blanks are stripped off.
        Parameters:
        actions - the specified actions string
        Returns:
        a set of all the specified actions

      • buildActionsString

        static java.lang.String buildActionsString​(java.lang.Iterable<java.lang.String> actions)
        Build a comma-separated actions string suitable for returning from getActions().
        Parameters:
        actions - the list of actions
        Returns:
        comma-separated string with the actions

      • equals

        public boolean equals​(java.lang.Object other)
        Does this permission equal another object. True if its and identical class with same name and (canonical) actions.
        Overrides:
        equals in class java.security.BasicPermission

      • implies

        public boolean implies​(java.security.Permission permission)
        Does this permission imply another. Only true if the other permission is a SystemPermission with the same name and all the actions of the permission are present in this. Note that none of the actions imply any other with this SystemPermission.
        Overrides:
        implies in class java.security.BasicPermission

      • getActionMask

        private static int getActionMask​(java.lang.String actions)
        Get a mask of bits that represents the actions and can be used for the implies method.

      • readObject

        private void readObject​(java.io.ObjectInputStream s)
                 throws java.io.IOException,
                        java.lang.ClassNotFoundException
        Called upon deserialization for restoring the state of this SystemPermission from a stream.
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.security.Permission

      • doubleQuote

        private java.lang.String doubleQuote​(java.lang.String raw)