001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package javax.management;
023:
024: import java.io.IOException;
025: import java.io.ObjectInputStream;
026: import java.security.BasicPermission;
027: import java.security.Permission;
028: import java.security.PermissionCollection;
029: import java.util.Enumeration;
030: import java.util.HashSet;
031: import java.util.Iterator;
032:
033: /**
034: * Controls access to actions performed on MBeanServers. The name specifies
035: * the permission applies to an operation. The special value * applies to
036: * all operations.
037: *
038: * <ul>
039: * <li><b>createMBeanServer<b> controls access to
040: * {@link MBeanServerFactory#createMBeanServer()} or
041: * {@link MBeanServerFactory#createMBeanServer(java.lang.String)} </li>
042: * <li><b>findMBeanServer<b> controls access to
043: * {@link MBeanServerFactory#findMBeanServer(java.lang.String)} </li>
044: * <li><b>newMBeanServer<b> controls access to
045: * {@link MBeanServerFactory#newMBeanServer()} or
046: * {@link MBeanServerFactory#newMBeanServer(java.lang.String)} </li>
047: * <li><b>releaseMBeanServer<b> controls access to
048: * {@link MBeanServerFactory#releaseMBeanServer(javax.management.MBeanServer)} </li>
049: *
050: * @author <a href="mailto:Adrian.Brock@HappeningTimes.com">Adrian Brock</a>.
051: * @author Scott.Stark@jboss.org
052: * @version $Revision: 57200 $
053: */
054: public class MBeanServerPermission extends BasicPermission {
055: private static final long serialVersionUID = -5661980843569388590L;
056:
057: private transient boolean allNames;
058:
059: /**
060: * Construct a new MBeanServer permission for a given name
061: *
062: * @param name the name of the permission to grant
063: * @exception NullPointerException if the name is null
064: * @exception IllegalArgumentException if the name is not * or one of
065: * listed names
066: */
067: public MBeanServerPermission(String name) {
068: this (name, null);
069: }
070:
071: /**
072: * Construct a new MBeanServer permission for a given name
073: *
074: * @param name the name of the permission to grant
075: * @param actions unused
076: * @exception NullPointerException if the name is null
077: * @exception IllegalArgumentException if the name is not * or one of the
078: * allowed names or a comma-separated list of the allowed names, or if
079: * actions is a non-null non-empty string.
080: */
081: public MBeanServerPermission(String name, String actions) {
082: super (name, actions);
083: init(name, actions);
084: }
085:
086: // Public ------------------------------------------------------
087:
088: /**
089: * @return human readable string.
090: */
091: public String toString() {
092: StringBuffer buffer = new StringBuffer(100);
093: buffer.append(getClass().getName()).append(":");
094: buffer.append(" name=").append(getName());
095: buffer.append(" actions=").append(getActions());
096: return buffer.toString();
097: }
098:
099: /** Checks if this MBeanServerPermission object "implies" the specified
100: * permission. More specifically, this method returns true if:
101: * p is an instance of MBeanServerPermission,
102: * p's target names are a subset of this object's target names
103: *
104: * The createMBeanServer permission implies the newMBeanServer permission.
105: * @param p
106: * @return
107: */
108: public boolean implies(Permission p) {
109: if ((p instanceof MBeanServerPermission) == false)
110: return false;
111:
112: boolean implies = allNames == true;
113: if (implies == false) {
114: String n0 = getName();
115: String n1 = p.getName();
116: implies = n0.equals(n1);
117: if (implies == false) {
118: // Check for a createMBeanServer != newMBeanServer
119: implies = (n0.equals("createMBeanServer") && n1
120: .equals("newMBeanServer"));
121: }
122: }
123: return implies;
124: }
125:
126: /**
127: * Construct a new MBeanServer permission for a given name
128: *
129: * @param name the name of the permission to grant
130: * @param actions unused
131: * @exception NullPointerException if the name is null
132: * @exception IllegalArgumentException if the name is not * or one of the
133: * allowed names or a comma-separated list of the allowed names, or if
134: * actions is a non-null non-empty string.
135: */
136: private void init(String name, String actions) {
137: if (name == null)
138: throw new NullPointerException("name cannot be null");
139:
140: if (actions != null && actions.length() > 0)
141: throw new IllegalArgumentException(
142: "actions must be null or empty");
143:
144: if (name.equals("*") == false
145: && name.equals("createMBeanServer") == false
146: && name.equals("findMBeanServer") == false
147: && name.equals("newMBeanServer") == false
148: && name.equals("releaseMBeanServer") == false)
149: throw new IllegalArgumentException("Unknown name: " + name);
150: allNames = name.equals("*");
151: }
152:
153: private void readObject(ObjectInputStream ois) throws IOException,
154: ClassNotFoundException {
155: ois.defaultReadObject();
156: init(getName(), getActions());
157: }
158:
159: /** Must override to handle the createMBeanServer <-> newMBeanServer
160: * relationship.
161: *
162: * @return
163: */
164: public PermissionCollection newPermissionCollection() {
165: return new MBeanServerPermissionCollections();
166: }
167:
168: class MBeanServerPermissionCollections extends PermissionCollection {
169: private static final long serialVersionUID = -4111836792595161197L;
170: private HashSet permissions = new HashSet();
171: private boolean hasAll;
172:
173: public void add(Permission p) {
174: if (this .isReadOnly())
175: throw new SecurityException("Collection is read-only");
176: if (p instanceof MBeanServerPermission)
177: permissions.add(p);
178: if (p.getName().equals("createMBeanServer"))
179: permissions.add(new MBeanServerPermission(
180: "newMBeanServer"));
181: else if (p.getName().equals("*"))
182: hasAll = true;
183: }
184:
185: public boolean implies(Permission p) {
186: boolean implies = false;
187: if (p instanceof MBeanServerPermission) {
188: implies = hasAll;
189: if (implies == false) {
190: implies = permissions.contains(p);
191: }
192: }
193: return implies;
194: }
195:
196: public Enumeration elements() {
197: final Iterator iter = permissions.iterator();
198: Enumeration enumerator = new Enumeration() {
199: public boolean hasMoreElements() {
200: return iter.hasNext();
201: }
202:
203: public Object nextElement() {
204: return iter.next();
205: }
206: };
207: return enumerator;
208: }
209: }
210: }
|