Class SubsystemPermission

  • All Implemented Interfaces:
    java.io.Serializable, java.security.Guard

    public final class SubsystemPermission
    extends java.security.BasicPermission
    A bundle's authority to perform specific privileged administrative operations on or to get sensitive information about a subsystem. The actions for this permission are:
     Action    Methods
     context   Subsystem.getBundleContext
     execute   Subsystem.start
               Subsystem.stop
     lifecycle Subsystem.install
               Subsystem.uninstall
     metadata  Subsystem.getSubsystemHeaders
               Subsystem.getLocation
     

    The name of this permission is a filter expression. The filter gives access to the following attributes:

    • location - The location of a subsystem.
    • id - The subsystem ID of the designated subsystem.
    • name - The symbolic name of a subsystem.
    Filter attribute names are processed in a case sensitive manner.
    See Also:
    Serialized Form
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static int ACTION_ALL  
      private static int ACTION_CONTEXT  
      private static int ACTION_EXECUTE  
      private static int ACTION_LIFECYCLE  
      (package private) int action_mask
      The actions mask.
      private static int ACTION_METADATA  
      (package private) static int ACTION_NONE  
      private java.lang.String actions
      The actions in canonical form.
      static java.lang.String CONTEXT
      The action string context.
      static java.lang.String EXECUTE
      The action string execute.
      (package private) org.osgi.framework.Filter filter
      If this SubsystemPermission was constructed with a filter, this holds a Filter matching object used to evaluate the filter in implies.
      static java.lang.String LIFECYCLE
      The action string lifecycle.
      static java.lang.String METADATA
      The action string metadata.
      private java.util.Map<java.lang.String,​java.lang.Object> properties
      This map holds the properties of the permission, used to match a filter in implies.
      private static java.lang.ThreadLocal<Subsystem> recurse
      ThreadLocal used to determine if we have recursively called getProperties.
      (package private) static long serialVersionUID  
      (package private) Subsystem subsystem
      The subsystem governed by this SubsystemPermission - only used if filter == null
    • Constructor Summary

      Constructors 
      Constructor Description
      SubsystemPermission​(java.lang.String filter, java.lang.String actions)
      Create a new SubsystemPermission.
      SubsystemPermission​(org.osgi.framework.Filter filter, int mask)
      Package private constructor used by SubsystemPermissionCollection.
      SubsystemPermission​(Subsystem subsystem, java.lang.String actions)
      Creates a new requested SubsystemPermission object to be used by the code that must perform checkPermission.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private static java.lang.String createName​(Subsystem subsystem)
      Create a permission name from a Subsystem
      boolean equals​(java.lang.Object obj)
      Determines the equality of two SubsystemPermission objects.
      java.lang.String getActions()
      Returns the canonical string representation of the SubsystemPermission actions.
      private java.util.Map<java.lang.String,​java.lang.Object> getProperties()
      Called by implies0 on an SubsystemPermission which was constructed with a Subsystem.
      int hashCode()
      Returns the hash code value for this object.
      boolean implies​(java.security.Permission p)
      Determines if the specified permission is implied by this object.
      (package private) boolean implies0​(SubsystemPermission requested, int effective)
      Internal implies method.
      java.security.PermissionCollection newPermissionCollection()
      Returns a new PermissionCollection object suitable for storing SubsystemPermissions.
      private static int parseActions​(java.lang.String actions)
      Parse action string into action mask.
      private static org.osgi.framework.Filter parseFilter​(java.lang.String filterString)
      Parse filter string into a Filter object.
      private void readObject​(java.io.ObjectInputStream s)
      readObject is called to restore the state of this permission from a stream.
      private void setTransients​(org.osgi.framework.Filter filter, int mask)
      Called by constructors and when deserialized.
      private void writeObject​(java.io.ObjectOutputStream s)
      WriteObject is called to save the state of this permission object to a stream.
      • Methods inherited from class java.security.Permission

        checkGuard, getName, toString
      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, wait, wait, wait
    • Field Detail

      • EXECUTE

        public static final java.lang.String EXECUTE
        The action string execute.
        See Also:
        Constant Field Values
      • LIFECYCLE

        public static final java.lang.String LIFECYCLE
        The action string lifecycle.
        See Also:
        Constant Field Values
      • METADATA

        public static final java.lang.String METADATA
        The action string metadata.
        See Also:
        Constant Field Values
      • CONTEXT

        public static final java.lang.String CONTEXT
        The action string context.
        See Also:
        Constant Field Values
      • actions

        private volatile java.lang.String actions
        The actions in canonical form.
      • action_mask

        transient int action_mask
        The actions mask.
      • filter

        transient org.osgi.framework.Filter filter
        If this SubsystemPermission was constructed with a filter, this holds a Filter matching object used to evaluate the filter in implies.
      • subsystem

        final transient Subsystem subsystem
        The subsystem governed by this SubsystemPermission - only used if filter == null
      • properties

        private transient volatile java.util.Map<java.lang.String,​java.lang.Object> properties
        This map holds the properties of the permission, used to match a filter in implies. This is not initialized until necessary, and then cached in this object.
      • recurse

        private static final java.lang.ThreadLocal<Subsystem> recurse
        ThreadLocal used to determine if we have recursively called getProperties.
    • Constructor Detail

      • SubsystemPermission

        public SubsystemPermission​(java.lang.String filter,
                                   java.lang.String actions)
        Create a new SubsystemPermission. This constructor must only be used to create a permission that is going to be checked.

        Examples:

         (name=com.acme.*)(location=http://www.acme.com/subsystems/*))
         (id>=1)
         
        Parameters:
        filter - A filter expression that can use, location, id, and name keys. Filter attribute names are processed in a case sensitive manner. A special value of "*" can be used to match all subsystems.
        actions - execute, lifecycle, metadata, or context.
        Throws:
        java.lang.IllegalArgumentException - If the filter has an invalid syntax.
      • SubsystemPermission

        public SubsystemPermission​(Subsystem subsystem,
                                   java.lang.String actions)
        Creates a new requested SubsystemPermission object to be used by the code that must perform checkPermission. SubsystemPermission objects created with this constructor cannot be added to an SubsystemPermission permission collection.
        Parameters:
        subsystem - A subsystem.
        actions - execute, lifecycle, metadata, or context.
      • SubsystemPermission

        SubsystemPermission​(org.osgi.framework.Filter filter,
                            int mask)
        Package private constructor used by SubsystemPermissionCollection.
        Parameters:
        filter - name filter or null for wildcard.
        mask - action mask
    • Method Detail

      • createName

        private static java.lang.String createName​(Subsystem subsystem)
        Create a permission name from a Subsystem
        Parameters:
        subsystem - Subsystem to use to create permission name.
        Returns:
        permission name.
      • setTransients

        private void setTransients​(org.osgi.framework.Filter filter,
                                   int mask)
        Called by constructors and when deserialized.
        Parameters:
        filter - Permission's filter or null for wildcard.
        mask - action mask
      • parseActions

        private static int parseActions​(java.lang.String actions)
        Parse action string into action mask.
        Parameters:
        actions - Action string.
        Returns:
        action mask.
      • parseFilter

        private static org.osgi.framework.Filter parseFilter​(java.lang.String filterString)
        Parse filter string into a Filter object.
        Parameters:
        filterString - The filter string to parse.
        Returns:
        a Filter for this subsystem. If the specified filterString equals "*", then null is returned to indicate a wildcard.
        Throws:
        java.lang.IllegalArgumentException - If the filter syntax is invalid.
      • implies

        public boolean implies​(java.security.Permission p)
        Determines if the specified permission is implied by this object. This method throws an exception if the specified permission was not constructed with a subsystem.

        This method returns true if the specified permission is a SubsystemPermission AND

        • this object's filter matches the specified permission's subsystem ID, subsystem symbolic name, and subsystem location OR
        • this object's filter is "*"
        AND this object's actions include all of the specified permission's actions.

        Special case: if the specified permission was constructed with "*" filter, then this method returns true if this object's filter is "*" and this object's actions include all of the specified permission's actions

        Overrides:
        implies in class java.security.BasicPermission
        Parameters:
        p - The requested permission.
        Returns:
        true if the specified permission is implied by this object; false otherwise.
      • implies0

        boolean implies0​(SubsystemPermission requested,
                         int effective)
        Internal implies method. Used by the implies and the permission collection implies methods.
        Parameters:
        requested - The requested SubsystemPermision which has already been validated as a proper argument. The requested SubsystemPermission must not have a filter expression.
        effective - The effective actions with which to start.
        Returns:
        true if the specified permission is implied by this object; false otherwise.
      • getActions

        public java.lang.String getActions()
        Returns the canonical string representation of the SubsystemPermission actions.

        Always returns present SubsystemPermission actions in the following order: execute, lifecycle, metadata, context.

        Overrides:
        getActions in class java.security.BasicPermission
        Returns:
        Canonical string representation of the SubsystemPermission actions.
      • newPermissionCollection

        public java.security.PermissionCollection newPermissionCollection()
        Returns a new PermissionCollection object suitable for storing SubsystemPermissions.
        Overrides:
        newPermissionCollection in class java.security.BasicPermission
        Returns:
        A new PermissionCollection object.
      • equals

        public boolean equals​(java.lang.Object obj)
        Determines the equality of two SubsystemPermission objects.
        Overrides:
        equals in class java.security.BasicPermission
        Parameters:
        obj - The object being compared for equality with this object.
        Returns:
        true if obj is equivalent to this SubsystemPermission; false otherwise.
      • hashCode

        public int hashCode()
        Returns the hash code value for this object.
        Overrides:
        hashCode in class java.security.BasicPermission
        Returns:
        Hash code value for this object.
      • writeObject

        private void writeObject​(java.io.ObjectOutputStream s)
                          throws java.io.IOException
        WriteObject is called to save the state of this permission object to a stream. The actions are serialized, and the superclass takes care of the name.
        Throws:
        java.io.IOException
      • readObject

        private void readObject​(java.io.ObjectInputStream s)
                         throws java.io.IOException,
                                java.lang.ClassNotFoundException
        readObject is called to restore the state of this permission from a stream.
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException
      • getProperties

        private java.util.Map<java.lang.String,​java.lang.Object> getProperties()
        Called by implies0 on an SubsystemPermission which was constructed with a Subsystem. This method loads a map with the filter-matchable properties of this subsystem. The map is cached so this lookup only happens once. This method should only be called on an SubsystemPermission which was constructed with a subsystem
        Returns:
        a map of properties for this subsystem