Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep
Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> org >> osgi >> service >> [ useradmin overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of org.osgi.service.useradmin.UserAdminPermission JAVADOC | Sourc code of org.osgi.service.useradmin.UserAdminPermission SOURCE | Download org.osgi.service.useradmin.UserAdminPermission DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.osgi.service.useradmin
Class UserAdminPermission  view UserAdminPermission download UserAdminPermission.java

java.lang.Object
  extended byjava.security.Permission
      extended byjava.security.BasicPermission
          extended byorg.osgi.service.useradmin.UserAdminPermission
All Implemented Interfaces:
java.security.Guard, java.io.Serializable
public final class UserAdminPermission
extends java.security.BasicPermission

Permission to configure and access the Role objects managed by a User Admin service.

This class represents access to the Role objects managed by a User Admin service and their properties and credentials (in the case of User objects).

The permission name is the name (or name prefix) of a property or credential. The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "org.osgi.security.protocol.*" or "*" is valid, but "*protocol" or "a*b" are not valid.

The UserAdminPermission with the reserved name "admin" represents the permission required for creating and removing Role objects in the User Admin service, as well as adding and removing members in a Group object. This UserAdminPermission does not have any actions associated with it.

The actions to be granted are passed to the constructor in a string containing a list of one or more comma-separated keywords. The possible keywords are: changeProperty, changeCredential, and getCredential. Their meaning is defined as follows: 

 action
 changeProperty    Permission to change (i.e., add and remove) 
                   Role object properties whose names start with
                   the name argument specified in the constructor.
 changeCredential  Permission to change (i.e., add and remove) 
                   User object credentials whose names start 
                   with the name argument specified in the constructor.
 getCredential     Permission to retrieve and check for the 
                   existence of User object credentials whose names 
                   start with the name argument specified in the 
                   constructor.
The action string is converted to lowercase before processing.

Following is a PermissionInfo style policy entry which grants a user administration bundle a number of UserAdminPermission object: 

 (org.osgi.service.useradmin.UserAdminPermission "admin")
 (org.osgi.service.useradmin.UserAdminPermission "com.foo.*" "changeProperty,getCredential,changeCredential")
 (org.osgi.service.useradmin.UserAdminPermission "user.*", "changeProperty,changeCredential")
The first permission statement grants the bundle the permission to perform any User Admin service operations of type "admin", that is, create and remove roles and configure Group objects.

The second permission statement grants the bundle the permission to change any properties as well as get and change any credentials whose names start with com.foo..

The third permission statement grants the bundle the permission to change any properties and credentials whose names start with user.. This means that the bundle is allowed to change, but not retrieve any credentials with the given prefix.

The following policy entry empowers the Http Service bundle to perform user authentication: 

 grant codeBase "${jars}http.jar" {
   permission org.osgi.service.useradmin.UserAdminPermission
     "user.password", "getCredential";
 };

The permission statement grants the Http Service bundle the permission to validate any password credentials (for authentication purposes), but the bundle is not allowed to change any properties or credentials.

Version:
$Revision: 1.9 $

Nested Class Summary
 
Nested classes inherited from class java.security.BasicPermission
 
Field Summary
private static int ACTION_ALL
          All actions
private static int ACTION_CHANGE_CREDENTIAL
           
private static int ACTION_CHANGE_PROPERTY
           
private static int ACTION_GET_CREDENTIAL
           
private  int action_mask
          The actions mask.
(package private) static int ACTION_NONE
          No actions.
private  java.lang.String actions
          The actions in canonical form.
static java.lang.String ADMIN
          The permission name "admin".
static java.lang.String CHANGE_CREDENTIAL
          The action string "changeCredential".
static java.lang.String CHANGE_PROPERTY
          The action string "changeProperty".
private  java.lang.String description
           
static java.lang.String GET_CREDENTIAL
          The action string "getCredential".
 
Fields inherited from class java.security.BasicPermission
 
Fields inherited from class java.security.Permission
 
Constructor Summary
(package private) UserAdminPermission(java.lang.String name, int mask)
          Package private constructor used by UserAdminPermissionCollection.
  UserAdminPermission(java.lang.String name, java.lang.String actions)
          Creates a new UserAdminPermission with the specified name and actions.
 
Method Summary
 boolean equals(java.lang.Object obj)
          Checks two UserAdminPermission objects for equality.
 java.lang.String getActions()
          Returns the canonical string representation of the actions, separated by comma.
(package private)  int getMask()
          Returns the current action mask.
private static int getMask(java.lang.String actions)
          Parses the action string into the action mask.
 int hashCode()
          Returns the hash code of this UserAdminPermission object.
 boolean implies(java.security.Permission p)
          Checks if this UserAdminPermission object "implies" the specified permission.
private  void init(int mask)
          Called by constructors and when deserialized.
private static boolean match_change(char[] a, int i)
           
private static boolean match_credential(char[] a, int i)
           
private static boolean match_get(char[] a, int i)
           
private static boolean match_property(char[] a, int i)
           
 java.security.PermissionCollection newPermissionCollection()
          Returns a new PermissionCollection object for storing UserAdminPermission objects.
private  void readObject(java.io.ObjectInputStream ois)
           
 java.lang.String toString()
          Returns a string describing this UserAdminPermission object.
private  void writeObject(java.io.ObjectOutputStream s)
          writeObject is called to save the state of this object to a stream.
 
Methods inherited from class java.security.Permission
checkGuard, getName
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

ADMIN

public static final java.lang.String ADMIN
The permission name "admin".

See Also:
Constant Field Values

CHANGE_PROPERTY

public static final java.lang.String CHANGE_PROPERTY
The action string "changeProperty".

See Also:
Constant Field Values

ACTION_CHANGE_PROPERTY

private static final int ACTION_CHANGE_PROPERTY
See Also:
Constant Field Values

CHANGE_CREDENTIAL

public static final java.lang.String CHANGE_CREDENTIAL
The action string "changeCredential".

See Also:
Constant Field Values

ACTION_CHANGE_CREDENTIAL

private static final int ACTION_CHANGE_CREDENTIAL
See Also:
Constant Field Values

GET_CREDENTIAL

public static final java.lang.String GET_CREDENTIAL
The action string "getCredential".

See Also:
Constant Field Values

ACTION_GET_CREDENTIAL

private static final int ACTION_GET_CREDENTIAL
See Also:
Constant Field Values

ACTION_ALL

private static final int ACTION_ALL
All actions

See Also:
Constant Field Values

ACTION_NONE

static final int ACTION_NONE
No actions.

See Also:
Constant Field Values

actions

private java.lang.String actions
The actions in canonical form.

action_mask

private transient int action_mask
The actions mask.

description

private transient java.lang.String description
Constructor Detail

UserAdminPermission

public UserAdminPermission(java.lang.String name,
                           java.lang.String actions)
Creates a new UserAdminPermission with the specified name and actions. name is either the reserved string "admin" or the name of a credential or property, and actions contains a comma-separated list of the actions granted on the specified name. Valid actions are changeProperty, changeCredential, and getCredential.

UserAdminPermission

UserAdminPermission(java.lang.String name,
                    int mask)
Package private constructor used by UserAdminPermissionCollection.

Method Detail

init

private void init(int mask)
Called by constructors and when deserialized.

getMask

private static int getMask(java.lang.String actions)
Parses the action string into the action mask.

match_change

private static boolean match_change(char[] a,
                                    int i)

match_get

private static boolean match_get(char[] a,
                                 int i)

match_property

private static boolean match_property(char[] a,
                                      int i)

match_credential

private static boolean match_credential(char[] a,
                                        int i)

implies

public boolean implies(java.security.Permission p)
Checks if this UserAdminPermission object "implies" the specified permission.

More specifically, this method returns true if:

  • p is an instanceof UserAdminPermission,
  • p's actions are a proper subset of this object's actions, and
  • p's name is implied by this object's name. For example, "java.*" implies "java.home".

getActions

public java.lang.String getActions()
Returns the canonical string representation of the actions, separated by comma.

newPermissionCollection

public java.security.PermissionCollection newPermissionCollection()
Returns a new PermissionCollection object for storing UserAdminPermission objects.

equals

public boolean equals(java.lang.Object obj)
Checks two UserAdminPermission objects for equality. Checks that obj is a UserAdminPermission, and has the same name and actions as this object.

hashCode

public int hashCode()
Returns the hash code of this UserAdminPermission object.

getMask

int getMask()
Returns the current action mask. Used by the UserAdminPermissionCollection class.

writeObject

private void writeObject(java.io.ObjectOutputStream s)
                  throws java.io.IOException
writeObject is called to save the state of this object to a stream. The actions are serialized, and the superclass takes care of the name.

readObject

private void readObject(java.io.ObjectInputStream ois)
                 throws java.io.IOException,
                        java.lang.ClassNotFoundException

toString

public java.lang.String toString()
Returns a string describing this UserAdminPermission object. This string must be in PermissionInfo encoded format.

Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> org >> osgi >> service >> [ useradmin overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of org.osgi.service.useradmin.UserAdminPermission JAVADOC | Sourc code of org.osgi.service.useradmin.UserAdminPermission SOURCE | Download org.osgi.service.useradmin.UserAdminPermission DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD