org.osgi.framework

Class AdminPermission

java.lang.Object

java.security.Permission

java.security.BasicPermission

org.osgi.framework.AdminPermission

All Implemented Interfaces:

Serializable, Guard

public final class AdminPermission
extends BasicPermission

A bundle's authority to perform specific privileged administrative operations on or to get sensitive information about a bundle. The actions for this permission are:

  Action               Methods
  class                Bundle.loadClass
  execute              Bundle.start
                       Bundle.stop
                       StartLevel.setBundleStartLevel
  extensionLifecycle   BundleContext.installBundle for extension bundles
                       Bundle.update for extension bundles
                       Bundle.uninstall for extension bundles
  lifecycle            BundleContext.installBundle
                       Bundle.update
                       Bundle.uninstall
  listener             BundleContext.addBundleListener for SynchronousBundleListener
                       BundleContext.removeBundleListener for SynchronousBundleListener
  metadata             Bundle.getHeaders
                       Bundle.getLocation
  resolve              PackageAdmin.refreshPackages
                       PackageAdmin.resolveBundles
  resource             Bundle.getResource
                       Bundle.getResources
                       Bundle.getEntry
                       Bundle.getEntryPaths
                       Bundle.findEntries
                       Bundle resource/entry URL creation
  startlevel           StartLevel.setStartLevel
                       StartLevel.setInitialBundleStartLevel 
  context              Bundle.getBundleContext
 

The special action "*" will represent all actions. The resolve action is implied by the class, execute and resource actions.

The name of this permission is a filter expression. The filter gives access to the following attributes:

• signer - A Distinguished Name chain used to sign a bundle. Wildcards in a DN are not matched according to the filter string rules, but according to the rules defined for a DN chain.
• location - The location of a bundle.
• id - The bundle ID of the designated bundle.
• name - The symbolic name of a bundle.

Filter attribute names are processed in a case sensitive manner.

Version:

$Revision: 7743 $

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static String	CLASS The action string class.
static String	CONTEXT The action string context.
static String	EXECUTE The action string execute.
static String	EXTENSIONLIFECYCLE The action string extensionLifecycle.
static String	LIFECYCLE The action string lifecycle.
static String	LISTENER The action string listener.
static String	METADATA The action string metadata.
static String	RESOLVE The action string resolve.
static String	RESOURCE The action string resource.
static String	STARTLEVEL The action string startlevel.

Constructor Summary

Constructors

Constructor and Description
AdminPermission() Creates a new AdminPermission object that matches all bundles and has all actions.
AdminPermission(Bundle bundle, String actions) Creates a new requested AdminPermission object to be used by the code that must perform checkPermission.
AdminPermission(String filter, String actions) Create a new AdminPermission.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	equals(Object obj) Determines the equality of two AdminPermission objects.
String	getActions() Returns the canonical string representation of the AdminPermission actions.
int	hashCode() Returns the hash code value for this object.
boolean	implies(Permission p) Determines if the specified permission is implied by this object.
PermissionCollection	newPermissionCollection() Returns a new PermissionCollection object suitable for storing AdminPermissions.

Methods inherited from class java.security.Permission

checkGuard, getName, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

CLASS

public static final String CLASS

The action string class. The class action implies the resolve action.

Since:

1.3

See Also:

Constant Field Values

EXECUTE

public static final String EXECUTE

The action string execute. The execute action implies the resolve action.

Since:

1.3

See Also:

Constant Field Values

EXTENSIONLIFECYCLE

public static final String EXTENSIONLIFECYCLE

The action string extensionLifecycle.

Since:

1.3

See Also:

Constant Field Values

LIFECYCLE

public static final String LIFECYCLE

The action string lifecycle.

Since:

1.3

See Also:

Constant Field Values

LISTENER

public static final String LISTENER

The action string listener.

Since:

1.3

See Also:

Constant Field Values

METADATA

public static final String METADATA

The action string metadata.

Since:

1.3

See Also:

Constant Field Values

RESOLVE

public static final String RESOLVE

The action string resolve. The resolve action is implied by the class, execute and resource actions.

Since:

1.3

See Also:

Constant Field Values

RESOURCE

public static final String RESOURCE

The action string resource. The resource action implies the resolve action.

Since:

1.3

See Also:

Constant Field Values

STARTLEVEL

public static final String STARTLEVEL

The action string startlevel.

Since:

1.3

See Also:

Constant Field Values

CONTEXT

public static final String CONTEXT

The action string context.

Since:

1.4

See Also:

Constant Field Values

Constructor Detail

AdminPermission

public AdminPermission()

Creates a new AdminPermission object that matches all bundles and has all actions. Equivalent to AdminPermission("*","*");

AdminPermission

public AdminPermission(String filter,
               String actions)

Create a new AdminPermission. This constructor must only be used to create a permission that is going to be checked.

Examples:

 (signer=\*,o=ACME,c=US)   
 (&(signer=\*,o=ACME,c=US)(name=com.acme.*)(location=http://www.acme.com/bundles/*))
 (id>=1)
 

When a signer key is used within the filter expression the signer value must escape the special filter chars ('*', '(', ')').

Null arguments are equivalent to "*".

Parameters:

filter - A filter expression that can use signer, location, id, and name keys. A value of "*" or null matches all bundle. Filter attribute names are processed in a case sensitive manner.

actions - class, execute, extensionLifecycle, lifecycle, listener, metadata, resolve , resource, startlevel or context. A value of "*" or null indicates all actions.

Throws:

IllegalArgumentException - If the filter has an invalid syntax.

AdminPermission

public AdminPermission(Bundle bundle,
               String actions)

Creates a new requested AdminPermission object to be used by the code that must perform checkPermission. AdminPermission objects created with this constructor cannot be added to an AdminPermission permission collection.

Parameters:

bundle - A bundle.

actions - class, execute, extensionLifecycle, lifecycle, listener, metadata, resolve , resource, startlevel, context. A value of "*" or null indicates all actions.

Since:

1.3

Method Detail

implies

public boolean implies(Permission p)

Determines if the specified permission is implied by this object. This method throws an exception if the specified permission was not constructed with a bundle.

This method returns true if the specified permission is an AdminPermission AND

• this object's filter matches the specified permission's bundle ID, bundle symbolic name, bundle location and bundle signer distinguished name chain OR
• this object's filter is "*"

AND this object's actions include all of the specified permission's actions.

Special case: if the specified permission was constructed with "*" filter, then this method returns true if this object's filter is "*" and this object's actions include all of the specified permission's actions

Overrides:

implies in class BasicPermission

Parameters:

p - The requested permission.

Returns:

true if the specified permission is implied by this object; false otherwise.

getActions

public String getActions()

Returns the canonical string representation of the AdminPermission actions.

Always returns present AdminPermission actions in the following order: class, execute, extensionLifecycle, lifecycle, listener, metadata, resolve, resource, startlevel, context.

Overrides:

getActions in class BasicPermission

Returns:

Canonical string representation of the AdminPermission actions.

newPermissionCollection

public PermissionCollection newPermissionCollection()

Returns a new PermissionCollection object suitable for storing AdminPermissions.

Overrides:

newPermissionCollection in class BasicPermission

Returns:

A new PermissionCollection object.

equals

public boolean equals(Object obj)

Determines the equality of two AdminPermission objects.

Overrides:

equals in class BasicPermission

Parameters:

obj - The object being compared for equality with this object.

Returns:

true if obj is equivalent to this AdminPermission; false otherwise.

hashCode

public int hashCode()

Returns the hash code value for this object.

Overrides:

hashCode in class BasicPermission

Returns:

Hash code value for this object.