Path: blob/master/src/java.management/share/classes/javax/management/MBeanPermission.java
41154 views
/*1* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package javax.management;2627import java.io.IOException;28import java.io.ObjectInputStream;29import java.security.Permission;3031/**32* <p>Permission controlling access to MBeanServer operations. If a33* security manager has been set using {@link34* System#setSecurityManager}, most operations on the MBean Server35* require that the caller's permissions imply an MBeanPermission36* appropriate for the operation. This is described in detail in the37* documentation for the {@link MBeanServer} interface.</p>38*39* <p>As with other {@link Permission} objects, an MBeanPermission can40* represent either a permission that you <em>have</em> or a41* permission that you <em>need</em>. When a sensitive operation is42* being checked for permission, an MBeanPermission is constructed43* representing the permission you need. The operation is only44* allowed if the permissions you have {@linkplain #implies imply} the45* permission you need.</p>46*47* <p>An MBeanPermission contains four items of information:</p>48*49* <ul>50*51* <li><p>The <em>action</em>. For a permission you need,52* this is one of the actions in the list <a53* href="#action-list">below</a>. For a permission you have, this is54* a comma-separated list of those actions, or <code>*</code>,55* representing all actions.</p>56*57* <p>The action is returned by {@link #getActions()}.</p>58*59* <li><p>The <em>class name</em>.</p>60*61* <p>For a permission you need, this is the class name of an MBean62* you are accessing, as returned by {@link63* MBeanServer#getMBeanInfo(ObjectName)64* MBeanServer.getMBeanInfo(name)}.{@link MBeanInfo#getClassName()65* getClassName()}. Certain operations do not reference a class name,66* in which case the class name is null.</p>67*68* <p>For a permission you have, this is either empty or a <em>class69* name pattern</em>. A class name pattern is a string following the70* Java conventions for dot-separated class names. It may end with71* "<code>.*</code>" meaning that the permission grants access to any72* class that begins with the string preceding "<code>.*</code>". For73* instance, "<code>javax.management.*</code>" grants access to74* <code>javax.management.MBeanServerDelegate</code> and75* <code>javax.management.timer.Timer</code>, among other classes.</p>76*77* <p>A class name pattern can also be empty or the single character78* "<code>*</code>", both of which grant access to any class.</p>79*80* <li><p>The <em>member</em>.</p>81*82* <p>For a permission you need, this is the name of the attribute or83* operation you are accessing. For operations that do not reference84* an attribute or operation, the member is null.</p>85*86* <p>For a permission you have, this is either the name of an attribute87* or operation you can access, or it is empty or the single character88* "<code>*</code>", both of which grant access to any member.</p>89*90* <li id="MBeanName"><p>The <em>object name</em>.</p>91*92* <p>For a permission you need, this is the {@link ObjectName} of the93* MBean you are accessing. For operations that do not reference a94* single MBean, it is null. It is never an object name pattern.</p>95*96* <p>For a permission you have, this is the {@link ObjectName} of the97* MBean or MBeans you can access. It may be an object name pattern98* to grant access to all MBeans whose names match the pattern. It99* may also be empty, which grants access to all MBeans whatever their100* name.</p>101*102* </ul>103*104* <p>If you have an MBeanPermission, it allows operations only if all105* four of the items match.</p>106*107* <p>The class name, member, and object name can be written together108* as a single string, which is the <em>name</em> of this permission.109* The name of the permission is the string returned by {@link110* Permission#getName() getName()}. The format of the string is:</p>111*112* <blockquote>113* <code>className#member[objectName]</code>114* </blockquote>115*116* <p>The object name is written using the usual syntax for {@link117* ObjectName}. It may contain any legal characters, including118* <code>]</code>. It is terminated by a <code>]</code> character119* that is the last character in the string.</p>120*121* <p>One or more of the <code>className</code>, <code>member</code>,122* or <code>objectName</code> may be omitted. If the123* <code>member</code> is omitted, the <code>#</code> may be too (but124* does not have to be). If the <code>objectName</code> is omitted,125* the <code>[]</code> may be too (but does not have to be). It is126* not legal to omit all three items, that is to have a <em>name</em>127* that is the empty string.</p>128*129* <p>One or more of the <code>className</code>, <code>member</code>,130* or <code>objectName</code> may be the character "<code>-</code>",131* which is equivalent to a null value. A null value is implied by132* any value (including another null value) but does not imply any133* other value.</p>134*135* <p><a id="action-list">The possible actions are these:</a></p>136*137* <ul>138* <li>addNotificationListener</li>139* <li>getAttribute</li>140* <li>getClassLoader</li>141* <li>getClassLoaderFor</li>142* <li>getClassLoaderRepository</li>143* <li>getDomains</li>144* <li>getMBeanInfo</li>145* <li>getObjectInstance</li>146* <li>instantiate</li>147* <li>invoke</li>148* <li>isInstanceOf</li>149* <li>queryMBeans</li>150* <li>queryNames</li>151* <li>registerMBean</li>152* <li>removeNotificationListener</li>153* <li>setAttribute</li>154* <li>unregisterMBean</li>155* </ul>156*157* <p>In a comma-separated list of actions, spaces are allowed before158* and after each action.159*160* @since 1.5161*/162public class MBeanPermission extends Permission {163164private static final long serialVersionUID = -2416928705275160661L;165166/**167* Actions list.168*/169private static final int AddNotificationListener = 0x00001;170private static final int GetAttribute = 0x00002;171private static final int GetClassLoader = 0x00004;172private static final int GetClassLoaderFor = 0x00008;173private static final int GetClassLoaderRepository = 0x00010;174private static final int GetDomains = 0x00020;175private static final int GetMBeanInfo = 0x00040;176private static final int GetObjectInstance = 0x00080;177private static final int Instantiate = 0x00100;178private static final int Invoke = 0x00200;179private static final int IsInstanceOf = 0x00400;180private static final int QueryMBeans = 0x00800;181private static final int QueryNames = 0x01000;182private static final int RegisterMBean = 0x02000;183private static final int RemoveNotificationListener = 0x04000;184private static final int SetAttribute = 0x08000;185private static final int UnregisterMBean = 0x10000;186187/**188* No actions.189*/190private static final int NONE = 0x00000;191192/**193* All actions.194*/195private static final int ALL =196AddNotificationListener |197GetAttribute |198GetClassLoader |199GetClassLoaderFor |200GetClassLoaderRepository |201GetDomains |202GetMBeanInfo |203GetObjectInstance |204Instantiate |205Invoke |206IsInstanceOf |207QueryMBeans |208QueryNames |209RegisterMBean |210RemoveNotificationListener |211SetAttribute |212UnregisterMBean;213214/**215* The actions string.216*/217private String actions;218219/**220* The actions mask.221*/222private transient int mask;223224/**225* The classname prefix that must match. If null, is implied by any226* classNamePrefix but does not imply any non-null classNamePrefix.227*/228private transient String classNamePrefix;229230/**231* True if classNamePrefix must match exactly. Otherwise, the232* className being matched must start with classNamePrefix.233*/234private transient boolean classNameExactMatch;235236/**237* The member that must match. If null, is implied by any member238* but does not imply any non-null member.239*/240private transient String member;241242/**243* The objectName that must match. If null, is implied by any244* objectName but does not imply any non-null objectName.245*/246private transient ObjectName objectName;247248/**249* Parse <code>actions</code> parameter.250*/251private void parseActions() {252253int mask;254255if (actions == null)256throw new IllegalArgumentException("MBeanPermission: " +257"actions can't be null");258if (actions.isEmpty())259throw new IllegalArgumentException("MBeanPermission: " +260"actions can't be empty");261262mask = getMask(actions);263264if ((mask & ALL) != mask)265throw new IllegalArgumentException("Invalid actions mask");266if (mask == NONE)267throw new IllegalArgumentException("Invalid actions mask");268this.mask = mask;269}270271/**272* Parse <code>name</code> parameter.273*/274private void parseName() {275String name = getName();276277if (name == null)278throw new IllegalArgumentException("MBeanPermission name " +279"cannot be null");280281if (name.isEmpty())282throw new IllegalArgumentException("MBeanPermission name " +283"cannot be empty");284285/* The name looks like "class#member[objectname]". We subtract286elements from the right as we parse, so after parsing the287objectname we have "class#member" and after parsing the288member we have "class". Each element is optional. */289290// Parse ObjectName291292int openingBracket = name.indexOf('[');293if (openingBracket == -1) {294// If "[on]" missing then ObjectName("*:*")295//296objectName = ObjectName.WILDCARD;297} else {298if (!name.endsWith("]")) {299throw new IllegalArgumentException("MBeanPermission: " +300"The ObjectName in the " +301"target name must be " +302"included in square " +303"brackets");304} else {305// Create ObjectName306//307try {308// If "[]" then ObjectName("*:*")309//310String on = name.substring(openingBracket + 1,311name.length() - 1);312if (on.isEmpty())313objectName = ObjectName.WILDCARD;314else if (on.equals("-"))315objectName = null;316else317objectName = new ObjectName(on);318} catch (MalformedObjectNameException e) {319throw new IllegalArgumentException("MBeanPermission: " +320"The target name does " +321"not specify a valid " +322"ObjectName", e);323}324}325326name = name.substring(0, openingBracket);327}328329// Parse member330331int poundSign = name.indexOf('#');332333if (poundSign == -1)334setMember("*");335else {336String memberName = name.substring(poundSign + 1);337setMember(memberName);338name = name.substring(0, poundSign);339}340341// Parse className342343setClassName(name);344}345346/**347* Assign fields based on className, member, and objectName348* parameters.349*/350private void initName(String className, String member,351ObjectName objectName) {352setClassName(className);353setMember(member);354this.objectName = objectName;355}356357private void setClassName(String className) {358if (className == null || className.equals("-")) {359classNamePrefix = null;360classNameExactMatch = false;361} else if (className.isEmpty() || className.equals("*")) {362classNamePrefix = "";363classNameExactMatch = false;364} else if (className.endsWith(".*")) {365// Note that we include the "." in the required prefix366classNamePrefix = className.substring(0, className.length() - 1);367classNameExactMatch = false;368} else {369classNamePrefix = className;370classNameExactMatch = true;371}372}373374private void setMember(String member) {375if (member == null || member.equals("-"))376this.member = null;377else if (member.isEmpty())378this.member = "*";379else380this.member = member;381}382383/**384* <p>Create a new MBeanPermission object with the specified target name385* and actions.</p>386*387* <p>The target name is of the form388* "<code>className#member[objectName]</code>" where each part is389* optional. It must not be empty or null.</p>390*391* <p>The actions parameter contains a comma-separated list of the392* desired actions granted on the target name. It must not be393* empty or null.</p>394*395* @param name the triplet "className#member[objectName]".396* @param actions the action string.397*398* @exception IllegalArgumentException if the <code>name</code> or399* <code>actions</code> is invalid.400*/401public MBeanPermission(String name, String actions) {402super(name);403404parseName();405406this.actions = actions;407parseActions();408}409410/**411* <p>Create a new MBeanPermission object with the specified target name412* (class name, member, object name) and actions.</p>413*414* <p>The class name, member and object name parameters define a415* target name of the form416* "<code>className#member[objectName]</code>" where each part is417* optional. This will be the result of {@link #getName()} on the418* resultant MBeanPermission.</p>419*420* <p>The actions parameter contains a comma-separated list of the421* desired actions granted on the target name. It must not be422* empty or null.</p>423*424* @param className the class name to which this permission applies.425* May be null or <code>"-"</code>, which represents a class name426* that is implied by any class name but does not imply any other427* class name.428* @param member the member to which this permission applies. May429* be null or <code>"-"</code>, which represents a member that is430* implied by any member but does not imply any other member.431* @param objectName the object name to which this permission432* applies. May be null, which represents an object name that is433* implied by any object name but does not imply any other object434* name.435* @param actions the action string.436*/437public MBeanPermission(String className,438String member,439ObjectName objectName,440String actions) {441442super(makeName(className, member, objectName));443initName(className, member, objectName);444445this.actions = actions;446parseActions();447}448449private static String makeName(String className, String member,450ObjectName objectName) {451final StringBuilder name = new StringBuilder();452if (className == null)453className = "-";454name.append(className);455if (member == null)456member = "-";457name.append('#').append(member);458if (objectName == null)459name.append("[-]");460else461name.append('[').append(objectName.getCanonicalName()).append(']');462463/* In the interests of legibility for Permission.toString(), we464transform the empty string into "*". */465if (name.length() == 0)466return "*";467else468return name.toString();469}470471/**472* Returns the "canonical string representation" of the actions. That is,473* this method always returns present actions in alphabetical order.474*475* @return the canonical string representation of the actions.476*/477public String getActions() {478479if (actions == null)480actions = getActions(this.mask);481482return actions;483}484485/**486* Returns the "canonical string representation"487* of the actions from the mask.488*/489private static String getActions(int mask) {490final StringBuilder sb = new StringBuilder();491boolean comma = false;492493if ((mask & AddNotificationListener) == AddNotificationListener) {494comma = true;495sb.append("addNotificationListener");496}497498if ((mask & GetAttribute) == GetAttribute) {499if (comma) sb.append(',');500else comma = true;501sb.append("getAttribute");502}503504if ((mask & GetClassLoader) == GetClassLoader) {505if (comma) sb.append(',');506else comma = true;507sb.append("getClassLoader");508}509510if ((mask & GetClassLoaderFor) == GetClassLoaderFor) {511if (comma) sb.append(',');512else comma = true;513sb.append("getClassLoaderFor");514}515516if ((mask & GetClassLoaderRepository) == GetClassLoaderRepository) {517if (comma) sb.append(',');518else comma = true;519sb.append("getClassLoaderRepository");520}521522if ((mask & GetDomains) == GetDomains) {523if (comma) sb.append(',');524else comma = true;525sb.append("getDomains");526}527528if ((mask & GetMBeanInfo) == GetMBeanInfo) {529if (comma) sb.append(',');530else comma = true;531sb.append("getMBeanInfo");532}533534if ((mask & GetObjectInstance) == GetObjectInstance) {535if (comma) sb.append(',');536else comma = true;537sb.append("getObjectInstance");538}539540if ((mask & Instantiate) == Instantiate) {541if (comma) sb.append(',');542else comma = true;543sb.append("instantiate");544}545546if ((mask & Invoke) == Invoke) {547if (comma) sb.append(',');548else comma = true;549sb.append("invoke");550}551552if ((mask & IsInstanceOf) == IsInstanceOf) {553if (comma) sb.append(',');554else comma = true;555sb.append("isInstanceOf");556}557558if ((mask & QueryMBeans) == QueryMBeans) {559if (comma) sb.append(',');560else comma = true;561sb.append("queryMBeans");562}563564if ((mask & QueryNames) == QueryNames) {565if (comma) sb.append(',');566else comma = true;567sb.append("queryNames");568}569570if ((mask & RegisterMBean) == RegisterMBean) {571if (comma) sb.append(',');572else comma = true;573sb.append("registerMBean");574}575576if ((mask & RemoveNotificationListener) == RemoveNotificationListener) {577if (comma) sb.append(',');578else comma = true;579sb.append("removeNotificationListener");580}581582if ((mask & SetAttribute) == SetAttribute) {583if (comma) sb.append(',');584else comma = true;585sb.append("setAttribute");586}587588if ((mask & UnregisterMBean) == UnregisterMBean) {589if (comma) sb.append(',');590else comma = true;591sb.append("unregisterMBean");592}593594return sb.toString();595}596597/**598* Returns the hash code value for this object.599*600* @return a hash code value for this object.601*/602public int hashCode() {603return this.getName().hashCode() + this.getActions().hashCode();604}605606/**607* Converts an action String to an integer action mask.608*609* @param action the action string.610* @return the action mask.611*/612private static int getMask(String action) {613614/*615* BE CAREFUL HERE! PARSING ORDER IS IMPORTANT IN THIS ALGORITHM.616*617* The 'string length' test must be performed for the lengthiest618* strings first.619*620* In this permission if the "unregisterMBean" string length test is621* performed after the "registerMBean" string length test the algorithm622* considers the 'unregisterMBean' action as being the 'registerMBean'623* action and a parsing error is returned.624*/625626int mask = NONE;627628if (action == null) {629return mask;630}631632if (action.equals("*")) {633return ALL;634}635636char[] a = action.toCharArray();637638int i = a.length - 1;639if (i < 0)640return mask;641642while (i != -1) {643char c;644645// skip whitespace646while ((i!=-1) && ((c = a[i]) == ' ' ||647c == '\r' ||648c == '\n' ||649c == '\f' ||650c == '\t'))651i--;652653// check for the known strings654int matchlen;655656if (i >= 25 && /* removeNotificationListener */657(a[i-25] == 'r') &&658(a[i-24] == 'e') &&659(a[i-23] == 'm') &&660(a[i-22] == 'o') &&661(a[i-21] == 'v') &&662(a[i-20] == 'e') &&663(a[i-19] == 'N') &&664(a[i-18] == 'o') &&665(a[i-17] == 't') &&666(a[i-16] == 'i') &&667(a[i-15] == 'f') &&668(a[i-14] == 'i') &&669(a[i-13] == 'c') &&670(a[i-12] == 'a') &&671(a[i-11] == 't') &&672(a[i-10] == 'i') &&673(a[i-9] == 'o') &&674(a[i-8] == 'n') &&675(a[i-7] == 'L') &&676(a[i-6] == 'i') &&677(a[i-5] == 's') &&678(a[i-4] == 't') &&679(a[i-3] == 'e') &&680(a[i-2] == 'n') &&681(a[i-1] == 'e') &&682(a[i] == 'r')) {683matchlen = 26;684mask |= RemoveNotificationListener;685} else if (i >= 23 && /* getClassLoaderRepository */686(a[i-23] == 'g') &&687(a[i-22] == 'e') &&688(a[i-21] == 't') &&689(a[i-20] == 'C') &&690(a[i-19] == 'l') &&691(a[i-18] == 'a') &&692(a[i-17] == 's') &&693(a[i-16] == 's') &&694(a[i-15] == 'L') &&695(a[i-14] == 'o') &&696(a[i-13] == 'a') &&697(a[i-12] == 'd') &&698(a[i-11] == 'e') &&699(a[i-10] == 'r') &&700(a[i-9] == 'R') &&701(a[i-8] == 'e') &&702(a[i-7] == 'p') &&703(a[i-6] == 'o') &&704(a[i-5] == 's') &&705(a[i-4] == 'i') &&706(a[i-3] == 't') &&707(a[i-2] == 'o') &&708(a[i-1] == 'r') &&709(a[i] == 'y')) {710matchlen = 24;711mask |= GetClassLoaderRepository;712} else if (i >= 22 && /* addNotificationListener */713(a[i-22] == 'a') &&714(a[i-21] == 'd') &&715(a[i-20] == 'd') &&716(a[i-19] == 'N') &&717(a[i-18] == 'o') &&718(a[i-17] == 't') &&719(a[i-16] == 'i') &&720(a[i-15] == 'f') &&721(a[i-14] == 'i') &&722(a[i-13] == 'c') &&723(a[i-12] == 'a') &&724(a[i-11] == 't') &&725(a[i-10] == 'i') &&726(a[i-9] == 'o') &&727(a[i-8] == 'n') &&728(a[i-7] == 'L') &&729(a[i-6] == 'i') &&730(a[i-5] == 's') &&731(a[i-4] == 't') &&732(a[i-3] == 'e') &&733(a[i-2] == 'n') &&734(a[i-1] == 'e') &&735(a[i] == 'r')) {736matchlen = 23;737mask |= AddNotificationListener;738} else if (i >= 16 && /* getClassLoaderFor */739(a[i-16] == 'g') &&740(a[i-15] == 'e') &&741(a[i-14] == 't') &&742(a[i-13] == 'C') &&743(a[i-12] == 'l') &&744(a[i-11] == 'a') &&745(a[i-10] == 's') &&746(a[i-9] == 's') &&747(a[i-8] == 'L') &&748(a[i-7] == 'o') &&749(a[i-6] == 'a') &&750(a[i-5] == 'd') &&751(a[i-4] == 'e') &&752(a[i-3] == 'r') &&753(a[i-2] == 'F') &&754(a[i-1] == 'o') &&755(a[i] == 'r')) {756matchlen = 17;757mask |= GetClassLoaderFor;758} else if (i >= 16 && /* getObjectInstance */759(a[i-16] == 'g') &&760(a[i-15] == 'e') &&761(a[i-14] == 't') &&762(a[i-13] == 'O') &&763(a[i-12] == 'b') &&764(a[i-11] == 'j') &&765(a[i-10] == 'e') &&766(a[i-9] == 'c') &&767(a[i-8] == 't') &&768(a[i-7] == 'I') &&769(a[i-6] == 'n') &&770(a[i-5] == 's') &&771(a[i-4] == 't') &&772(a[i-3] == 'a') &&773(a[i-2] == 'n') &&774(a[i-1] == 'c') &&775(a[i] == 'e')) {776matchlen = 17;777mask |= GetObjectInstance;778} else if (i >= 14 && /* unregisterMBean */779(a[i-14] == 'u') &&780(a[i-13] == 'n') &&781(a[i-12] == 'r') &&782(a[i-11] == 'e') &&783(a[i-10] == 'g') &&784(a[i-9] == 'i') &&785(a[i-8] == 's') &&786(a[i-7] == 't') &&787(a[i-6] == 'e') &&788(a[i-5] == 'r') &&789(a[i-4] == 'M') &&790(a[i-3] == 'B') &&791(a[i-2] == 'e') &&792(a[i-1] == 'a') &&793(a[i] == 'n')) {794matchlen = 15;795mask |= UnregisterMBean;796} else if (i >= 13 && /* getClassLoader */797(a[i-13] == 'g') &&798(a[i-12] == 'e') &&799(a[i-11] == 't') &&800(a[i-10] == 'C') &&801(a[i-9] == 'l') &&802(a[i-8] == 'a') &&803(a[i-7] == 's') &&804(a[i-6] == 's') &&805(a[i-5] == 'L') &&806(a[i-4] == 'o') &&807(a[i-3] == 'a') &&808(a[i-2] == 'd') &&809(a[i-1] == 'e') &&810(a[i] == 'r')) {811matchlen = 14;812mask |= GetClassLoader;813} else if (i >= 12 && /* registerMBean */814(a[i-12] == 'r') &&815(a[i-11] == 'e') &&816(a[i-10] == 'g') &&817(a[i-9] == 'i') &&818(a[i-8] == 's') &&819(a[i-7] == 't') &&820(a[i-6] == 'e') &&821(a[i-5] == 'r') &&822(a[i-4] == 'M') &&823(a[i-3] == 'B') &&824(a[i-2] == 'e') &&825(a[i-1] == 'a') &&826(a[i] == 'n')) {827matchlen = 13;828mask |= RegisterMBean;829} else if (i >= 11 && /* getAttribute */830(a[i-11] == 'g') &&831(a[i-10] == 'e') &&832(a[i-9] == 't') &&833(a[i-8] == 'A') &&834(a[i-7] == 't') &&835(a[i-6] == 't') &&836(a[i-5] == 'r') &&837(a[i-4] == 'i') &&838(a[i-3] == 'b') &&839(a[i-2] == 'u') &&840(a[i-1] == 't') &&841(a[i] == 'e')) {842matchlen = 12;843mask |= GetAttribute;844} else if (i >= 11 && /* getMBeanInfo */845(a[i-11] == 'g') &&846(a[i-10] == 'e') &&847(a[i-9] == 't') &&848(a[i-8] == 'M') &&849(a[i-7] == 'B') &&850(a[i-6] == 'e') &&851(a[i-5] == 'a') &&852(a[i-4] == 'n') &&853(a[i-3] == 'I') &&854(a[i-2] == 'n') &&855(a[i-1] == 'f') &&856(a[i] == 'o')) {857matchlen = 12;858mask |= GetMBeanInfo;859} else if (i >= 11 && /* isInstanceOf */860(a[i-11] == 'i') &&861(a[i-10] == 's') &&862(a[i-9] == 'I') &&863(a[i-8] == 'n') &&864(a[i-7] == 's') &&865(a[i-6] == 't') &&866(a[i-5] == 'a') &&867(a[i-4] == 'n') &&868(a[i-3] == 'c') &&869(a[i-2] == 'e') &&870(a[i-1] == 'O') &&871(a[i] == 'f')) {872matchlen = 12;873mask |= IsInstanceOf;874} else if (i >= 11 && /* setAttribute */875(a[i-11] == 's') &&876(a[i-10] == 'e') &&877(a[i-9] == 't') &&878(a[i-8] == 'A') &&879(a[i-7] == 't') &&880(a[i-6] == 't') &&881(a[i-5] == 'r') &&882(a[i-4] == 'i') &&883(a[i-3] == 'b') &&884(a[i-2] == 'u') &&885(a[i-1] == 't') &&886(a[i] == 'e')) {887matchlen = 12;888mask |= SetAttribute;889} else if (i >= 10 && /* instantiate */890(a[i-10] == 'i') &&891(a[i-9] == 'n') &&892(a[i-8] == 's') &&893(a[i-7] == 't') &&894(a[i-6] == 'a') &&895(a[i-5] == 'n') &&896(a[i-4] == 't') &&897(a[i-3] == 'i') &&898(a[i-2] == 'a') &&899(a[i-1] == 't') &&900(a[i] == 'e')) {901matchlen = 11;902mask |= Instantiate;903} else if (i >= 10 && /* queryMBeans */904(a[i-10] == 'q') &&905(a[i-9] == 'u') &&906(a[i-8] == 'e') &&907(a[i-7] == 'r') &&908(a[i-6] == 'y') &&909(a[i-5] == 'M') &&910(a[i-4] == 'B') &&911(a[i-3] == 'e') &&912(a[i-2] == 'a') &&913(a[i-1] == 'n') &&914(a[i] == 's')) {915matchlen = 11;916mask |= QueryMBeans;917} else if (i >= 9 && /* getDomains */918(a[i-9] == 'g') &&919(a[i-8] == 'e') &&920(a[i-7] == 't') &&921(a[i-6] == 'D') &&922(a[i-5] == 'o') &&923(a[i-4] == 'm') &&924(a[i-3] == 'a') &&925(a[i-2] == 'i') &&926(a[i-1] == 'n') &&927(a[i] == 's')) {928matchlen = 10;929mask |= GetDomains;930} else if (i >= 9 && /* queryNames */931(a[i-9] == 'q') &&932(a[i-8] == 'u') &&933(a[i-7] == 'e') &&934(a[i-6] == 'r') &&935(a[i-5] == 'y') &&936(a[i-4] == 'N') &&937(a[i-3] == 'a') &&938(a[i-2] == 'm') &&939(a[i-1] == 'e') &&940(a[i] == 's')) {941matchlen = 10;942mask |= QueryNames;943} else if (i >= 5 && /* invoke */944(a[i-5] == 'i') &&945(a[i-4] == 'n') &&946(a[i-3] == 'v') &&947(a[i-2] == 'o') &&948(a[i-1] == 'k') &&949(a[i] == 'e')) {950matchlen = 6;951mask |= Invoke;952} else {953// parse error954throw new IllegalArgumentException("Invalid permission: " +955action);956}957958// make sure we didn't just match the tail of a word959// like "ackbarfaccept". Also, skip to the comma.960boolean seencomma = false;961while (i >= matchlen && !seencomma) {962switch(a[i-matchlen]) {963case ',':964seencomma = true;965break;966case ' ': case '\r': case '\n':967case '\f': case '\t':968break;969default:970throw new IllegalArgumentException("Invalid permission: " +971action);972}973i--;974}975976// point i at the location of the comma minus one (or -1).977i -= matchlen;978}979980return mask;981}982983/**984* <p>Checks if this MBeanPermission object "implies" the985* specified permission.</p>986*987* <p>More specifically, this method returns true if:</p>988*989* <ul>990*991* <li> <i>p</i> is an instance of MBeanPermission; and</li>992*993* <li> <i>p</i> has a null className or <i>p</i>'s className994* matches this object's className; and</li>995*996* <li> <i>p</i> has a null member or <i>p</i>'s member matches this997* object's member; and</li>998*999* <li> <i>p</i> has a null object name or <i>p</i>'s1000* object name matches this object's object name; and</li>1001*1002* <li> <i>p</i>'s actions are a subset of this object's actions</li>1003*1004* </ul>1005*1006* <p>If this object's className is "<code>*</code>", <i>p</i>'s1007* className always matches it. If it is "<code>a.*</code>", <i>p</i>'s1008* className matches it if it begins with "<code>a.</code>".</p>1009*1010* <p>If this object's member is "<code>*</code>", <i>p</i>'s1011* member always matches it.</p>1012*1013* <p>If this object's objectName <i>n1</i> is an object name pattern,1014* <i>p</i>'s objectName <i>n2</i> matches it if1015* {@link ObjectName#equals <i>n1</i>.equals(<i>n2</i>)} or if1016* {@link ObjectName#apply <i>n1</i>.apply(<i>n2</i>)}.</p>1017*1018* <p>A permission that includes the <code>queryMBeans</code> action1019* is considered to include <code>queryNames</code> as well.</p>1020*1021* @param p the permission to check against.1022* @return true if the specified permission is implied by this object,1023* false if not.1024*/1025public boolean implies(Permission p) {1026if (!(p instanceof MBeanPermission))1027return false;10281029MBeanPermission that = (MBeanPermission) p;10301031// Actions1032//1033// The actions in 'this' permission must be a1034// superset of the actions in 'that' permission1035//10361037/* "queryMBeans" implies "queryNames" */1038if ((this.mask & QueryMBeans) == QueryMBeans) {1039if (((this.mask | QueryNames) & that.mask) != that.mask) {1040//System.out.println("action [with QueryNames] does not imply");1041return false;1042}1043} else {1044if ((this.mask & that.mask) != that.mask) {1045//System.out.println("action does not imply");1046return false;1047}1048}10491050// Target name1051//1052// The 'className' check is true iff:1053// 1) the className in 'this' permission is omitted or "*", or1054// 2) the className in 'that' permission is omitted or "*", or1055// 3) the className in 'this' permission does pattern1056// matching with the className in 'that' permission.1057//1058// The 'member' check is true iff:1059// 1) the member in 'this' permission is omitted or "*", or1060// 2) the member in 'that' permission is omitted or "*", or1061// 3) the member in 'this' permission equals the member in1062// 'that' permission.1063//1064// The 'object name' check is true iff:1065// 1) the object name in 'this' permission is omitted or "*:*", or1066// 2) the object name in 'that' permission is omitted or "*:*", or1067// 3) the object name in 'this' permission does pattern1068// matching with the object name in 'that' permission.1069//10701071/* Check if this.className implies that.className.10721073If that.classNamePrefix is empty that means the className is1074irrelevant for this permission check. Otherwise, we do not1075expect that "that" contains a wildcard, since it is a1076needed permission. So we assume that.classNameExactMatch. */10771078if (that.classNamePrefix == null) {1079// bottom is implied1080} else if (this.classNamePrefix == null) {1081// bottom implies nothing but itself1082return false;1083} else if (this.classNameExactMatch) {1084if (!that.classNameExactMatch)1085return false; // exact never implies wildcard1086if (!that.classNamePrefix.equals(this.classNamePrefix))1087return false; // exact match fails1088} else {1089// prefix match, works even if "that" is also a wildcard1090// e.g. a.* implies a.* and a.b.*1091if (!that.classNamePrefix.startsWith(this.classNamePrefix))1092return false;1093}10941095/* Check if this.member implies that.member */10961097if (that.member == null) {1098// bottom is implied1099} else if (this.member == null) {1100// bottom implies nothing but itself1101return false;1102} else if (this.member.equals("*")) {1103// wildcard implies everything (including itself)1104} else if (!this.member.equals(that.member)) {1105return false;1106}11071108/* Check if this.objectName implies that.objectName */11091110if (that.objectName == null) {1111// bottom is implied1112} else if (this.objectName == null) {1113// bottom implies nothing but itself1114return false;1115} else if (!this.objectName.apply(that.objectName)) {1116/* ObjectName.apply returns false if that.objectName is a1117wildcard so we also allow equals for that case. This1118never happens during real permission checks, but means1119the implies relation is reflexive. */1120if (!this.objectName.equals(that.objectName))1121return false;1122}11231124return true;1125}11261127/**1128* Checks two MBeanPermission objects for equality. Checks1129* that <i>obj</i> is an MBeanPermission, and has the same1130* name and actions as this object.1131*1132* @param obj the object we are testing for equality with this object.1133* @return true if obj is an MBeanPermission, and has the1134* same name and actions as this MBeanPermission object.1135*/1136public boolean equals(Object obj) {1137if (obj == this)1138return true;11391140if (! (obj instanceof MBeanPermission))1141return false;11421143MBeanPermission that = (MBeanPermission) obj;11441145return (this.mask == that.mask) &&1146(this.getName().equals(that.getName()));1147}11481149/**1150* Deserialize this object based on its name and actions.1151*/1152private void readObject(ObjectInputStream in)1153throws IOException, ClassNotFoundException {1154in.defaultReadObject();1155parseName();1156parseActions();1157}1158}115911601161