org.eclipse.osgi.internal.permadmin

Class SecurityAdmin

java.lang.Object

org.eclipse.osgi.internal.permadmin.SecurityAdmin

All Implemented Interfaces:

ConditionalPermissionAdmin, PermissionAdmin

public final class SecurityAdmin
extends Object
implements PermissionAdmin, ConditionalPermissionAdmin

Constructor Summary

Constructors

Constructor and Description
SecurityAdmin(EquinoxSecurityManager supportedSecurityManager, Framework framework, PermissionStorage permissionStorage)

Method Summary

Methods

Modifier and Type	Method and Description
ConditionalPermissionInfo	addConditionalPermissionInfo(ConditionInfo[] conds, PermissionInfo[] perms) Deprecated.
void	clearCaches()
BundleProtectionDomain	createProtectionDomain(Bundle bundle)
AccessControlContext	getAccessControlContext(String[] signers) Returns the Access Control Context that corresponds to the specified signers.
ConditionalPermissionInfo	getConditionalPermissionInfo(String name) Deprecated.
Enumeration<ConditionalPermissionInfo>	getConditionalPermissionInfos() Deprecated.
PermissionInfo[]	getDefaultPermissions() Gets the default permissions.
String[]	getLocations() Returns the bundle locations that have permissions assigned to them, that is, bundle locations for which an entry exists in the permission table.
PermissionInfo[]	getPermissions(String location) Gets the permissions assigned to the bundle with the specified location.
ConditionalPermissionInfo	newConditionalPermissionInfo(String encoded) Creates a new ConditionalPermissionInfo from the specified encoded ConditionalPermissionInfo string suitable for insertion into a ConditionalPermissionUpdate.
ConditionalPermissionInfo	newConditionalPermissionInfo(String name, ConditionInfo[] conditions, PermissionInfo[] permissions, String decision) Creates a new ConditionalPermissionInfo with the specified fields suitable for insertion into a ConditionalPermissionUpdate.
ConditionalPermissionUpdate	newConditionalPermissionUpdate() Creates a new update for the Conditional Permission Table.
ConditionalPermissionInfo	setConditionalPermissionInfo(String name, ConditionInfo[] conds, PermissionInfo[] perms) Deprecated.
void	setDefaultPermissions(PermissionInfo[] permissions) Sets the default permissions.
void	setPermissions(String location, PermissionInfo[] permissions) Assigns the specified permissions to the bundle with the specified location.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityAdmin

public SecurityAdmin(EquinoxSecurityManager supportedSecurityManager,
             Framework framework,
             PermissionStorage permissionStorage)
              throws IOException

Throws:

IOException

Method Detail

getDefaultPermissions

public PermissionInfo[] getDefaultPermissions()

Description copied from interface: PermissionAdmin

Gets the default permissions.

These are the permissions granted to any bundle that does not have permissions assigned to its location.

Specified by:

getDefaultPermissions in interface PermissionAdmin

Returns:

The default permissions, or null if no default permissions are set.

getLocations

public String[] getLocations()

Description copied from interface: PermissionAdmin

Returns the bundle locations that have permissions assigned to them, that is, bundle locations for which an entry exists in the permission table.

Specified by:

getLocations in interface PermissionAdmin

Returns:

The locations of bundles that have been assigned any permissions, or null if the permission table is empty.

getPermissions

public PermissionInfo[] getPermissions(String location)

Description copied from interface: PermissionAdmin

Gets the permissions assigned to the bundle with the specified location.

Specified by:

getPermissions in interface PermissionAdmin

Parameters:

location - The location of the bundle whose permissions are to be returned.

Returns:

The permissions assigned to the bundle with the specified location, or null if that bundle has not been assigned any permissions.

setDefaultPermissions

public void setDefaultPermissions(PermissionInfo[] permissions)

Description copied from interface: PermissionAdmin

Sets the default permissions.

These are the permissions granted to any bundle that does not have permissions assigned to its location.

Specified by:

setDefaultPermissions in interface PermissionAdmin

Parameters:

permissions - The default permissions, or null if the default permissions are to be removed from the permission table.

setPermissions

public void setPermissions(String location,
                  PermissionInfo[] permissions)

Description copied from interface: PermissionAdmin

Assigns the specified permissions to the bundle with the specified location.

Specified by:

setPermissions in interface PermissionAdmin

Parameters:

location - The location of the bundle that will be assigned the permissions.

permissions - The permissions to be assigned, or null if the specified location is to be removed from the permission table.

addConditionalPermissionInfo

public ConditionalPermissionInfo addConditionalPermissionInfo(ConditionInfo[] conds,
                                                     PermissionInfo[] perms)

Deprecated.

Description copied from interface: ConditionalPermissionAdmin

Create a new Conditional Permission Info in the Conditional Permission Table.

The Conditional Permission Info will be given a unique, never reused name. This entry will be added at the beginning of the Conditional Permission Table with an access decision of ALLOW.

Since this method changes the Conditional Permission Table any ConditionalPermissionUpdates that were created prior to calling this method can no longer be committed.

Specified by:

addConditionalPermissionInfo in interface ConditionalPermissionAdmin

Parameters:

conds - The conditions that need to be satisfied to enable the specified permissions. This argument can be null or an empty array indicating the specified permissions are not guarded by any conditions.

perms - The permissions that are enabled when the specified conditions, if any, are satisfied. This argument must not be null and must specify at least one permission.

Returns:

The ConditionalPermissionInfo for the specified Conditions and Permissions.

newConditionalPermissionInfo

public ConditionalPermissionInfo newConditionalPermissionInfo(String name,
                                                     ConditionInfo[] conditions,
                                                     PermissionInfo[] permissions,
                                                     String decision)

Description copied from interface: ConditionalPermissionAdmin

Creates a new ConditionalPermissionInfo with the specified fields suitable for insertion into a ConditionalPermissionUpdate. The delete method on ConditionalPermissionInfo objects created with this method must throw UnsupportedOperationException.

Specified by:

newConditionalPermissionInfo in interface ConditionalPermissionAdmin

Parameters:

name - The name of the created ConditionalPermissionInfo or null to have a unique name generated when the returned ConditionalPermissionInfo is committed in an update to the Conditional Permission Table.

conditions - The conditions that need to be satisfied to enable the specified permissions. This argument can be null or an empty array indicating the specified permissions are not guarded by any conditions.

permissions - The permissions that are enabled when the specified conditions, if any, are satisfied. This argument must not be null and must specify at least one permission.

decision - Access decision. Must be one of the following values:

• allow
• deny

The specified access decision value must be evaluated case insensitively.

Returns:

A ConditionalPermissionInfo object suitable for insertion into a ConditionalPermissionUpdate.

newConditionalPermissionInfo

public ConditionalPermissionInfo newConditionalPermissionInfo(String encoded)

Description copied from interface: ConditionalPermissionAdmin

Creates a new ConditionalPermissionInfo from the specified encoded ConditionalPermissionInfo string suitable for insertion into a ConditionalPermissionUpdate. The delete method on ConditionalPermissionInfo objects created with this method must throw UnsupportedOperationException.

Specified by:

newConditionalPermissionInfo in interface ConditionalPermissionAdmin

Parameters:

encoded - The encoded ConditionalPermissionInfo. White space in the encoded ConditionalPermissionInfo is ignored. The access decision value in the encoded ConditionalPermissionInfo must be evaluated case insensitively. If the encoded ConditionalPermissionInfo does not contain the optional name, null must be used for the name and a unique name will be generated when the returned ConditionalPermissionInfo is committed in an update to the Conditional Permission Table.

Returns:

A ConditionalPermissionInfo object suitable for insertion into a ConditionalPermissionUpdate.

See Also:

ConditionalPermissionInfo.getEncoded()

newConditionalPermissionUpdate

public ConditionalPermissionUpdate newConditionalPermissionUpdate()

Description copied from interface: ConditionalPermissionAdmin

Creates a new update for the Conditional Permission Table. The update is a working copy of the current Conditional Permission Table. If the running Conditional Permission Table is modified before commit is called on the returned update, then the call to commit on the returned update will fail. That is, the commit method will return false and no change will be made to the running Conditional Permission Table. There is no requirement that commit is eventually called on the returned update.

Specified by:

newConditionalPermissionUpdate in interface ConditionalPermissionAdmin

Returns:

A new update for the Conditional Permission Table.

getAccessControlContext

public AccessControlContext getAccessControlContext(String[] signers)

Description copied from interface: ConditionalPermissionAdmin

Returns the Access Control Context that corresponds to the specified signers. The returned Access Control Context must act as if its protection domain came from a bundle that has the following characteristics:

• It is signed by all of the given signers
• It has a bundle id of -1
• Its location is the empty string
• Its state is UNINSTALLED
• It has no headers
• It has the empty version (0.0.0)
• Its last modified time=0
• Many methods will throw IllegalStateException because the state is UNINSTALLED
• All other methods return a null

Specified by:

getAccessControlContext in interface ConditionalPermissionAdmin

Parameters:

signers - The signers for which to return an Access Control Context.

Returns:

An AccessControlContext that has the Permissions associated with the signer.

getConditionalPermissionInfo

public ConditionalPermissionInfo getConditionalPermissionInfo(String name)

Deprecated.

Description copied from interface: ConditionalPermissionAdmin

Return the Conditional Permission Info with the specified name.

Specified by:

getConditionalPermissionInfo in interface ConditionalPermissionAdmin

Parameters:

name - The name of the Conditional Permission Info to be returned.

Returns:

The Conditional Permission Info with the specified name or null if no Conditional Permission Info with the specified name exists in the Conditional Permission Table.

getConditionalPermissionInfos

public Enumeration<ConditionalPermissionInfo> getConditionalPermissionInfos()

Deprecated.

Description copied from interface: ConditionalPermissionAdmin

Returns the Conditional Permission Infos from the Conditional Permission Table.

The returned Enumeration will return elements in the order they are kept in the Conditional Permission Table.

The Enumeration returned is based on a copy of the Conditional Permission Table and therefore will not throw exceptions if the Conditional Permission Table is changed during the course of reading elements from the Enumeration.

Specified by:

getConditionalPermissionInfos in interface ConditionalPermissionAdmin

Returns:

An enumeration of the Conditional Permission Infos that are currently in the Conditional Permission Table.

setConditionalPermissionInfo

public ConditionalPermissionInfo setConditionalPermissionInfo(String name,
                                                     ConditionInfo[] conds,
                                                     PermissionInfo[] perms)

Deprecated.

Description copied from interface: ConditionalPermissionAdmin

Set or create a Conditional Permission Info with a specified name in the Conditional Permission Table.

If the specified name is null, a new Conditional Permission Info must be created and will be given a unique, never reused name. If there is currently no Conditional Permission Info with the specified name, a new Conditional Permission Info must be created with the specified name. Otherwise, the Conditional Permission Info with the specified name must be updated with the specified Conditions and Permissions. If a new entry was created in the Conditional Permission Table it will be added at the beginning of the table with an access decision of ALLOW.

Since this method changes the underlying permission table any ConditionalPermissionUpdates that were created prior to calling this method can no longer be committed.

Specified by:

setConditionalPermissionInfo in interface ConditionalPermissionAdmin

Parameters:

name - The name of the Conditional Permission Info, or null.

conds - The conditions that need to be satisfied to enable the specified permissions. This argument can be null or an empty array indicating the specified permissions are not guarded by any conditions.

perms - The permissions that are enabled when the specified conditions, if any, are satisfied. This argument must not be null and must specify at least one permission.

Returns:

The ConditionalPermissionInfo for the specified name, Conditions and Permissions.

createProtectionDomain

public BundleProtectionDomain createProtectionDomain(Bundle bundle)

clearCaches

public void clearCaches()