Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright (c) OSGi Alliance (2000, 2013). All Rights Reserved.
   *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   *
   *      http://www.apache.org/licenses/LICENSE-2.0
   *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.osgi.service.subsystem;
 
 import java.util.List;
 import java.util.Map;
A bundle's authority to perform specific privileged administrative operations on or to get sensitive information about a subsystem. The actions for this permission are:
 Action    Methods
 context   Subsystem.getBundleContext
 execute   Subsystem.start
           Subsystem.stop
 lifecycle Subsystem.install
           Subsystem.uninstall
 metadata  Subsystem.getHeaders
           Subsystem.getLocation
 

The name of this permission is a filter expression. The filter gives access to the following attributes:

  • location - The location of a subsystem.
  • id - The subsystem ID of the designated subsystem.
  • name - The symbolic name of a subsystem.
Filter attribute names are processed in a case sensitive manner.

Author(s):
$Id: 29c3097457160250e064b8c44696dbe86240c0ca $
ThreadSafe:
 
 
 public final class SubsystemPermission extends BasicPermission {
 	static final long								serialVersionUID	= 307051004521261705L;

The action string execute.
 
 	public final static String						EXECUTE"execute";
The action string lifecycle.
 
 	public final static String						LIFECYCLE"lifecycle";
The action string metadata.
 
 	public final static String						METADATA"metadata";
The action string context.
 
 	public final static String						CONTEXT"context";
 
 	private final static int						ACTION_EXECUTE		= 0x00000001;
 	private final static int						ACTION_LIFECYCLE	= 0x00000002;
 	private final static int						ACTION_METADATA		= 0x00000004;
 	private final static int						ACTION_CONTEXT		= 0x00000008;
 	private final static int						ACTION_ALL |  |  | ;
 	final static int								ACTION_NONE			= 0;

The actions in canonical form.

Serial:
	private volatile String							actionsnull;

The actions mask.
	transient int									action_mask;

If this SubsystemPermission was constructed with a filter, this holds a Filter matching object used to evaluate the filter in implies.
	transient Filter								filter;

The subsystem governed by this SubsystemPermission - only used if filter == null
	transient final Subsystem						subsystem;

This map holds the properties of the permission, used to match a filter in implies. This is not initialized until necessary, and then cached in this object.
	private transient volatile Map<StringObject>	properties;

ThreadLocal used to determine if we have recursively called getProperties.
	private static final ThreadLocal<Subsystem>		recursenew ThreadLocal<Subsystem>();

Create a new SubsystemPermission. This constructor must only be used to create a permission that is going to be checked.

Examples:

 (name=com.acme.*)(location=http://www.acme.com/subsystems/*))
 (id>=1)
 

Parameters:
filter A filter expression that can use, location, id, and name keys. Filter attribute names are processed in a case sensitive manner. A special value of "*" can be used to match all subsystems.
actions execute, lifecycle, metadata, or context.
Throws:
java.lang.IllegalArgumentException If the filter has an invalid syntax.
	public SubsystemPermission(String filterString actions) {
		this(parseFilter(filter), parseActions(actions));
	}

Creates a new requested SubsystemPermission object to be used by the code that must perform checkPermission. SubsystemPermission objects created with this constructor cannot be added to an SubsystemPermission permission collection.

Parameters:
subsystem A subsystem.
actions execute, lifecycle, metadata, or context.
	public SubsystemPermission(Subsystem subsystemString actions) {
		super(createName(subsystem));
		setTransients(nullparseActions(actions));
		this. = subsystem;
	}

Create a permission name from a Subsystem

Parameters:
subsystem Subsystem to use to create permission name.
Returns:
permission name.
	private static String createName(Subsystem subsystem) {
		if (subsystem == null) {
			throw new IllegalArgumentException("subsystem must not be null");
		}
		StringBuffer sb = new StringBuffer("(id=");
		sb.append(subsystem.getSubsystemId());
		sb.append(")");
		return sb.toString();
	}

Package private constructor used by SubsystemPermissionCollection.

Parameters:
filter name filter or null for wildcard.
mask action mask
	SubsystemPermission(Filter filterint mask) {
		super((filter == null) ? "*" : filter.toString());
		setTransients(filtermask);
		this. = null;
	}

Called by constructors and when deserialized.

Parameters:
filter Permission's filter or null for wildcard.
mask action mask
	private void setTransients(Filter filterint mask) {
		this. = filter;
		if ((mask == ) || ((mask & ) != mask)) {
			throw new IllegalArgumentException("invalid action string");
		}
		this. = mask;
	}

Parse action string into action mask.

Parameters:
actions Action string.
Returns:
action mask.
	private static int parseActions(String actions) {
		boolean seencomma = false;
		int mask = ;
		if (actions == null) {
			return mask;
		}
		char[] a = actions.toCharArray();
		int i = a.length - 1;
		if (i < 0)
			return mask;
		while (i != -1) {
			char c;
			// skip whitespace
			while ((i != -1) && ((c = a[i]) == ' ' || c == '\r' || c == '\n' || c == '\f' || c == '\t'))
				i--;
			// check for the known strings
			int matchlen;
			if (i >= 6 && (a[i - 6] == 'e' || a[i - 6] == 'E')
					&& (a[i - 5] == 'x' || a[i - 5] == 'X')
					&& (a[i - 4] == 'e' || a[i - 4] == 'E')
					&& (a[i - 3] == 'c' || a[i - 3] == 'C')
					&& (a[i - 2] == 'u' || a[i - 2] == 'U')
					&& (a[i - 1] == 't' || a[i - 1] == 'T')
					&& (a[i] == 'e' || a[i] == 'E')) {
				matchlen = 7;
				mask |= ;
else
				if (i >= 8 && (a[i - 8] == 'l' || a[i - 8] == 'L')
						&& (a[i - 7] == 'i' || a[i - 7] == 'I')
						&& (a[i - 6] == 'f' || a[i - 6] == 'F')
						&& (a[i - 5] == 'e' || a[i - 5] == 'E')
						&& (a[i - 4] == 'c' || a[i - 4] == 'C')
						&& (a[i - 3] == 'y' || a[i - 3] == 'Y')
						&& (a[i - 2] == 'c' || a[i - 2] == 'C')
						&& (a[i - 1] == 'l' || a[i - 1] == 'L')
						&& (a[i] == 'e' || a[i] == 'E')) {
					matchlen = 9;
else
					if (i >= 7
							&& (a[i - 7] == 'm' || a[i - 7] == 'M')
							&& (a[i - 6] == 'e' || a[i - 6] == 'E')
							&& (a[i - 5] == 't' || a[i - 5] == 'T')
							&& (a[i - 4] == 'a' || a[i - 4] == 'A')
							&& (a[i - 3] == 'd' || a[i - 3] == 'D')
							&& (a[i - 2] == 'a' || a[i - 2] == 'A')
							&& (a[i - 1] == 't' || a[i - 1] == 'T')
							&& (a[i] == 'a' || a[i] == 'A')) {
						matchlen = 8;
						mask |= ;
else
						if (i >= 6
								&& (a[i - 6] == 'c' || a[i - 6] == 'C')
								&& (a[i - 5] == 'o' || a[i - 5] == 'O')
								&& (a[i - 4] == 'n' || a[i - 4] == 'N')
								&& (a[i - 3] == 't' || a[i - 3] == 'T')
								&& (a[i - 2] == 'e' || a[i - 2] == 'E')
								&& (a[i - 1] == 'x' || a[i - 1] == 'X')
								&& (a[i] == 't' || a[i] == 'T')) {
							matchlen = 7;
							mask |= ;
else {
							// parse error
							throw new IllegalArgumentException("invalid permission: " + actions);
						}
			// make sure we didn't just match the tail of a word
			// like "ackbarfexecute". Also, skip to the comma.
			seencomma = false;
			while (i >= matchlen && !seencomma) {
				switch (a[i - matchlen]) {
					case ',' :
						seencomma = true;
						/* FALLTHROUGH */
					case ' ' :
					case '\r' :
					case '\n' :
					case '\f' :
					case '\t' :
						break;
					default :
						throw new IllegalArgumentException("invalid permission: " + actions);
				}
				i--;
			}
			// point i at the location of the comma minus one (or -1).
			i -= matchlen;
		}
		if (seencomma) {
			throw new IllegalArgumentException("invalid permission: " + actions);
		}
		return mask;
	}

Parse filter string into a Filter object.

Parameters:
filterString The filter string to parse.
Returns:
a Filter for this subsystem. If the specified filterString equals "*", then null is returned to indicate a wildcard.
Throws:
java.lang.IllegalArgumentException If the filter syntax is invalid.
	private static Filter parseFilter(String filterString) {
		filterString = filterString.trim();
		if (filterString.equals("*")) {
			return null;
		}
		try {
			return FrameworkUtil.createFilter(filterString);
catch (InvalidSyntaxException e) {
			IllegalArgumentException iae = new IllegalArgumentException("invalid filter");
			iae.initCause(e);
			throw iae;
		}
	}

Determines if the specified permission is implied by this object. This method throws an exception if the specified permission was not constructed with a subsystem.

This method returns true if the specified permission is a SubsystemPermission AND

  • this object's filter matches the specified permission's subsystem ID, subsystem symbolic name, and subsystem location OR
  • this object's filter is "*"
AND this object's actions include all of the specified permission's actions.

Special case: if the specified permission was constructed with "*" filter, then this method returns true if this object's filter is "*" and this object's actions include all of the specified permission's actions

Parameters:
p The requested permission.
Returns:
true if the specified permission is implied by this object; false otherwise.
	public boolean implies(Permission p) {
		if (!(p instanceof SubsystemPermission)) {
			return false;
		}
		if ( != null) {
			return false;
		}
		// if requested permission has a filter, then it is an invalid argument
		if (requested.filter != null) {
			return false;
		}
		return implies0(requested);
	}

Internal implies method. Used by the implies and the permission collection implies methods.

Parameters:
requested The requested SubsystemPermision which has already been validated as a proper argument. The requested SubsystemPermission must not have a filter expression.
effective The effective actions with which to start.
Returns:
true if the specified permission is implied by this object; false otherwise.
	boolean implies0(SubsystemPermission requestedint effective) {
		/* check actions first - much faster */
		effective |= ;
		final int desired = requested.action_mask;
		if ((effective & desired) != desired) {
			return false;
		}
		/* Get our filter */
		Filter f = ;
		if (f == null) {
			// it's "*"
			return true;
		}
		/* is requested a wildcard filter? */
		if (requested.subsystem == null) {
			return false;
		}
		Map<StringObjectrequestedProperties = requested.getProperties();
		if (requestedProperties == null) {
			/*
			 * If the requested properties are null, then we have detected a
			 * recursion getting the subsystem location. So we return true to
			 * permit the subsystem location request in the SubsystemPermission
			 * check up the stack to succeed.
			 */
			return true;
		}
		return f.matches(requestedProperties);
	}

Returns the canonical string representation of the SubsystemPermission actions.

Always returns present SubsystemPermission actions in the following order: execute, lifecycle, metadata, context.

Returns:
Canonical string representation of the SubsystemPermission actions.
	public String getActions() {
		String result = ;
		if (result == null) {
			StringBuffer sb = new StringBuffer();
			int mask = ;
			if ((mask & ) == ) {
				sb.append(',');
			}
			if ((mask & ) == ) {
				sb.append(',');
			}
			if ((mask & ) == ) {
				sb.append(',');
			}
			if ((mask & ) == ) {
				sb.append(',');
			}
			// remove trailing comma
			if (sb.length() > 0) {
				sb.setLength(sb.length() - 1);
			}
			 = result = sb.toString();
		}
		return result;
	}

Returns a new PermissionCollection object suitable for storing SubsystemPermissions.

Returns:
A new PermissionCollection object.
	}

Determines the equality of two SubsystemPermission objects.

Parameters:
obj The object being compared for equality with this object.
Returns:
true if obj is equivalent to this SubsystemPermission; false otherwise.
	public boolean equals(Object obj) {
		if (obj == this) {
			return true;
		}
		if (!(obj instanceof SubsystemPermission)) {
			return false;
		}
		return ( == sp.action_mask) && (( == sp.subsystem) || (( != null) && .equals(sp.subsystem)))
				&& ( == null ? sp.filter == null : .equals(sp.filter));
	}

Returns the hash code value for this object.

Returns:
Hash code value for this object.
	public int hashCode() {
		int h = 31 * 17 + getName().hashCode();
		h = 31 * h + getActions().hashCode();
		if ( != null) {
			h = 31 * h + .hashCode();
		}
		return h;
	}

WriteObject is called to save the state of this permission object to a stream. The actions are serialized, and the superclass takes care of the name.
	private synchronized void writeObject(java.io.ObjectOutputStream sthrows IOException {
		if ( != null) {
			throw new NotSerializableException("cannot serialize");
		}
		// Write out the actions. The superclass takes care of the name
		// call getActions to make sure actions field is initialized
		if ( == null)
	}

readObject is called to restore the state of this permission from a stream.
	private synchronized void readObject(java.io.ObjectInputStream sthrows IOExceptionClassNotFoundException {
		// Read in the data, then initialize the transients
	}

Called by implies0 on an SubsystemPermission which was constructed with a Subsystem. This method loads a map with the filter-matchable properties of this subsystem. The map is cached so this lookup only happens once. This method should only be called on an SubsystemPermission which was constructed with a subsystem

Returns:
a map of properties for this subsystem
	private Map<StringObjectgetProperties() {
		Map<StringObjectresult = ;
		if (result != null) {
			return result;
		}
		/*
		 * We may have recursed here due to the Subsystem.getLocation call in
		 * the doPrivileged below. If this is the case, return null to allow
		 * implies to return true.
		 */
		final Object mark = .get();
		if (mark == ) {
			return null;
		}
		try {
			final Map<StringObjectmap = new HashMap<StringObject>(4);
			AccessController.doPrivileged(new PrivilegedAction<Object>() {
				public Object run() {
					map.put("id"new Long(.getSubsystemId()));
					map.put("location".getLocation());
					map.put("name".getSymbolicName());
					return null;
				}
			});
			return  = map;
finally {
			.set(null);
		}
	}
Stores a collection of SubsystemPermissions.
	private static final long							serialVersionUID	= 3906372644575328048L;
Collection of permissions.

GuardedBy:
this
	private transient Map<StringSubsystemPermission>	permissions;

Boolean saying if "*" is in the collection.

Serial:
GuardedBy:
this
	private boolean										all_allowed;

Create an empty SubsystemPermissionCollection object.
	}

Adds a permission to this permission collection.

Parameters:
permission The SubsystemPermission object to add.
Throws:
java.lang.IllegalArgumentException If the specified permission is not an SubsystemPermission instance or was constructed with a Subsystem object.
java.lang.SecurityException If this SubsystemPermissionCollection object has been marked read-only.
	public void add(Permission permission) {
		if (!(permission instanceof SubsystemPermission)) {
			throw new IllegalArgumentException("invalid permission: " + permission);
		}
		if (isReadOnly()) {
			throw new SecurityException("attempt to add a Permission to a " + "readonly PermissionCollection");
		}
		final SubsystemPermission sp = (SubsystemPermissionpermission;
		if (sp.subsystem != null) {
			throw new IllegalArgumentException("cannot add to collection: " + sp);
		}
		final String name = sp.getName();
		synchronized (this) {
			SubsystemPermission existing = pc.get(name);
			if (existing != null) {
				int oldMask = existing.action_mask;
				int newMask = sp.action_mask;
				if (oldMask != newMask) {
					pc.put(namenew SubsystemPermission(existing.filteroldMask | newMask));
				}
else {
				pc.put(namesp);
			}
			if (!) {
				if (name.equals("*")) {
					 = true;
				}
			}
		}
	}

Determines if the specified permissions implies the permissions expressed in permission.

Parameters:
permission The Permission object to compare with the SubsystemPermission objects in this collection.
Returns:
true if permission is implied by an SubsystemPermission in this collection, false otherwise.
	public boolean implies(Permission permission) {
		if (!(permission instanceof SubsystemPermission)) {
			return false;
		}
		SubsystemPermission requested = (SubsystemPermissionpermission;
		// if requested permission has a filter, then it is an invalid argument
		if (requested.filter != null) {
			return false;
		}
		int effective = .;
		synchronized (this) {
			// short circuit if the "*" Permission was added
			if () {
				SubsystemPermission sp = pc.get("*");
				if (sp != null) {
					effective |= sp.action_mask;
					final int desired = requested.action_mask;
					if ((effective & desired) == desired) {
						return true;
					}
				}
			}
			perms = pc.values();
		}
		// just iterate one by one
		for (SubsystemPermission perm : perms) {
			if (perm.implies0(requestedeffective)) {
				return true;
			}
		}
		return false;
	}

Returns an enumeration of all SubsystemPermission objects in the container.

Returns:
Enumeration of all SubsystemPermission objects.
	public synchronized Enumeration<Permissionelements() {
		return Collections.enumeration(all);
	}
	/* serialization logic */
	private static final ObjectStreamField[]	serialPersistentFields	= {new ObjectStreamField("permissions"HashMap.class), new ObjectStreamField("all_allowed".)};
	private synchronized void writeObject(ObjectOutputStream outthrows IOException {
		pfields.put("permissions");
		pfields.put("all_allowed");
	}
	private synchronized void readObject(java.io.ObjectInputStream inthrows IOExceptionClassNotFoundException {
		HashMap<StringSubsystemPermissionp = (HashMap<StringSubsystemPermission>) gfields.get("permissions"null);
		 = gfields.get("all_allowed"false);
	}
New to GrepCode? Check out our FAQ X