jdk-sandbox: comparison jdk/src/share/classes/javax/management/MBeanPermission.java

equal deleted inserted replaced

-:a9a142fcf1b5
+:bbc2d15aaf7a
 * have any questions.
 */
 package javax.management;
+import com.sun.jmx.mbeanserver.Util;
 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.security.Permission;
 /**
 * <p>As with other {@link Permission} objects, an MBeanPermission can
 * represent either a permission that you <em>have</em> or a
 * permission that you <em>need</em>.  When a sensitive operation is
 * being checked for permission, an MBeanPermission is constructed
 * representing the permission you need.  The operation is only
-* allowed if the permissions you have {@link #implies imply} the
+* allowed if the permissions you have {@linkplain #implies imply} the
 * permission you need.</p>
 *
-* <p>An MBeanPermission contains four items of information:</p>
+* <p>An MBeanPermission contains five items of information:</p>
 *
 * <ul>
 *
 * <li><p>The <em>action</em>.  For a permission you need,
 * this is one of the actions in the list <a
 * href="#action-list">below</a>.  For a permission you have, this is
 * a comma-separated list of those actions, or <code>*</code>,
 * representing all actions.</p>
 *
 * <p>The action is returned by {@link #getActions()}.</p>
+*
+* <li id="MBeanServerName"><p>The <em>MBean Server name</em>.</p>
+*
+* <p>For a permission you need, this is the {@linkplain
+* javax.management.MBeanServerFactory#getMBeanServerName
+* name of the MBeanServer}
+* containing the <a href="#MBeanName">MBean</a> for which the MBean
+* permission is checked.</p>
+*
+* <p>For a permission you have, this is either the  {@linkplain
+* javax.management.MBeanServerFactory#getMBeanServerName
+* name of the MBeanServer} in which the <a href="#MBeanName">MBean</a>
+* you have this permission for must be registered,
+* or a pattern against which that MBean Server name will be matched.<br>
+* An {@code mbeanServerName} pattern can also be empty or the single
+* character {@code "*"}, both of which will match any {@code MBeanServer} name.
+* </p>
 *
 * <li><p>The <em>class name</em>.</p>
 *
 * <p>For a permission you need, this is the class name of an MBean
 * you are accessing, as returned by {@link
 *
 * <p>For a permission you have, this is either the name of an attribute
 * or operation you can access, or it is empty or the single character
 * "<code>*</code>", both of which grant access to any member.</p>
 *
-* <li><p>The <em>object name</em>.</p>
+* <li id="MBeanName"><p>The <em>object name</em>.</p>
 *
 * <p>For a permission you need, this is the {@link ObjectName} of the
 * MBean you are accessing.  For operations that do not reference a
 * single MBean, it is null.  It is never an object name pattern.</p>
 *
 * name.</p>
 *
 * </ul>
 *
 * <p>If you have an MBeanPermission, it allows operations only if all
-* four of the items match.</p>
+* five of the items match.</p>
 *
-* <p>The class name, member, and object name can be written together
+* <p>The MBean Server name, class name, member, and object name can be written
-* as a single string, which is the <em>name</em> of this permission.
+* together as a single string, which is the <em>name</em> of this permission.
 * The name of the permission is the string returned by {@link
 * Permission#getName() getName()}.  The format of the string is:</p>
 *
 * <blockquote>
-* <code>className#member[objectName]</code>
+* <code>mbeanServerName::className#member[objectName]</code>
 * </blockquote>
 *
 * <p>The object name is written using the usual syntax for {@link
 * ObjectName}.  It may contain any legal characters, including
 * <code>]</code>.  It is terminated by a <code>]</code> character
 * that is the last character in the string.</p>
 *
-* <p>One or more of the <code>className</code>, <code>member</code>,
+* <p>One or more of the <code>mbeanServerName</code>, <code>className</code>,
-* or <code>objectName</code> may be omitted.  If the
+* <code>member</code>, or <code>objectName</code> may be omitted. If the
-* <code>member</code> is omitted, the <code>#</code> may be too (but
+* <code>mbeanServerName</code> is omitted, the <code>::</code> may be too (but
+* does not have to be).
+* If the <code>member</code> is omitted, the <code>#</code> may be too (but
 * does not have to be).  If the <code>objectName</code> is omitted,
 * the <code>[]</code> may be too (but does not have to be).  It is
-* not legal to omit all three items, that is to have a <em>name</em>
+* not legal to omit all four items, that is to have a <em>name</em>
 * that is the empty string.</p>
 *
-* <p>One or more of the <code>className</code>, <code>member</code>,
+* <p>One or more of the <code>mbeanServerName</code>,  <code>className</code>,
+* <code>member</code>,
 * or <code>objectName</code> may be the character "<code>-</code>",
 * which is equivalent to a null value.  A null value is implied by
 * any value (including another null value) but does not imply any
 * other value.</p>
 *
 * objectName but does not imply any non-null objectName.
 */
 private transient ObjectName objectName;
 /**
+* The name of the MBeanServer in which this permission is checked, or
+* granted.  If null, is implied by any MBean Server name
+* but does not imply any non-null MBean Server name.
+*/
+private transient String mbeanServerName;
+/**
 * Parse <code>actions</code> parameter.
 */
 private void parseActions() {
 int mask;
 if (name.equals(""))
 throw new IllegalArgumentException("MBeanPermission name " +
 "cannot be empty");
+final int sepIndex = name.indexOf("::");
+if (sepIndex < 0) {
+setMBeanServerName("*");
+} else {
+setMBeanServerName(name.substring(0,sepIndex));
+}
 /* The name looks like "class#member[objectname]".  We subtract
 elements from the right as we parse, so after parsing the
 objectname we have "class#member" and after parsing the
 member we have "class".  Each element is optional.  */
 // Parse ObjectName
-int openingBracket = name.indexOf("[");
+final int start = (sepIndex<0)?0:sepIndex+2;
+int openingBracket = name.indexOf("[",start);
 if (openingBracket == -1) {
 // If "[on]" missing then ObjectName("*:*")
 //
 objectName = ObjectName.WILDCARD;
+name = name.substring(start);
 } else {
 if (!name.endsWith("]")) {
 throw new IllegalArgumentException("MBeanPermission: " +
 "The ObjectName in the " +
 "target name must be " +
 "included in square " +
 "brackets");
 } else {
 // Create ObjectName
 //
+String on = name.substring(openingBracket + 1,
+name.length() - 1);
 try {
 // If "[]" then ObjectName("*:*")
 //
-String on = name.substring(openingBracket + 1,
-name.length() - 1);
 if (on.equals(""))
 objectName = ObjectName.WILDCARD;
 else if (on.equals("-"))
 objectName = null;
 else
 objectName = new ObjectName(on);
 } catch (MalformedObjectNameException e) {
 throw new IllegalArgumentException("MBeanPermission: " +
 "The target name does " +
 "not specify a valid " +
-"ObjectName");
+"ObjectName", e);
 }
 }
-name = name.substring(0, openingBracket);
+name = name.substring(start, openingBracket);
 }
 // Parse member
 int poundSign = name.indexOf("#");
 /**
 * Assign fields based on className, member, and objectName
 * parameters.
 */
-private void initName(String className, String member,
+private void initName(String mbeanServerName, String className,
-ObjectName objectName) {
+String member, ObjectName objectName) {
+setMBeanServerName(mbeanServerName);
 setClassName(className);
 setMember(member);
 this.objectName = objectName;
 }
 this.member = "*";
 else
 this.member = member;
 }
+private void setMBeanServerName(String mbeanServerName) {
+if (mbeanServerName == null || mbeanServerName.equals("-")) {
+this.mbeanServerName = null;
+} else if (mbeanServerName.equals("")) {
+this.mbeanServerName = "*";
+} else {
+this.mbeanServerName = mbeanServerName;
+}
+}
 /**
 * <p>Create a new MBeanPermission object with the specified target name
 * and actions.</p>
 *
 * <p>The target name is of the form
-* "<code>className#member[objectName]</code>" where each part is
+* "<code>mbeanServerName::className#member[objectName]</code>" where
-* optional.  It must not be empty or null.</p>
+* each part is optional.  It must not be empty or null.</p>
 *
 * <p>The actions parameter contains a comma-separated list of the
 * desired actions granted on the target name.  It must not be
 * empty or null.</p>
 *
-* @param name the triplet "className#member[objectName]".
+* @param name the quadruplet "mbeanServerName::className#member[objectName]".
 * @param actions the action string.
 *
 * @exception IllegalArgumentException if the <code>name</code> or
 * <code>actions</code> is invalid.
 */
 * <p>The class name, member and object name parameters define a
 * target name of the form
 * "<code>className#member[objectName]</code>" where each part is
 * optional.  This will be the result of {@link #getName()} on the
 * resultant MBeanPermission.</p>
+*
+* <p>This corresponds to a permission granted for all
+*    MBean servers present in the JVM and is equivalent to
+*    {@link #MBeanPermission(String,String,String,ObjectName,String)
+*           MBeanPermission("*",className,member,objectName,actions)}.
+* </p>
 *
 * <p>The actions parameter contains a comma-separated list of the
 * desired actions granted on the target name.  It must not be
 * empty or null.</p>
 *
 */
 public MBeanPermission(String className,
 String member,
 ObjectName objectName,
 String actions) {
+this("*",className,member,objectName,actions);
-super(makeName(className, member, objectName));
+}
-initName(className, member, objectName);
+/**
+* <p>Create a new MBeanPermission object with the specified target name
+* (MBean Server name, class name, member, object name) and actions.</p>
+*
+* <p>The MBean Server name, class name, member and object name
+* parameters define a target name of the form
+* "<code>mbeanServerName::className#member[objectName]</code>" where each
+* part is optional.  This will be the result of {@link #getName()} on the
+* resultant MBeanPermission.
+* If the <code>mbeanServerName</code> is empty or exactly {@code "*"}, then
+* "{@code mbeanServerName::}" is omitted in that result.
+* </p>
+*
+* <p>The actions parameter contains a comma-separated list of the
+* desired actions granted on the target name.  It must not be
+* empty or null.</p>
+*
+* @param mbeanServerName the name of the {@code MBeanServer} to which this
+* permission applies.
+* May be null or <code>"-"</code>, which represents an MBeanServer name
+* that is implied by any MBeanServer name but does not imply any other
+* MBeanServer name.
+* @param className the class name to which this permission applies.
+* May be null or <code>"-"</code>, which represents a class name
+* that is implied by any class name but does not imply any other
+* class name.
+* @param member the member to which this permission applies.  May
+* be null or <code>"-"</code>, which represents a member that is
+* implied by any member but does not imply any other member.
+* @param objectName the object name to which this permission
+* applies.  May be null, which represents an object name that is
+* implied by any object name but does not imply any other object
+* name.
+* @param actions the action string.
+*
+* @since 1.7
+*/
+public MBeanPermission(String mbeanServerName,
+String className,
+String member,
+ObjectName objectName,
+String actions) {
+super(makeName(mbeanServerName,className, member, objectName));
+initName(mbeanServerName,className, member, objectName);
 this.actions = actions;
 parseActions();
 }
-private static String makeName(String className, String member,
+private static String makeName(String mbeanServerName, String className,
+String member,
 ObjectName objectName) {
 final StringBuilder name = new StringBuilder();
+if (mbeanServerName == null)
+mbeanServerName = "-";
+if (!mbeanServerName.equals("") && !mbeanServerName.equals("*"))
+name.append(mbeanServerName).append("::");
 if (className == null)
 className = "-";
 name.append(className);
 if (member == null)
 member = "-";
 *
 * <ul>
 *
 * <li> <i>p</i> is an instance of MBeanPermission; and</li>
 *
+* <li> <i>p</i> has a null mbeanServerName or <i>p</i>'s mbeanServerName
+* matches this object's mbeanServerName; and</li>
+*
 * <li> <i>p</i> has a null className or <i>p</i>'s className
 * matches this object's className; and</li>
 *
 * <li> <i>p</i> has a null member or <i>p</i>'s member matches this
 * object's member; and</li>
 * object name matches this object's object name; and</li>
 *
 * <li> <i>p</i>'s actions are a subset of this object's actions</li>
 *
 * </ul>
+*
+* <p>If this object's mbeanServerName is a pattern, then <i>p</i>'s
+*    mbeanServerName is matched against that pattern. An empty
+*    mbeanServerName is equivalent to "{@code *}". A null
+*    mbeanServerName is equivalent to "{@code -}".</p>
+* <p>If this object's mbeanServerName is "<code>*</code>" or is
+* empty, <i>p</i>'s mbeanServerName always matches it.</p>
 *
 * <p>If this object's className is "<code>*</code>", <i>p</i>'s
 * className always matches it.  If it is "<code>a.*</code>", <i>p</i>'s
 * className matches it if it begins with "<code>a.</code>".</p>
 *
 return false;
 }
 }
 // Target name
+//
+// The 'mbeanServerName' check is true iff:
+// 1) the mbeanServerName in 'this' permission is omitted or "*", or
+// 2) the mbeanServerName in 'that' permission is omitted or "*", or
+// 3) the mbeanServerName in 'this' permission does pattern
+//    matching with the mbeanServerName in 'that' permission.
 //
 // The 'className' check is true iff:
 // 1) the className in 'this' permission is omitted or "*", or
 // 2) the className in 'that' permission is omitted or "*", or
 // 3) the className in 'this' permission does pattern
 If that.classNamePrefix is empty that means the className is
 irrelevant for this permission check.  Otherwise, we do not
 expect that "that" contains a wildcard, since it is a
 needed permission.  So we assume that.classNameExactMatch.  */
+if (that.mbeanServerName == null) {
+// bottom is implied
+} else if (this.mbeanServerName == null) {
+// bottom implies nothing but itself
+return false;
+} else if (that.mbeanServerName.equals(this.mbeanServerName)) {
+// exact match
+} else if (!Util.wildmatch(that.mbeanServerName,this.mbeanServerName)) {
+return false; // no match
+}
 if (that.classNamePrefix == null) {
 // bottom is implied
 } else if (this.classNamePrefix == null) {
 // bottom implies nothing but itself
 return false;

changeset 1156	bbc2d15aaf7a
parent 2	90ce3da70b43
child 1247	b4c26443dee5