60 * javax.management.MBeanServerDelegate MBeanServerDelegate}. This |
60 * javax.management.MBeanServerDelegate MBeanServerDelegate}. This |
61 * <CODE>ObjectName</CODE> is: <BR> |
61 * <CODE>ObjectName</CODE> is: <BR> |
62 * <CODE>JMImplementation:type=MBeanServerDelegate</CODE>.</p> |
62 * <CODE>JMImplementation:type=MBeanServerDelegate</CODE>.</p> |
63 * |
63 * |
64 * <p id="security">An object obtained from the {@link |
64 * <p id="security">An object obtained from the {@link |
65 * MBeanServerFactory#createMBeanServer(String) createMBeanServer} or |
65 * MBeanServerFactory#createMBeanServer(String) createMBeanServer}, {@link |
66 * {@link MBeanServerFactory#newMBeanServer(String) newMBeanServer} |
66 * MBeanServerFactory#createNamedMBeanServer(String,String) createNamedMBeanServer}, |
|
67 * {@link |
|
68 * MBeanServerFactory#newMBeanServer(String) newMBeanServer}, or |
|
69 * {@link |
|
70 * MBeanServerFactory#newNamedMBeanServer(String,String) newNamedMBeanServer} |
67 * methods of the {@link MBeanServerFactory} class applies security |
71 * methods of the {@link MBeanServerFactory} class applies security |
68 * checks to its methods, as follows.</p> |
72 * checks to its methods, as follows.</p> |
69 * |
73 * |
70 * <p>First, if there is no security manager ({@link |
74 * <p>First, if there is no security manager ({@link |
71 * System#getSecurityManager()} is null), then an implementation of |
75 * System#getSecurityManager()} is null), then an implementation of |
72 * this interface is free not to make any checks.</p> |
76 * this interface is free not to make any checks.</p> |
73 * |
77 * |
74 * <p>Assuming that there is a security manager, or that the |
78 * <p>Assuming that there is a security manager, or that the |
75 * implementation chooses to make checks anyway, the checks are made |
79 * implementation chooses to make checks anyway, the checks are made |
76 * as detailed below. In what follows, <code>className</code> is the |
80 * as detailed below. |
|
81 * In what follows, and unless otherwise specified: |
|
82 * </p> |
|
83 * <ul><li><code>className</code> is the |
77 * string returned by {@link MBeanInfo#getClassName()} for the target |
84 * string returned by {@link MBeanInfo#getClassName()} for the target |
78 * MBean.</p> |
85 * MBean,</li> |
|
86 * <li>{@code mbeanServerName} is the |
|
87 * {@linkplain MBeanServerFactory#getMBeanServerName name of the |
|
88 * MBean Server} in which the target MBean is registered. This is the |
|
89 * value returned by {@link MBeanServerFactory#getMBeanServerName |
|
90 * MBeanServerFactory.getMBeanServerName(MBeanServer)}, and |
|
91 * is usually the {@code mbeanServerName} parameter that was supplied |
|
92 * to the {@link |
|
93 * MBeanServerFactory#createNamedMBeanServer(String,String) |
|
94 * createNamedMBeanServer} or {@link |
|
95 * MBeanServerFactory#newNamedMBeanServer(String,String) newNamedMBeanServer} |
|
96 * methods of the {@link MBeanServerFactory} when the MBeanServer was created, |
|
97 * or {@value javax.management.MBeanServerFactory#DEFAULT_MBEANSERVER_NAME} if |
|
98 * no name was supplied. |
|
99 * </li></ul> |
79 * |
100 * |
80 * <p>If a security check fails, the method throws {@link |
101 * <p>If a security check fails, the method throws {@link |
81 * SecurityException}.</p> |
102 * SecurityException}.</p> |
82 * |
103 * |
83 * <p>For methods that can throw {@link InstanceNotFoundException}, |
104 * <p>For methods that can throw {@link InstanceNotFoundException}, |
87 * |
108 * |
88 * <ul> |
109 * <ul> |
89 * |
110 * |
90 * <li><p>For the {@link #invoke invoke} method, the caller's |
111 * <li><p>For the {@link #invoke invoke} method, the caller's |
91 * permissions must imply {@link |
112 * permissions must imply {@link |
92 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
113 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
93 * MBeanPermission(className, operationName, name, "invoke")}.</p> |
114 * MBeanPermission(mbeanServerName, className, operationName, name, "invoke")}. |
|
115 * </p> |
94 * |
116 * |
95 * <li><p>For the {@link #getAttribute getAttribute} method, the |
117 * <li><p>For the {@link #getAttribute getAttribute} method, the |
96 * caller's permissions must imply {@link |
118 * caller's permissions must imply {@link |
97 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
119 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
98 * MBeanPermission(className, attribute, name, "getAttribute")}.</p> |
120 * MBeanPermission(mbeanServerName, className, attribute, name, |
|
121 * "getAttribute")}.</p> |
99 * |
122 * |
100 * <li><p>For the {@link #getAttributes getAttributes} method, the |
123 * <li><p>For the {@link #getAttributes getAttributes} method, the |
101 * caller's permissions must imply {@link |
124 * caller's permissions must imply {@link |
102 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
125 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
103 * MBeanPermission(className, null, name, "getAttribute")}. |
126 * MBeanPermission(mbeanServerName,className, null, name, "getAttribute")}. |
104 * Additionally, for each attribute <em>a</em> in the {@link |
127 * Additionally, for each attribute <em>a</em> in the {@link |
105 * AttributeList}, if the caller's permissions do not imply {@link |
128 * AttributeList}, if the caller's permissions do not imply {@link |
106 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
129 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
107 * MBeanPermission(className, <em>a</em>, name, "getAttribute")}, the |
130 * MBeanPermission(mbeanServerName, className, <em>a</em>, name, |
|
131 * "getAttribute")}, the |
108 * MBean server will behave as if that attribute had not been in the |
132 * MBean server will behave as if that attribute had not been in the |
109 * supplied list.</p> |
133 * supplied list.</p> |
110 * |
134 * |
111 * <li><p>For the {@link #setAttribute setAttribute} method, the |
135 * <li><p>For the {@link #setAttribute setAttribute} method, the |
112 * caller's permissions must imply {@link |
136 * caller's permissions must imply {@link |
113 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
137 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
114 * MBeanPermission(className, attrName, name, "setAttribute")}, where |
138 * MBeanPermission(mbeanServerName, className, attrName, name, |
|
139 * "setAttribute")}, where |
115 * <code>attrName</code> is {@link Attribute#getName() |
140 * <code>attrName</code> is {@link Attribute#getName() |
116 * attribute.getName()}.</p> |
141 * attribute.getName()}.</p> |
117 * |
142 * |
118 * <li><p>For the {@link #setAttributes setAttributes} method, the |
143 * <li><p>For the {@link #setAttributes setAttributes} method, the |
119 * caller's permissions must imply {@link |
144 * caller's permissions must imply {@link |
120 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
145 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
121 * MBeanPermission(className, null, name, "setAttribute")}. |
146 * MBeanPermission(mbeanServerName, className, null, name, "setAttribute")}. |
122 * Additionally, for each attribute <em>a</em> in the {@link |
147 * Additionally, for each attribute <em>a</em> in the {@link |
123 * AttributeList}, if the caller's permissions do not imply {@link |
148 * AttributeList}, if the caller's permissions do not imply {@link |
124 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
149 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
125 * MBeanPermission(className, <em>a</em>, name, "setAttribute")}, the |
150 * MBeanPermission(mbeanServerName, className, <em>a</em>, name, |
|
151 * "setAttribute")}, the |
126 * MBean server will behave as if that attribute had not been in the |
152 * MBean server will behave as if that attribute had not been in the |
127 * supplied list.</p> |
153 * supplied list.</p> |
128 * |
154 * |
129 * <li><p>For the <code>addNotificationListener</code> methods, |
155 * <li><p>For the <code>addNotificationListener</code> methods, |
130 * the caller's permissions must imply {@link |
156 * the caller's permissions must imply {@link |
131 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
157 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
132 * MBeanPermission(className, null, name, |
158 * MBeanPermission(mbeanServerName, className, null, name, |
133 * "addNotificationListener")}.</p> |
159 * "addNotificationListener")}.</p> |
134 * |
160 * |
135 * <li><p>For the <code>removeNotificationListener</code> methods, |
161 * <li><p>For the <code>removeNotificationListener</code> methods, |
136 * the caller's permissions must imply {@link |
162 * the caller's permissions must imply {@link |
137 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
163 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
138 * MBeanPermission(className, null, name, |
164 * MBeanPermission(mbeanServerName, className, null, name, |
139 * "removeNotificationListener")}.</p> |
165 * "removeNotificationListener")}.</p> |
140 * |
166 * |
141 * <li><p>For the {@link #getMBeanInfo getMBeanInfo} method, the |
167 * <li><p>For the {@link #getMBeanInfo getMBeanInfo} method, the |
142 * caller's permissions must imply {@link |
168 * caller's permissions must imply {@link |
143 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
169 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
144 * MBeanPermission(className, null, name, "getMBeanInfo")}.</p> |
170 * MBeanPermission(mbeanServerName, className, null, name, "getMBeanInfo")}. |
|
171 * </p> |
145 * |
172 * |
146 * <li><p>For the {@link #getObjectInstance getObjectInstance} method, |
173 * <li><p>For the {@link #getObjectInstance getObjectInstance} method, |
147 * the caller's permissions must imply {@link |
174 * the caller's permissions must imply {@link |
148 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
175 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
149 * MBeanPermission(className, null, name, "getObjectInstance")}.</p> |
176 * MBeanPermission(mbeanServerName, className, null, name, |
|
177 * "getObjectInstance")}.</p> |
150 * |
178 * |
151 * <li><p>For the {@link #isInstanceOf isInstanceOf} method, the |
179 * <li><p>For the {@link #isInstanceOf isInstanceOf} method, the |
152 * caller's permissions must imply {@link |
180 * caller's permissions must imply {@link |
153 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
181 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
154 * MBeanPermission(className, null, name, "isInstanceOf")}.</p> |
182 * MBeanPermission(mbeanServerName, className, null, name, "isInstanceOf")}. |
|
183 * </p> |
155 * |
184 * |
156 * <li><p>For the {@link #queryMBeans queryMBeans} method, the |
185 * <li><p>For the {@link #queryMBeans queryMBeans} method, the |
157 * caller's permissions must imply {@link |
186 * caller's permissions must imply {@link |
158 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
187 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
159 * MBeanPermission(null, null, name, "queryMBeans")}. |
188 * MBeanPermission(mbeanServerName, null, null, null, "queryMBeans")}. |
160 * Additionally, for each MBean that matches <code>name</code>, |
189 * Additionally, for each MBean that matches <code>name</code>, |
161 * if the caller's permissions do not imply {@link |
190 * if the caller's permissions do not imply {@link |
162 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
191 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
163 * MBeanPermission(className, null, name, "queryMBeans")}, the |
192 * MBeanPermission(mbeanServerName, className, null, name, "queryMBeans")}, the |
164 * MBean server will behave as if that MBean did not exist.</p> |
193 * MBean server will behave as if that MBean did not exist.</p> |
165 * |
194 * |
166 * <p>Certain query elements perform operations on the MBean server. |
195 * <p>Certain query elements perform operations on the MBean server. |
167 * If the caller does not have the required permissions for a given |
196 * If the caller does not have the required permissions for a given |
168 * MBean, that MBean will not be included in the result of the query. |
197 * MBean, that MBean will not be included in the result of the query. |
177 * objects. Note that a <code>"queryMBeans"</code> permission implies |
206 * objects. Note that a <code>"queryMBeans"</code> permission implies |
178 * the corresponding <code>"queryNames"</code> permission.</p> |
207 * the corresponding <code>"queryNames"</code> permission.</p> |
179 * |
208 * |
180 * <li><p>For the {@link #getDomains getDomains} method, the caller's |
209 * <li><p>For the {@link #getDomains getDomains} method, the caller's |
181 * permissions must imply {@link |
210 * permissions must imply {@link |
182 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
211 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
183 * MBeanPermission(null, null, name, "getDomains")}. Additionally, |
212 * MBeanPermission(mbeanServerName, null, null, null, "getDomains")}. |
184 * for each domain <var>d</var> in the returned array, if the caller's |
213 * Additionally, for each domain <var>d</var> in the returned array, if the |
185 * permissions do not imply {@link |
214 * caller's permissions do not imply {@link |
186 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
215 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
187 * MBeanPermission(null, null, new ObjectName("<var>d</var>:x=x"), |
216 * MBeanPermission(null, null, new ObjectName("<var>d</var>:x=x"), |
188 * "getDomains")}, the domain is eliminated from the array. Here, |
217 * "getDomains")}, the domain is eliminated from the array. Here, |
189 * <code>x=x</code> is any <var>key=value</var> pair, needed to |
218 * <code>x=x</code> is any <var>key=value</var> pair, needed to |
190 * satisfy ObjectName's constructor but not otherwise relevant.</p> |
219 * satisfy ObjectName's constructor but not otherwise relevant.</p> |
191 * |
220 * |
192 * <li><p>For the {@link #getClassLoader getClassLoader} method, the |
221 * <li><p>For the {@link #getClassLoader getClassLoader} method, the |
193 * caller's permissions must imply {@link |
222 * caller's permissions must imply {@link |
194 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
223 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
195 * MBeanPermission(className, null, loaderName, |
224 * MBeanPermission(mbeanServerName, className, null, loaderName, |
196 * "getClassLoader")}.</p> |
225 * "getClassLoader")}.</p> |
197 * |
226 * |
198 * <li><p>For the {@link #getClassLoaderFor getClassLoaderFor} method, |
227 * <li><p>For the {@link #getClassLoaderFor getClassLoaderFor} method, |
199 * the caller's permissions must imply {@link |
228 * the caller's permissions must imply {@link |
200 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
229 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
201 * MBeanPermission(className, null, mbeanName, |
230 * MBeanPermission(mbeanServerName, className, null, mbeanName, |
202 * "getClassLoaderFor")}.</p> |
231 * "getClassLoaderFor")}.</p> |
203 * |
232 * |
204 * <li><p>For the {@link #getClassLoaderRepository |
233 * <li><p>For the {@link #getClassLoaderRepository |
205 * getClassLoaderRepository} method, the caller's permissions must |
234 * getClassLoaderRepository} method, the caller's permissions must |
206 * imply {@link |
235 * imply {@link |
207 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
236 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
208 * MBeanPermission(null, null, null, "getClassLoaderRepository")}.</p> |
237 * MBeanPermission(mbeanServerName, null, null, null, |
|
238 * "getClassLoaderRepository")}.</p> |
209 * |
239 * |
210 * <li><p>For the deprecated <code>deserialize</code> methods, the |
240 * <li><p>For the deprecated <code>deserialize</code> methods, the |
211 * required permissions are the same as for the methods that replace |
241 * required permissions are the same as for the methods that replace |
212 * them.</p> |
242 * them.</p> |
213 * |
243 * |
214 * <li><p>For the <code>instantiate</code> methods, the caller's |
244 * <li><p>For the <code>instantiate</code> methods, the caller's |
215 * permissions must imply {@link |
245 * permissions must imply {@link |
216 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
246 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
217 * MBeanPermission(className, null, null, "instantiate")}.</p> |
247 * MBeanPermission(mbeanServerName, className, null, null, "instantiate")}, |
|
248 * where {@code className} is the name of the class which is to |
|
249 * be instantiated.</p> |
218 * |
250 * |
219 * <li><p>For the {@link #registerMBean registerMBean} method, the |
251 * <li><p>For the {@link #registerMBean registerMBean} method, the |
220 * caller's permissions must imply {@link |
252 * caller's permissions must imply {@link |
221 * MBeanPermission#MBeanPermission(String,String,ObjectName,String) |
253 * MBeanPermission#MBeanPermission(String,String,String,ObjectName,String) |
222 * MBeanPermission(className, null, name, "registerMBean")}. Here |
254 * MBeanPermission(mbeanServerName, className, null, name, "registerMBean")}. |
223 * <code>className</code> is the string returned by {@link |
|
224 * MBeanInfo#getClassName()} for an object of this class. |
|
225 * |
255 * |
226 * <p>If the <code>MBeanPermission</code> check succeeds, the MBean's |
256 * <p>If the <code>MBeanPermission</code> check succeeds, the MBean's |
227 * class is validated by checking that its {@link |
257 * class is validated by checking that its {@link |
228 * java.security.ProtectionDomain ProtectionDomain} implies {@link |
258 * java.security.ProtectionDomain ProtectionDomain} implies {@link |
229 * MBeanTrustPermission#MBeanTrustPermission(String) |
259 * MBeanTrustPermission#MBeanTrustPermission(String) |