Module org.apache.derby.commons
Package org.apache.derby.shared.common.security

Class SystemPermission

  • All Implemented Interfaces:
    Serializable, Guard
    public final class SystemPermission
extends BasicPermission
    This class represents access to system-wide Derby privileges.

    Permission Description Risk
    "jmx" "control" Controls the ability of JMX clients to control Derby and view security sensitive attributes through Derby's MBeans. JMX clients may be able to change the state of the running system
    "jmx" "monitor" Controls the ability of JMX clients to monitor Derby through Derby's MBeans, such as viewing number of current connections and configuration settings. Note: security related settings require control action on jmx JMX clients can see information about a runing system including software versions.
    See Also:
    Serialized Form

    • Field Detail

      • SERVER

        public static final String SERVER
        Permission target name ("server") for actions applicable to the network server.
        See Also:
        Constant Field Values

      • ENGINE

        public static final String ENGINE
        Permission target name ("engine") for actions applicable to the core database engine.
        See Also:
        Constant Field Values

      • JMX

        public static final String JMX
        Permission target name ("jmx") for actions applicable to management of Derby's JMX MBeans.
        See Also:
        Constant Field Values

      • CONTROL

        public static final String CONTROL
        Action ("control") to perform control actions through JMX on engine, server or jmx.

        For JMX control permission is required to get attributes that are deemed sensiive from a security aspect, such as the network server's port number, security mechanisms and any information about the file system.

        See Also:
        Constant Field Values

      • MONITOR

        public static final String MONITOR
        Action ("monitor") to perform monitoring actions through JMX on engine and server.
        See Also:
        Constant Field Values

      • USE_DERBY_INTERNALS

        public static final String USE_DERBY_INTERNALS
        Action ("useDerbyInternals") by the engine to lookup Derby contexts.
        See Also:
        Constant Field Values

      • ENGINE_MONITOR

        public static final SystemPermission ENGINE_MONITOR
        Constant representing SystemPermission("engine, "monitor").

    • Method Detail

      • parseActions

        public static Set<String> parseActions​(String actions)
        Get a set of all actions specified in a string. Actions are transformed to lower-case, and leading and trailing blanks are stripped off.
        Parameters:
        actions - the specified actions string
        Returns:
        a set of all the specified actions

      • buildActionsString

        public static String buildActionsString​(Iterable<String> actions)
        Build a comma-separated actions string suitable for returning from getActions().
        Parameters:
        actions - the list of actions
        Returns:
        comma-separated string with the actions

      • equals

        public boolean equals​(Object other)
        Does this permission equal another object. True if its and identical class with same name and (canonical) actions.
        Overrides:
        equals in class BasicPermission

      • implies

        public boolean implies​(Permission permission)
        Does this permission imply another. Only true if the other permission is a SystemPermission with the same name and all the actions of the permission are present in this. Note that none of the actions imply any other with this SystemPermission.
        Overrides:
        implies in class BasicPermission