public final class UserAdminPermission extends BasicPermission
Role
objects managed by a User
Admin service.
This class represents access to the Role
objects managed by a User
Admin service and their properties and credentials (in the case of
User
objects).
The permission name is the name (or name prefix) of a property or credential. The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "org.osgi.security.protocol.*" or "*" is valid, but "*protocol" or "a*b" are not valid.
The UserAdminPermission
with the reserved name "admin"
represents the permission required for creating and removing Role
objects in the User Admin service, as well as adding and removing members in
a Group
object. This UserAdminPermission
does not have any
actions associated with it.
The actions to be granted are passed to the constructor in a string
containing a list of one or more comma-separated keywords. The possible
keywords are: changeProperty
,changeCredential
, and
getCredential
. Their meaning is defined as follows:
action changeProperty Permission to change (i.e., add and remove) Role object properties whose names start with the name argument specified in the constructor. changeCredential Permission to change (i.e., add and remove) User object credentials whose names start with the name argument specified in the constructor. getCredential Permission to retrieve and check for the existence of User object credentials whose names start with the name argument specified in the constructor.The action string is converted to lowercase before processing.
Following is a PermissionInfo style policy entry which grants a user
administration bundle a number of UserAdminPermission
object:
(org.osgi.service.useradmin.UserAdminPermission "admin") (org.osgi.service.useradmin.UserAdminPermission "com.foo.*" "changeProperty,getCredential,changeCredential") (org.osgi.service.useradmin.UserAdminPermission "user.*" "changeProperty,changeCredential")The first permission statement grants the bundle the permission to perform any User Admin service operations of type "admin", that is, create and remove roles and configure
Group
objects.
The second permission statement grants the bundle the permission to change
any properties as well as get and change any credentials whose names start
with com.foo.
.
The third permission statement grants the bundle the permission to change any
properties and credentials whose names start with user.
. This means
that the bundle is allowed to change, but not retrieve any credentials with
the given prefix.
The following policy entry empowers the Http Service bundle to perform user authentication:
grant codeBase "${jars}http.jar" { permission org.osgi.service.useradmin.UserAdminPermission "user.password", "getCredential"; };
The permission statement grants the Http Service bundle the permission to validate any password credentials (for authentication purposes), but the bundle is not allowed to change any properties or credentials.
Modifier and Type | Field and Description |
---|---|
static String |
ADMIN
The permission name "admin".
|
static String |
CHANGE_CREDENTIAL
The action string "changeCredential".
|
static String |
CHANGE_PROPERTY
The action string "changeProperty".
|
static String |
GET_CREDENTIAL
The action string "getCredential".
|
Constructor and Description |
---|
UserAdminPermission(String name,
String actions)
Creates a new
UserAdminPermission with the specified name and
actions. |
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object obj)
Checks two
UserAdminPermission objects for equality. |
String |
getActions()
Returns the canonical string representation of the actions, separated by
comma.
|
int |
hashCode()
Returns the hash code value for this object.
|
boolean |
implies(Permission p)
Checks if this
UserAdminPermission object "implies" the
specified permission. |
PermissionCollection |
newPermissionCollection()
Returns a new
PermissionCollection object for storing
UserAdminPermission objects. |
String |
toString()
Returns a string describing this
UserAdminPermission object. |
checkGuard, getName
public static final String ADMIN
public static final String CHANGE_PROPERTY
public static final String CHANGE_CREDENTIAL
public static final String GET_CREDENTIAL
public UserAdminPermission(String name, String actions)
UserAdminPermission
with the specified name and
actions. name
is either the reserved string "admin" or
the name of a credential or property, and actions
contains a
comma-separated list of the actions granted on the specified name. Valid
actions are changeProperty
,changeCredential
, and
getCredential.name
- the name of this UserAdminPermission
actions
- the action string.IllegalArgumentException
- If name
equals "admin"
and actions
are specified.public boolean implies(Permission p)
UserAdminPermission
object "implies" the
specified permission.
More specifically, this method returns true
if:
UserAdminPermission
,implies
in class BasicPermission
p
- the permission to check against.true
if the specified permission is implied by this
object; false
otherwise.public String getActions()
getActions
in class BasicPermission
public PermissionCollection newPermissionCollection()
PermissionCollection
object for storing
UserAdminPermission
objects.newPermissionCollection
in class BasicPermission
PermissionCollection
object suitable for storing
UserAdminPermission
objects.public boolean equals(Object obj)
UserAdminPermission
objects for equality. Checks that
obj
is a UserAdminPermission
, and has the same name and
actions as this object.equals
in class BasicPermission
obj
- the object to be compared for equality with this object.true
if obj
is a UserAdminPermission
object, and has the same name and actions as this
UserAdminPermission
object.public int hashCode()
hashCode
in class BasicPermission
public String toString()
UserAdminPermission
object. This
string must be in PermissionInfo
encoded format.toString
in class Permission
PermissionInfo
encoded string for this
UserAdminPermission
object.Copyright © OSGi Alliance (2000, 2015). All Rights Reserved. Licensed under the OSGi Specification License, Version 2.0