Package org.osgi.framework

Class AdminPermission

java.lang.Object
java.security.Permission
java.security.BasicPermission
org.osgi.framework.AdminPermission
All Implemented Interfaces:
Serializable, Guard
public final class AdminPermission extends BasicPermission
A bundle's authority to perform specific privileged administrative operations on or to get sensitive information about a bundle. The actions for this permission are: 
 Action             Methods
 class              Bundle.loadClass
 execute            Bundle.start
                    Bundle.stop
                    BundleStartLevel.setStartLevel
 extensionLifecycle BundleContext.installBundle for extension bundles
                    Bundle.update for extension bundles
                    Bundle.uninstall for extension bundles
 lifecycle          BundleContext.installBundle
                    Bundle.update
                    Bundle.uninstall
 listener           BundleContext.addBundleListener for
                      SynchronousBundleListener
                    BundleContext.removeBundleListener for
                      SynchronousBundleListener
 metadata           Bundle.getHeaders
                    Bundle.getLocation
 resolve            FrameworkWiring.refreshBundles
                    FrameworkWiring.resolveBundles
 resource           Bundle.getResource
                    Bundle.getResources
                    Bundle.getEntry
                    Bundle.getEntryPaths
                    Bundle.findEntries
                    Bundle resource/entry URL creation
 startlevel         FrameworkStartLevel.setStartLevel
                    FrameworkStartLevel.setInitialBundleStartLevel
 context            Bundle.getBundleContext
 weave              WovenClass.getBytes
                    WovenClass.setBytes
                    WovenClass.getDynamicImports for modification

The special action "*" will represent all actions. The resolve action is implied by the class, execute and resource actions.

The name of this permission is a filter expression. The filter gives access to the following attributes:

  • signer - A Distinguished Name chain used to sign a bundle. Wildcards in a DN are not matched according to the filter string rules, but according to the rules defined for a DN chain.
  • location - The location of a bundle.
  • id - The bundle ID of the designated bundle.
  • name - The symbolic name of a bundle.
Filter attribute names are processed in a case sensitive manner.
See Also:

  • Field Details

    • CLASS

      public static final String CLASS
      The action string class. The class action implies the resolve action.
      Since:
      1.3
      See Also:

    • EXECUTE

      public static final String EXECUTE
      The action string execute. The execute action implies the resolve action.
      Since:
      1.3
      See Also:

    • EXTENSIONLIFECYCLE

      public static final String EXTENSIONLIFECYCLE
      The action string extensionLifecycle.
      Since:
      1.3
      See Also:

    • LIFECYCLE

      public static final String LIFECYCLE
      The action string lifecycle.
      Since:
      1.3
      See Also:

    • LISTENER

      public static final String LISTENER
      The action string listener.
      Since:
      1.3
      See Also:

    • METADATA

      public static final String METADATA
      The action string metadata.
      Since:
      1.3
      See Also:

    • RESOLVE

      public static final String RESOLVE
      The action string resolve. The resolve action is implied by the class, execute and resource actions.
      Since:
      1.3
      See Also:

    • RESOURCE

      public static final String RESOURCE
      The action string resource. The resource action implies the resolve action.
      Since:
      1.3
      See Also:

    • STARTLEVEL

      public static final String STARTLEVEL
      The action string startlevel.
      Since:
      1.3
      See Also:

    • CONTEXT

      public static final String CONTEXT
      The action string context.
      Since:
      1.4
      See Also:

    • WEAVE

      public static final String WEAVE
      The action string weave.
      Since:
      1.6
      See Also:

  • Constructor Details

    • AdminPermission

      public AdminPermission()
      Creates a new AdminPermission object that matches all bundles and has all actions. Equivalent to AdminPermission("*","*");

    • AdminPermission

      public AdminPermission(String filter, String actions)
      Create a new AdminPermission. This constructor must only be used to create a permission that is going to be checked.

      Examples: 

       (signer=\*,o=ACME,c=US)
 (&(signer=\*,o=ACME,c=US)(name=com.acme.*)
   (location=http://www.acme.com/bundles/*))
 (id>=1)

      When a signer key is used within the filter expression the signer value must escape the special filter chars ('*', '(', ')').

      Null arguments are equivalent to "*".

      Parameters:
      filter - A filter expression that can use signer, location, id, and name keys. A value of "*" or null matches all bundle. Filter attribute names are processed in a case sensitive manner.
      actions - class, execute, extensionLifecycle , lifecycle, listener, metadata, resolve , resource, startlevel, context or weave. A value of "*" or null indicates all actions.
      Throws:
      IllegalArgumentException - If the filter has an invalid syntax.

    • AdminPermission

      public AdminPermission(Bundle bundle, String actions)
      Creates a new requested AdminPermission object to be used by the code that must perform checkPermission. AdminPermission objects created with this constructor cannot be added to an AdminPermission permission collection.
      Parameters:
      bundle - A bundle.
      actions - class, execute, extensionLifecycle , lifecycle, listener, metadata, resolve , resource, startlevel, context, weave. A value of "*" or null indicates all actions.
      Since:
      1.3

  • Method Details

    • implies

      public boolean implies(Permission p)
      Determines if the specified permission is implied by this object. This method throws an exception if the specified permission was not constructed with a bundle.

      This method returns true if the specified permission is an AdminPermission AND

      • this object's filter matches the specified permission's bundle ID, bundle symbolic name, bundle location and bundle signer distinguished name chain OR
      • this object's filter is "*"
      AND this object's actions include all of the specified permission's actions.

      Special case: if the specified permission was constructed with "*" filter, then this method returns true if this object's filter is "*" and this object's actions include all of the specified permission's actions

      Overrides:
      implies in class BasicPermission
      Parameters:
      p - The requested permission.
      Returns:
      true if the specified permission is implied by this object; false otherwise.

    • getActions

      public String getActions()
      Returns the canonical string representation of the AdminPermission actions.

      Always returns present AdminPermission actions in the following order: class, execute, extensionLifecycle, lifecycle, listener, metadata, resolve, resource, startlevel, context, weave.

      Overrides:
      getActions in class BasicPermission
      Returns:
      Canonical string representation of the AdminPermission actions.

    • newPermissionCollection

      public PermissionCollection newPermissionCollection()
      Returns a new PermissionCollection object suitable for storing AdminPermissions.
      Overrides:
      newPermissionCollection in class BasicPermission
      Returns:
      A new PermissionCollection object.

    • equals

      public boolean equals(Object obj)
      Determines the equality of two AdminPermission objects.
      Overrides:
      equals in class BasicPermission
      Parameters:
      obj - The object being compared for equality with this object.
      Returns:
      true if obj is equivalent to this AdminPermission; false otherwise.

    • hashCode

      public int hashCode()
      Returns the hash code value for this object.
      Overrides:
      hashCode in class BasicPermission
      Returns:
      Hash code value for this object.