Class ApplicationAdminPermission

All Implemented Interfaces:
Serializable, Guard

public class ApplicationAdminPermission extends Permission
This class implements permissions for manipulating applications and their instances.

ApplicationAdminPermission can be targeted to applications that matches the specified filter.

ApplicationAdminPermission may be granted for different actions: lifecycle, schedule and lock. The permission schedule implies the permission lifecycle.

$Id: 5fe9fdd7f70e6f506ef46fc19d55eecf59029687 $
See Also:
  • Field Details


      public static final String LIFECYCLE_ACTION
      Allows the lifecycle management of the target applications.
      See Also:

      public static final String SCHEDULE_ACTION
      Allows scheduling of the target applications. The permission to schedule an application implies that the scheduler can also manage the lifecycle of that application i.e. schedule implies lifecycle
      See Also:

      public static final String LOCK_ACTION
      Allows setting/unsetting the locking state of the target applications.
      See Also:
  • Constructor Details

    • ApplicationAdminPermission

      public ApplicationAdminPermission(String filter, String actions) throws InvalidSyntaxException
      Constructs an ApplicationAdminPermission. The filter specifies the target application. The filter is an LDAP-style filter, the recognized properties are signer and pid. The pattern specified in the signer is matched with the Distinguished Name chain used to sign the application. Wildcards in a DN are not matched according to the filter string rules, but according to the rules defined for a DN chain. The attribute pid is matched with the PID of the application according to the filter string rules.

      If the filter is null then it matches "*". If actions is "*" then it identifies all the possible actions.

      filter - filter to identify application. The value null is equivalent to "*" and it indicates "all application".
      actions - comma-separated list of the desired actions granted on the applications or "*" means all the actions. It must not be null. The order of the actions in the list is not significant.
      InvalidSyntaxException - is thrown if the specified filter is not syntactically correct.
      NullPointerException - is thrown if the actions parameter is null
      See Also:
    • ApplicationAdminPermission

      public ApplicationAdminPermission(ApplicationDescriptor application, String actions)
      This contructor should be used when creating ApplicationAdminPermission instance for checkPermission call.
      application - the tareget of the operation, it must not be null
      actions - the required operation. it must not be null
      NullPointerException - if any of the arguments is null.
  • Method Details

    • setCurrentApplicationId

      public ApplicationAdminPermission setCurrentApplicationId(String applicationId)
      This method can be used in the ProtectionDomain implementation in the implies method to insert the application ID of the current application into the permission being checked. This enables the evaluation of the <<SELF>> pseudo targets.
      applicationId - the ID of the current application.
      the permission updated with the ID of the current application
    • implies

      public boolean implies(Permission otherPermission)
      Checks if the specified permission is implied by this permission. The method returns true under the following conditions:
      • This permission was created by specifying a filter (see ApplicationAdminPermission(String, String))
      • The implied otherPermission was created for a particular ApplicationDescriptor (see ApplicationAdminPermission(ApplicationDescriptor, String))
      • The filter of this permission mathes the ApplicationDescriptor specified in the otherPermission. If the filter in this permission is the <<SELF>> pseudo target, then the currentApplicationId set in the otherPermission is compared to the application Id of the target ApplicationDescriptor.
      • The list of permitted actions in this permission contains all actions required in the otherPermission
      Otherwise the method returns false.
      Specified by:
      implies in class Permission
      otherPermission - the implied permission
      true if this permission implies the otherPermission, false otherwise.
    • equals

      public boolean equals(Object with)
      Specified by:
      equals in class Permission
    • hashCode

      public int hashCode()
      Specified by:
      hashCode in class Permission
    • getActions

      public String getActions()
      Returns the actions of this permission.
      Specified by:
      getActions in class Permission
      the actions specified when this permission was created