javax.management.MBeanPermission

Permission controlling access to MBeanServer operations. If a security manager has been set using System#setSecurityManager , most operations on the MBean Server require that the caller's permissions imply an MBeanPermission appropriate for the operation. This is described in detail in the documentation for the MBeanServer interface.

As with other Permission objects, an MBeanPermission can represent either a permission that you have or a permission that you need. When a sensitive operation is being checked for permission, an MBeanPermission is constructed representing the permission you need. The operation is only allowed if the permissions you have imply the permission you need.

An MBeanPermission contains four items of information:

The action. For a permission you need, this is one of the actions in the list below. For a permission you have, this is a comma-separated list of those actions, or *, representing all actions.

The action is returned by .
The class name.

For a permission you need, this is the class name of an MBean you are accessing, as returned by MBeanServer.getMBeanInfo(name) .getClassName() . Certain operations do not reference a class name, in which case the class name is null.

For a permission you have, this is either empty or a class name pattern. A class name pattern is a string following the Java conventions for dot-separated class names. It may end with ".*" meaning that the permission grants access to any class that begins with the string preceding ".*". For instance, "javax.management.*" grants access to javax.management.MBeanServerDelegate and javax.management.timer.Timer, among other classes.

A class name pattern can also be empty or the single character "*", both of which grant access to any class.
The member.

For a permission you need, this is the name of the attribute or operation you are accessing. For operations that do not reference an attribute or operation, the member is null.

For a permission you have, this is either the name of an attribute or operation you can access, or it is empty or the single character "*", both of which grant access to any member.
The object name.

For a permission you need, this is the ObjectName of the MBean you are accessing. For operations that do not reference a single MBean, it is null. It is never an object name pattern.

For a permission you have, this is the ObjectName of the MBean or MBeans you can access. It may be an object name pattern to grant access to all MBeans whose names match the pattern. It may also be empty, which grants access to all MBeans whatever their name.

If you have an MBeanPermission, it allows operations only if all four of the items match.

The class name, member, and object name can be written together as a single string, which is the name of this permission. The name of the permission is the string returned by getName() . The format of the string is:

className#member[objectName]

The object name is written using the usual syntax for ObjectName . It may contain any legal characters, including ]. It is terminated by a ] character that is the last character in the string.

One or more of the className, member, or objectName may be omitted. If the member is omitted, the # may be too (but does not have to be). If the objectName is omitted, the [] may be too (but does not have to be). It is not legal to omit all three items, that is to have a name that is the empty string.

One or more of the className, member, or objectName may be the character "-", which is equivalent to a null value. A null value is implied by any value (including another null value) but does not imply any other value.

The possible actions are these:

addNotificationListener
getAttribute
getClassLoader
getClassLoaderFor
getClassLoaderRepository
getDomains
getMBeanInfo
getObjectInstance
instantiate
invoke
isInstanceOf
queryMBeans
queryNames
registerMBean
removeNotificationListener
setAttribute
unregisterMBean

In a comma-separated list of actions, spaces are allowed before and after each action.

@since

1.5

@since.unbundled

JMX 1.2

Create a new MBeanPermission object with the specified target name and actions.

The target name is of the form "className#member[objectName]" where each part is optional. It must not be empty or null.

The actions parameter contains a comma-separated list of the desired actions granted on the target name. It must not be empty or null.

Parameters

name	the triplet "className#member[objectName]".
actions	the action string.

Throws

IllegalArgumentException if the name or actions is invalid.

Create a new MBeanPermission object with the specified target name (class name, member, object name) and actions.

The class name, member and object name parameters define a target name of the form "className#member[objectName]" where each part is optional. This will be the result of on the resultant MBeanPermission.

The actions parameter contains a comma-separated list of the desired actions granted on the target name. It must not be empty or null.

Parameters

className	the class name to which this permission applies. May be null or `"-"`, which represents a class name that is implied by any class name but does not imply any other class name.
member	the member to which this permission applies. May be null or `"-"`, which represents a member that is implied by any member but does not imply any other member.
objectName	the object name to which this permission applies. May be null, which represents an object name that is implied by any object name but does not imply any other object name.
actions	the action string.

Implements the guard interface for a permission. The SecurityManager.checkPermission method is called, passing this permission object as the permission to check. Returns silently if access is granted. Otherwise, throws a SecurityException.

Parameters

object

the object being guarded (currently ignored).

Throws

SecurityException if a security manager exists and its checkPermission method doesn't allow access.

Checks two MBeanPermission objects for equality. Checks that obj is an MBeanPermission, and has the same name and actions as this object.

Parameters

obj	the object we are testing for equality with this object.

Return

true if obj is an MBeanPermission, and has the same name and actions as this MBeanPermission object.

Returns the "canonical string representation" of the actions. That is, this method always returns present actions in alphabetical order.

Return

the canonical string representation of the actions.

Returns the runtime class of an object. That Class object is the object that is locked by static synchronized methods of the represented class.

Return

The java.lang.Class object that represents the runtime class of the object. The result is of type {@code Class} where X is the erasure of the static type of the expression on which getClass is called.

Returns the name of this Permission. For example, in the case of a java.io.FilePermission, the name will be a pathname.

Return

the name of this Permission.

Returns the hash code value for this object.

Return

a hash code value for this object.

Checks if this MBeanPermission object "implies" the specified permission.

More specifically, this method returns true if:

p is an instance of MBeanPermission; and
p has a null className or p's className matches this object's className; and
p has a null member or p's member matches this object's member; and
p has a null object name or p's object name matches this object's object name; and
p's actions are a subset of this object's actions

If this object's className is "*", p's className always matches it. If it is "a.*", p's className matches it if it begins with "a.".

If this object's member is "*", p's member always matches it.

If this object's objectName n1 is an object name pattern, p's objectName n2 matches it if or if .

A permission that includes the queryMBeans action is considered to include queryNames as well.

Parameters

p	the permission to check against.

Return

true if the specified permission is implied by this object, false if not.

Returns an empty PermissionCollection for a given Permission object, or null if one is not defined. Subclasses of class Permission should override this if they need to store their permissions in a particular PermissionCollection object in order to provide the correct semantics when the PermissionCollection.implies method is called. If null is returned, then the caller of this method is free to store permissions of this type in any PermissionCollection they choose (one that uses a Hashtable, one that uses a Vector, etc).

Return

a new PermissionCollection object for this type of Permission, or null if one is not defined.

Wakes up a single thread that is waiting on this object's monitor. If any threads are waiting on this object, one of them is chosen to be awakened. The choice is arbitrary and occurs at the discretion of the implementation. A thread waits on an object's monitor by calling one of the wait methods.

The awakened thread will not be able to proceed until the current thread relinquishes the lock on this object. The awakened thread will compete in the usual manner with any other threads that might be actively competing to synchronize on this object; for example, the awakened thread enjoys no reliable privilege or disadvantage in being the next thread to lock this object.

This method should only be called by a thread that is the owner of this object's monitor. A thread becomes the owner of the object's monitor in one of three ways:

By executing a synchronized instance method of that object.
By executing the body of a synchronized statement that synchronizes on the object.
For objects of type Class, by executing a synchronized static method of that class.

Only one thread at a time can own an object's monitor.

Throws

IllegalMonitorStateException

if the current thread is not the owner of this object's monitor.

Wakes up all threads that are waiting on this object's monitor. A thread waits on an object's monitor by calling one of the wait methods.

The awakened threads will not be able to proceed until the current thread relinquishes the lock on this object. The awakened threads will compete in the usual manner with any other threads that might be actively competing to synchronize on this object; for example, the awakened threads enjoy no reliable privilege or disadvantage in being the next thread to lock this object.

This method should only be called by a thread that is the owner of this object's monitor. See the notify method for a description of the ways in which a thread can become the owner of a monitor.

Throws

IllegalMonitorStateException

if the current thread is not the owner of this object's monitor.

Returns a string describing this Permission. The convention is to specify the class name, the permission name, and the actions in the following format: '("ClassName" "name" "actions")'.

Return

information about this Permission.

Causes current thread to wait until another thread invokes the method or the method for this object. In other words, this method behaves exactly as if it simply performs the call wait(0).

The current thread must own this object's monitor. The thread releases ownership of this monitor and waits until another thread notifies threads waiting on this object's monitor to wake up either through a call to the notify method or the notifyAll method. The thread then waits until it can re-obtain ownership of the monitor and resumes execution.

As in the one argument version, interrupts and spurious wakeups are possible, and this method should always be used in a loop:

     synchronized (obj) {
         while (<condition does not hold>)
             obj.wait();
         ... // Perform action appropriate to condition
     }

This method should only be called by a thread that is the owner of this object's monitor. See the notify method for a description of the ways in which a thread can become the owner of a monitor.

Throws

IllegalMonitorStateException	if the current thread is not the owner of the object's monitor.
InterruptedException	if another thread interrupted the current thread before or while the current thread was waiting for a notification. The interrupted status of the current thread is cleared when this exception is thrown.

Causes current thread to wait until either another thread invokes the method or the method for this object, or a specified amount of time has elapsed.

The current thread must own this object's monitor.

This method causes the current thread (call it T) to place itself in the wait set for this object and then to relinquish any and all synchronization claims on this object. Thread T becomes disabled for thread scheduling purposes and lies dormant until one of four things happens:

Some other thread invokes the notify method for this object and thread T happens to be arbitrarily chosen as the thread to be awakened.
Some other thread invokes the notifyAll method for this object.
Some other thread interrupts thread T.
The specified amount of real time has elapsed, more or less. If timeout is zero, however, then real time is not taken into consideration and the thread simply waits until notified.

The thread T is then removed from the wait set for this object and re-enabled for thread scheduling. It then competes in the usual manner with other threads for the right to synchronize on the object; once it has gained control of the object, all its synchronization claims on the object are restored to the status quo ante - that is, to the situation as of the time that the wait method was invoked. Thread T then returns from the invocation of the wait method. Thus, on return from the wait method, the synchronization state of the object and of thread T is exactly as it was when the wait method was invoked.

A thread can also wake up without being notified, interrupted, or timing out, a so-called spurious wakeup. While this will rarely occur in practice, applications must guard against it by testing for the condition that should have caused the thread to be awakened, and continuing to wait if the condition is not satisfied. In other words, waits should always occur in loops, like this one:

     synchronized (obj) {
         while (<condition does not hold>)
             obj.wait(timeout);
         ... // Perform action appropriate to condition
     }

(For more information on this topic, see Section 3.2.3 in Doug Lea's "Concurrent Programming in Java (Second Edition)" (Addison-Wesley, 2000), or Item 50 in Joshua Bloch's "Effective Java Programming Language Guide" (Addison-Wesley, 2001).

If the current thread is interrupted by another thread while it is waiting, then an InterruptedException is thrown. This exception is not thrown until the lock status of this object has been restored as described above.

Note that the wait method, as it places the current thread into the wait set for this object, unlocks only this object; any other objects on which the current thread may be synchronized remain locked while the thread waits.

This method should only be called by a thread that is the owner of this object's monitor. See the notify method for a description of the ways in which a thread can become the owner of a monitor.

Parameters

timeout

the maximum time to wait in milliseconds.

Throws

IllegalArgumentException	if the value of timeout is negative.
IllegalMonitorStateException	if the current thread is not the owner of the object's monitor.
InterruptedException	if another thread interrupted the current thread before or while the current thread was waiting for a notification. The interrupted status of the current thread is cleared when this exception is thrown.

Causes current thread to wait until another thread invokes the method or the method for this object, or some other thread interrupts the current thread, or a certain amount of real time has elapsed.

This method is similar to the wait method of one argument, but it allows finer control over the amount of time to wait for a notification before giving up. The amount of real time, measured in nanoseconds, is given by:

 1000000*timeout+nanos

In all other respects, this method does the same thing as the method of one argument. In particular, wait(0, 0) means the same thing as wait(0).

The current thread must own this object's monitor. The thread releases ownership of this monitor and waits until either of the following two conditions has occurred:

Another thread notifies threads waiting on this object's monitor to wake up either through a call to the notify method or the notifyAll method.
The timeout period, specified by timeout milliseconds plus nanos nanoseconds arguments, has elapsed.

The thread then waits until it can re-obtain ownership of the monitor and resumes execution.

As in the one argument version, interrupts and spurious wakeups are possible, and this method should always be used in a loop:

     synchronized (obj) {
         while (<condition does not hold>)
             obj.wait(timeout, nanos);
         ... // Perform action appropriate to condition
     }

This method should only be called by a thread that is the owner of this object's monitor. See the notify method for a description of the ways in which a thread can become the owner of a monitor.

Parameters

timeout	the maximum time to wait in milliseconds.
nanos	additional time, in nanoseconds range 0-999999.

Throws

IllegalArgumentException	if the value of timeout is negative or the value of nanos is not in the range 0-999999.
IllegalMonitorStateException	if the current thread is not the owner of this object's monitor.
InterruptedException	if another thread interrupted the current thread before or while the current thread was waiting for a notification. The interrupted status of the current thread is cleared when this exception is thrown.