1. /*
  2. * @(#)Permission.java 1.35 00/02/02
  3. *
  4. * Copyright 1997-2000 Sun Microsystems, Inc. All Rights Reserved.
  5. *
  6. * This software is the proprietary information of Sun Microsystems, Inc.
  7. * Use is subject to license terms.
  8. *
  9. */
  10. package java.security;
  11. /**
  12. * Abstract class for representing access to a system resource.
  13. * All permissions have a name (whose interpretation depends on the subclass),
  14. * as well as abstract functions for defining the semantics of the
  15. * particular Permission subclass.
  16. *
  17. * <p>Most Permission objects also include an "actions" list that tells the actions
  18. * that are permitted for the object. For example,
  19. * for a <code>java.io.FilePermission</code> object, the permission name is
  20. * the pathname of a file (or directory), and the actions list
  21. * (such as "read, write") specifies which actions are granted for the
  22. * specified file (or for files in the specified directory).
  23. * The actions list is optional for Permission objects, such as
  24. * <code>java.lang.RuntimePermission</code>,
  25. * that don't need such a list; you either have the named permission (such
  26. * as "system.exit") or you don't.
  27. *
  28. * <p>An important method that must be implemented by each subclass is
  29. * the <code>implies</code> method to compare Permissions. Basically,
  30. * "permission p1 implies permission p2" means that
  31. * if one is granted permission p1, one is naturally granted permission p2.
  32. * Thus, this is not an equality test, but rather more of a
  33. * subset test.
  34. *
  35. * <P> Permission objects are similar to String objects in that they
  36. * are immutable once they have been created. Subclasses should not
  37. * provide methods that can change the state of a permission
  38. * once it has been created.
  39. *
  40. * @see Permissions
  41. * @see PermissionCollection
  42. *
  43. * @version 1.35 00/02/02
  44. *
  45. * @author Marianne Mueller
  46. * @author Roland Schemers
  47. */
  48. public abstract class Permission implements Guard, java.io.Serializable {
  49. private String name;
  50. /**
  51. * Constructs a permission with the specified name.
  52. *
  53. * @param name name of the Permission object being created.
  54. *
  55. */
  56. public Permission(String name) {
  57. this.name = name;
  58. }
  59. /**
  60. * Implements the guard interface for a permission. The
  61. * <code>SecurityManager.checkPermission</code> method is called,
  62. * passing this permission object as the permission to check.
  63. * Returns silently if access is granted. Otherwise, throws
  64. * a SecurityException.
  65. *
  66. * @param object the object being guarded (currently ignored).
  67. *
  68. * @throws SecurityException
  69. * if a security manager exists and its
  70. * <code>checkPermission</code> method doesn't allow access.
  71. *
  72. * @see Guard
  73. * @see GuardedObject
  74. * @see SecurityManager#checkPermission
  75. *
  76. */
  77. public void checkGuard(Object object) throws SecurityException {
  78. SecurityManager sm = System.getSecurityManager();
  79. if (sm != null) sm.checkPermission(this);
  80. }
  81. /**
  82. * Checks if the specified permission's actions are "implied by"
  83. * this object's actions.
  84. * <P>
  85. * This must be implemented by subclasses of Permission, as they are the
  86. * only ones that can impose semantics on a Permission object.
  87. *
  88. * <p>The <code>implies</code> method is used by the AccessController to determine
  89. * whether or not a requested permission is implied by another permission that
  90. * is known to be valid in the current execution context.
  91. *
  92. * @param permission the permission to check against.
  93. *
  94. * @return true if the specified permission is implied by this object,
  95. * false if not.
  96. */
  97. public abstract boolean implies(Permission permission);
  98. /**
  99. * Checks two Permission objects for equality.
  100. * <P>
  101. * Do not use the <code>equals</code> method for making access control
  102. * decisions; use the <code>implies</code> method.
  103. *
  104. * @param obj the object we are testing for equality with this object.
  105. *
  106. * @return true if both Permission objects are equivalent.
  107. */
  108. public abstract boolean equals(Object obj);
  109. /**
  110. * Returns the hash code value for this Permission object.
  111. * <P>
  112. * The required <code>hashCode</code> behavior for Permission Objects is
  113. * the following: <p>
  114. * <ul>
  115. * <li>Whenever it is invoked on the same Permission object more than
  116. * once during an execution of a Java application, the
  117. * <code>hashCode</code> method
  118. * must consistently return the same integer. This integer need not
  119. * remain consistent from one execution of an application to another
  120. * execution of the same application. <p>
  121. * <li>If two Permission objects are equal according to the
  122. * <code>equals</code>
  123. * method, then calling the <code>hashCode</code> method on each of the
  124. * two Permission objects must produce the same integer result.
  125. * </ul>
  126. *
  127. * @return a hash code value for this object.
  128. */
  129. public abstract int hashCode();
  130. /**
  131. * Returns the name of this Permission.
  132. * For example, in the case of a <code>java.io.FilePermission</code>,
  133. * the name will be a pathname.
  134. *
  135. * @return the name of this Permission.
  136. *
  137. */
  138. public final String getName() {
  139. return name;
  140. }
  141. /**
  142. * Returns the actions as a String. This is abstract
  143. * so subclasses can defer creating a String representation until
  144. * one is needed. Subclasses should always return actions in what they
  145. * consider to be their
  146. * canonical form. For example, two FilePermission objects created via
  147. * the following:
  148. *
  149. * <pre>
  150. * perm1 = new FilePermission(p1,"read,write");
  151. * perm2 = new FilePermission(p2,"write,read");
  152. * </pre>
  153. *
  154. * both return
  155. * "read,write" when the <code>getActions</code> method is invoked.
  156. *
  157. * @return the actions of this Permission.
  158. *
  159. */
  160. public abstract String getActions();
  161. /**
  162. * Returns an empty PermissionCollection for a given Permission object, or null if
  163. * one is not defined. Subclasses of class Permission should
  164. * override this if they need to store their permissions in a particular
  165. * PermissionCollection object in order to provide the correct semantics
  166. * when the <code>PermissionCollection.implies</code> method is called.
  167. * If null is returned,
  168. * then the caller of this method is free to store permissions of this
  169. * type in any PermissionCollection they choose (one that uses a Hashtable,
  170. * one that uses a Vector, etc).
  171. *
  172. * @return a new PermissionCollection object for this type of Permission, or
  173. * null if one is not defined.
  174. */
  175. public PermissionCollection newPermissionCollection() {
  176. return null;
  177. }
  178. /**
  179. * Returns a string describing this Permission. The convention is to
  180. * specify the class name, the permission name, and the actions in
  181. * the following format: '("ClassName" "name" "actions")'.
  182. *
  183. * @return information about this Permission.
  184. */
  185. public String toString() {
  186. String actions = getActions();
  187. if ((actions == null) || (actions.length() == 0)) { // OPTIONAL
  188. return "(" + getClass().getName() + " " + name + ")";
  189. } else {
  190. return "(" + getClass().getName() + " " + name + " " +
  191. actions + ")";
  192. }
  193. }
  194. }