An object of this class implements the MBeanServerAccessController interface and, for each of its methods, calls an appropriate checking method and then forwards the request to a wrapped MBeanServer object. The checking method may throw a SecurityException if the operation is not allowed; in this case the request is not forwarded to the wrapped object.
This class implements the {@link #checkRead()}, {@link #checkWrite()}, {@link #checkCreate(String)}, and {@link #checkUnregister(ObjectName)}methods based on an access level properties file containing username/access level pairs. The set of username/access level pairs is passed either as a filename which denotes a properties file on disk, or directly as an instance of the {@link Properties} class. In both cases, the name of each propertyrepresents a username, and the value of the property is the associated access level. Thus, any given username either does not exist in the properties or has exactly one access level. The same access level can be shared by several usernames.
The supported access level values are {@code readonly} and{@code readwrite}. The {@code readwrite} access level can bequalified by one or more clauses, where each clause looks like create classNamePattern
or {@code unregister}. For example:
monitorRole readonly controlRole readwrite \ create javax.management.timer.*,javax.management.monitor.* \ unregister
(The continuation lines with {@code \} come from the parser forProperties files.)
|
|
|
|
|
|
|
|