Examples of org.osgi.service.useradmin.UserAdminPermission

• org.osgi.service.useradmin.UserAdminPermission
  Permission to configure and access the {@link Role} objects managed by a UserAdmin service.

  This class represents access to the {@code Role} objects managed by a UserAdmin service and their properties and credentials (in the case of {@link User} objects).

  The permission name is the name (or name prefix) of a property or credential. The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "org.osgi.security.protocol.*" or "*" is valid, but "*protocol" or "a*b" are not valid.

  The {@code UserAdminPermission} with the reserved name "admin"represents the permission required for creating and removing {@code Role}objects in the User Admin service, as well as adding and removing members in a {@code Group} object. This {@code UserAdminPermission} does not have anyactions associated with it.

  The actions to be granted are passed to the constructor in a string containing a list of one or more comma-separated keywords. The possible keywords are: {@code changeProperty}, {@code changeCredential}, and {@code getCredential}. Their meaning is defined as follows:

   action changeProperty    Permission to change (i.e., add and remove) Role object properties whose names start with the name argument specified in the constructor. changeCredential  Permission to change (i.e., add and remove) User object credentials whose names start with the name argument specified in the constructor. getCredential     Permission to retrieve and check for the existence of User object credentials whose names start with the name argument specified in the constructor. 

  The action string is converted to lowercase before processing.

  Following is a PermissionInfo style policy entry which grants a user administration bundle a number of {@code UserAdminPermission} object:

   (org.osgi.service.useradmin.UserAdminPermission "admin") (org.osgi.service.useradmin.UserAdminPermission "com.foo.*" "changeProperty,getCredential,changeCredential") (org.osgi.service.useradmin.UserAdminPermission "user.*" "changeProperty,changeCredential") 

  The first permission statement grants the bundle the permission to perform any User Admin service operations of type "admin", that is, create and remove roles and configure {@code Group} objects.

  The second permission statement grants the bundle the permission to change any properties as well as get and change any credentials whose names start with {@code com.foo.}.

  The third permission statement grants the bundle the permission to change any properties and credentials whose names start with {@code user.}. This means that the bundle is allowed to change, but not retrieve any credentials with the given prefix.

  The following policy entry empowers the Http Service bundle to perform user authentication:

   grant codeBase "${jars}http.jar" { permission org.osgi.service.useradmin.UserAdminPermission "user.password", "getCredential"; }; 

  The permission statement grants the Http Service bundle the permission to validate any password credentials (for authentication purposes), but the bundle is not allowed to change any properties or credentials. @ThreadSafe @author $Id: 536a2ac22941626e30d26e3fdd3c7c7524c534ab $

    public Object get(Object key) {
        if (key instanceof String) {
            SecurityManager sm = System.getSecurityManager();
            if(null!=sm){
                sm.checkPermission
                  (new UserAdminPermission((String) key,
                                           UserAdminPermission.GET_CREDENTIAL));
            }
            return super.get(key);
        }
        throw new IllegalArgumentException("The key must be a String, got "

    public boolean hasCredential(String key, Object value) {
        SecurityManager sm = System.getSecurityManager();
        if(null!=sm){
            sm.checkPermission
              (new UserAdminPermission(key,
                                       UserAdminPermission.GET_CREDENTIAL));
        }
        Object val = creds.get(key);
        if (val instanceof byte[] && value instanceof byte[]) {
            return arraysEquals((byte[]) val, (byte[]) value);

        // synchronized (role) {
        if (key instanceof String) {
            SecurityManager sm = System.getSecurityManager();
            if(null!=sm){
                sm.checkPermission
                  (new UserAdminPermission( (String) key, getChangeAction()));
            }
            Object res = ht.remove(key);
            Activator.uai.sendEvent(UserAdminEvent.ROLE_CHANGED, role);
            // role.um.save();
            return res;

        // synchronized (role) {
        if (key instanceof String) {
            SecurityManager sm = System.getSecurityManager();
            if(null!=sm){
                sm.checkPermission
                  (new UserAdminPermission( (String) key, getChangeAction()));
            }
            Object res;
            // value of type byte[] or String is ok
            if (value instanceof byte[]) {
                res = ht.put(key, ((byte[]) value).clone());

     * @throws SecurityException in case the caller has not the right permissions to perform the action.
     */
    private void checkPermissions(String key, String action) throws SecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new UserAdminPermission(key, action));
        }
    }

     * @throws SecurityException in case the caller has not the right permissions to perform the action.
     */
    private void checkPermissions() throws SecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new UserAdminPermission(UserAdminPermission.ADMIN, null));
        }
    }

     * @throws SecurityException in case the caller has not the right permissions to perform the action.
     */
    private void checkPermissions() throws SecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new UserAdminPermission(UserAdminPermission.ADMIN, null));
        }
    }