db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r637264 - /db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java
Date Fri, 14 Mar 2008 21:05:25 GMT
Author: djd
Date: Fri Mar 14 14:05:24 2008
New Revision: 637264

URL: http://svn.apache.org/viewvc?rev=637264&view=rev
Log:
Improve the javadoc in SystemPermission to include a table describing the permissions supported
by Derby.
Add a serial version id to SystemPermssion for DERBY-3476

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java?rev=637264&r1=637263&r2=637264&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java Fri Mar
14 14:05:24 2008
@@ -32,38 +32,58 @@
 
 /**
  * This class represents access to system-wide Derby privileges.
+ * <P>
+  <table border = "1">
+  <tr> <th>Permission <th>Description <th>Risk </tr>
+  <tr> <th> "jmx" "control" <td> Controls the ability of JMX clients to
control
+  Derby and view security sensitive attributes through Derby's MBeans.
+     <td> JMX clients may be able to change the state of the running system </tr>
+  <tr> <th> "jmx" "monitor" <td> Controls the ability of JMX clients to
+      monitor Derby through Derby's MBeans, such as viewing number of current connections
and
+      configuration settings. <em> Note: security related settings require</em>
<code>control</code>
+      <em>action on</em> <code>jmx</code> <td> JMX clients
can see information about a runing system
+      including software versions. </tr>
+ </table>
  */
 final public class SystemPermission extends BasicPermission {
     
+    private static final long serialVersionUID = 1965420504091489898L;
+    
     /**
-     * Permission target name for actions applicable
+     * Permission target name (<code>"server"</code>) for actions applicable
      * to the network server.
      */
     public static final String SERVER = "server";
     /**
-     * Permission target name for actions applicable
+     * Permission target name (<code>"engine"</code>) for actions applicable
      * to the core database engine.
      */
     public static final String ENGINE = "engine";
     /**
-     * Permission target name for actions applicable
+     * Permission target name (<code>"jmx"</code>) for actions applicable
      * to management of Derby's JMX MBeans.
      */
     public static final String JMX = "jmx";
 
     /**
-     * The server and engine shutdown action.
+     * The server and engine shutdown action (<code>"shutdown"</code>).
      */
     static public final String SHUTDOWN = "shutdown";
     
     /**
-     * Permission to perform control actions through JMX
+     * Action (<code>"control"</code>) to perform control actions through JMX
      * on engine, server or jmx.
+     * <P>
+     * For JMX control permission is required to get
+     * attributes that are deemed sensiive from a security
+     * aspect, such as the network server's port number,
+     * security mechanisms and any information about the
+     * file system.
      */
     public static final String CONTROL = "control";
     
     /**
-     * Permission to perform monitoring actions through JMX
+     * Action (<code>"monitor"</code>) to perform monitoring actions through
JMX
      * on engine and server.
      */
     public static final String MONITOR = "monitor";



Mime
View raw message