com.ibm.tspaces.ac
Class TsAcl

java.lang.Object
  |
  +--com.ibm.tspaces.ac.TsAcl

public class TsAcl
extends java.lang.Object
implements java.io.Serializable, java.security.acl.Acl

This class implements the java.security.Acl Interface. An Access Control List is a data structure used to guard access to resources.

An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). Additionally, each ACL entry is specified as being either positive or negative. If positive, the permissions are to be granted to the associated principal. If negative, the permissions are to be denied.

Internally tsAcl is contains the following instance variables.

  String  _Name	Name used to refer to this Acl
  Vector  _Owners	Vector of owners of this ACL
  Vector _AclEntries	Vector of ACLEntry items.
 

Author:
John Thomas
See Also:
TupleSpace, SubclassableTuple, Acl, AclEntry, Serialized Form

Constructor Summary
TsAcl(java.lang.String name, java.security.Principal owner)
          Constructor with name and Owner specified.
 
Method Summary
 boolean addEntry(java.security.Principal caller, java.security.acl.AclEntry entry)
          Adds an ACL entry to this ACL.
 boolean addOwner(java.security.Principal caller, java.security.Principal owner)
          Adds an owner.
 boolean checkPermission(java.security.Principal user, java.security.acl.Permission permission)
          Checks whether or not the specified principal has the specified permission.
 java.lang.String debug()
          Returns a string representation of the ACL contents for debug use.
 boolean deleteOwner(java.security.Principal caller, java.security.Principal owner)
          Deletes an owner.
 java.util.Enumeration entries()
          Returns an enumeration of the entries in this ACL.
 java.lang.String getName()
          This will return the name of the Acl
 java.util.Enumeration getPermissions(java.security.Principal user)
          Returns an enumeration for the set of allowed permissions for the specified principal (representing an entity such as an individual or a group).
 boolean isOwner(java.security.Principal owner)
          Returns true if the given principal is an owner of the ACL.
static void main(java.lang.String[] argv)
          Main **
 boolean removeEntry(java.security.Principal caller, java.security.acl.AclEntry entry)
          Removes an ACL entry from this ACL.
 void setName(java.security.Principal caller, java.lang.String name)
          Sets the name of this ACL.
 java.lang.String showPermissions(java.security.Principal user)
          simple debug rtn to display permissions for a user
 java.lang.String toString()
          Returns a string representation of the ACL contents.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

TsAcl

public TsAcl(java.lang.String name,
             java.security.Principal owner)
Constructor with name and Owner specified. This will build an Acl object with the specified name and owner.
Parameters:
name - Name for the resulting Acl
owner - Principal for the owner of the ACL
Method Detail

getName

public java.lang.String getName()
This will return the name of the Acl
Specified by:
getName in interface java.security.acl.Acl
Returns:
the name of this ACL.

setName

public void setName(java.security.Principal caller,
                    java.lang.String name)
             throws java.security.acl.NotOwnerException
Sets the name of this ACL.
Specified by:
setName in interface java.security.acl.Acl
Parameters:
caller - the principal invoking this method. It must be an owner of this ACL.
name - the name to be given to this ACL.
Throws:
java.security.acl.NotOwnerException - if the caller principal is not an owner of this ACL.

addEntry

public boolean addEntry(java.security.Principal caller,
                        java.security.acl.AclEntry entry)
                 throws java.security.acl.NotOwnerException
Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) with a set of permissions. Each principal can have at most one positive ACL entry (specifying permissions to be granted to the principal) and one negative ACL entry (specifying permissions to be denied). If there is already an ACL entry of the same type (negative or positive) already in the ACL, false is returned.
Specified by:
addEntry in interface java.security.acl.Acl
Parameters:
caller - the principal invoking this method. It must be an owner of this ACL.
entry - the ACL entry to be added to this ACL.
Returns:
true on success, false if an entry of the same type (positive or negative) for the same principal is already present in this ACL.
Throws:
java.security.acl.NotOwnerException - if the caller principal is not an owner of this ACL.

removeEntry

public boolean removeEntry(java.security.Principal caller,
                           java.security.acl.AclEntry entry)
                    throws java.security.acl.NotOwnerException
Removes an ACL entry from this ACL.
Specified by:
removeEntry in interface java.security.acl.Acl
Parameters:
caller - the principal invoking this method. It must be an owner of this ACL.
entry - the ACL entry to be removed from this ACL.
Returns:
true on success, false if the entry is not part of this ACL.
Throws:
java.security.acl.NotOwnerException - if the caller principal is not an owner of this Acl.

getPermissions

public java.util.Enumeration getPermissions(java.security.Principal user)
Returns an enumeration for the set of allowed permissions for the specified principal (representing an entity such as an individual or a group). This set of allowed permissions is calculated as follows:

Specified by:
getPermissions in interface java.security.acl.Acl
Parameters:
user - the principal whose permission set is to be returned.
Returns:
the permission set specifying the permissions the principal is allowed.

checkPermission

public boolean checkPermission(java.security.Principal user,
                               java.security.acl.Permission permission)
Checks whether or not the specified principal has the specified permission. If it does, true is returned, otherwise false is returned. More specifically, this method checks whether the passed permission is a member of the allowed permission set of the specified principal. The allowed permission set is determined by the same algorithm as is used by the getPermissions method.
Specified by:
checkPermission in interface java.security.acl.Acl
Parameters:
user - the principal, assumed to be a valid authenticated Principal.
permission - the permission to be checked for.
Returns:
true if the principal has the specified permission, false otherwise.
See Also:
getPermissions(java.security.Principal)

showPermissions

public java.lang.String showPermissions(java.security.Principal user)
simple debug rtn to display permissions for a user

entries

public java.util.Enumeration entries()
Returns an enumeration of the entries in this ACL. Each element in the enumeration is of type AclEntry.
Specified by:
entries in interface java.security.acl.Acl
Returns:
an enumeration of the entries in this ACL.

toString

public java.lang.String toString()
Returns a string representation of the ACL contents.
Specified by:
toString in interface java.security.acl.Acl
Overrides:
toString in class java.lang.Object
Returns:
a string representation of the ACL contents.

debug

public java.lang.String debug()
Returns a string representation of the ACL contents for debug use.
Returns:
a string representation of the ACL contents.

addOwner

public boolean addOwner(java.security.Principal caller,
                        java.security.Principal owner)
                 throws java.security.acl.NotOwnerException
Adds an owner. Only owners can modify ACL contents. The caller principal must be an owner of the ACL in order to invoke this method. That is, only an owner can add another owner. The initial owner is configured at ACL construction time.
Parameters:
caller - the principal invoking this method. It must be an owner of the ACL.
owner - the owner that should be added to the list of owners.
Returns:
true if successful, false if owner is already an owner.
Throws:
java.security.acl.NotOwnerException - if the caller principal is not an owner of the ACL.

deleteOwner

public boolean deleteOwner(java.security.Principal caller,
                           java.security.Principal owner)
                    throws java.security.acl.NotOwnerException,
                           java.security.acl.LastOwnerException
Deletes an owner. If this is the last owner in the ACL, an exception is raised.

The caller principal must be an owner of the ACL in order to invoke this method.

Parameters:
caller - the principal invoking this method. It must be an owner of the ACL.
owner - the owner to be removed from the list of owners.
Returns:
true if the owner is removed, false if the owner is not part of the list of owners.
Throws:
java.security.acl.NotOwnerException - if the caller principal is not an owner of the ACL.
java.security.acl.LastOwnerException - if there is only one owner left, so that deleteOwner would leave the ACL owner-less.

isOwner

public boolean isOwner(java.security.Principal owner)
Returns true if the given principal is an owner of the ACL.
Parameters:
owner - the principal to be checked to determine whether or not it is an owner.
Returns:
true if the passed principal is in the list of owners, false if not.

main

public static void main(java.lang.String[] argv)
Main **