: Class TsAcl

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.tspaces.ac
Class TsAcl

java.lang.Object
  |
  +--com.ibm.tspaces.ac.TsAcl

public class TsAcl
extends java.lang.Object
implements java.io.Serializable, java.security.acl.Acl

This class implements the java.security.Acl Interface. An Access Control List is a data structure used to guard access to resources.

An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). Additionally, each ACL entry is specified as being either positive or negative. If positive, the permissions are to be granted to the associated principal. If negative, the permissions are to be denied.

Internally tsAcl is contains the following instance variables.

  String  _Name	Name used to refer to this Acl
  Vector  _Owners	Vector of owners of this ACL
  Vector _AclEntries	Vector of ACLEntry items.

Author:: John Thomas
See Also:: TupleSpace, SubclassableTuple, Acl, AclEntry, Serialized Form

Constructor Summary

TsAcl(java.lang.String name, java.security.Principal owner)
          Constructor with name and Owner specified.

Method Summary

boolean addEntry(java.security.Principal caller, java.security.acl.AclEntry entry)
          Adds an ACL entry to this ACL.

boolean addOwner(java.security.Principal caller, java.security.Principal owner)
          Adds an owner.

boolean checkPermission(java.security.Principal user, java.security.acl.Permission permission)
          Checks whether or not the specified principal has the specified permission.

java.lang.String debug()
          Returns a string representation of the ACL contents for debug use.

boolean deleteOwner(java.security.Principal caller, java.security.Principal owner)
          Deletes an owner.

java.util.Enumeration entries()
          Returns an enumeration of the entries in this ACL.

java.lang.String getName()
          This will return the name of the Acl

java.util.Enumeration getPermissions(java.security.Principal user)
          Returns an enumeration for the set of allowed permissions for the specified principal (representing an entity such as an individual or a group).

boolean isOwner(java.security.Principal owner)
          Returns true if the given principal is an owner of the ACL.

static void main(java.lang.String[] argv)
          Main **

boolean removeEntry(java.security.Principal caller, java.security.acl.AclEntry entry)
          Removes an ACL entry from this ACL.

void setName(java.security.Principal caller, java.lang.String name)
          Sets the name of this ACL.

java.lang.String showPermissions(java.security.Principal user)
          simple debug rtn to display permissions for a user

java.lang.String toString()
          Returns a string representation of the ACL contents.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

TsAcl

public TsAcl(java.lang.String name,
             java.security.Principal owner)

Constructor with name and Owner specified. This will build an Acl object with the specified name and owner.

Parameters:: name - Name for the resulting Acl; owner - Principal for the owner of the ACL

Method Detail

getName

public java.lang.String getName()

This will return the name of the Acl

Specified by:: getName in interface java.security.acl.Acl

Returns:: the name of this ACL.

setName

public void setName(java.security.Principal caller,
                    java.lang.String name)
             throws java.security.acl.NotOwnerException

Sets the name of this ACL.

Specified by:: setName in interface java.security.acl.Acl

Parameters:: caller - the principal invoking this method. It must be an owner of this ACL.; name - the name to be given to this ACL.
Throws:: java.security.acl.NotOwnerException - if the caller principal is not an owner of this ACL.

addEntry

public boolean addEntry(java.security.Principal caller,
                        java.security.acl.AclEntry entry)
                 throws java.security.acl.NotOwnerException

Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) with a set of permissions. Each principal can have at most one positive ACL entry (specifying permissions to be granted to the principal) and one negative ACL entry (specifying permissions to be denied). If there is already an ACL entry of the same type (negative or positive) already in the ACL, false is returned.

Specified by:: addEntry in interface java.security.acl.Acl

Parameters:: caller - the principal invoking this method. It must be an owner of this ACL.; entry - the ACL entry to be added to this ACL.
Returns:: true on success, false if an entry of the same type (positive or negative) for the same principal is already present in this ACL.
Throws:: java.security.acl.NotOwnerException - if the caller principal is not an owner of this ACL.

removeEntry

public boolean removeEntry(java.security.Principal caller,
                           java.security.acl.AclEntry entry)
                    throws java.security.acl.NotOwnerException

Removes an ACL entry from this ACL.

Specified by:: removeEntry in interface java.security.acl.Acl

Parameters:: caller - the principal invoking this method. It must be an owner of this ACL.; entry - the ACL entry to be removed from this ACL.
Returns:: true on success, false if the entry is not part of this ACL.
Throws:: java.security.acl.NotOwnerException - if the caller principal is not an owner of this Acl.

getPermissions

public java.util.Enumeration getPermissions(java.security.Principal user)

Returns an enumeration for the set of allowed permissions for the specified principal (representing an entity such as an individual or a group). This set of allowed permissions is calculated as follows:

If there is no entry in this Access Control List for the specified principal, an empty permission set is returned.
Otherwise, the principal's group permission sets are determined. (A principal can belong to one or more groups, where a group is a group of principals, represented by the Group interface.) The group positive permission set is the union of all the positive permissions of each group that the principal belongs to. The group negative permission set is the union of all the negative permissions of each group that the principal belongs to. If there is a specific permission that occurs in both the positive permission set and the negative permission set, it is removed from both.
The individual positive and negative permission sets are also determined. The positive permission set contains the permissions specified in the positive ACL entry (if any) for the principal. Similarly, the negative permission set contains the permissions specified in the negative ACL entry (if any) for the principal. The individual positive (or negative) permission set is considered to be null if there is not a positive (negative) ACL entry for the principal in this ACL.
The set of permissions granted to the principal is then calculated using the simple rule that individual permissions always override the group permissions. That is, the principal's individual negative permission set (specific denial of permissions) overrides the group positive permission set, and the principal's individual positive permission set overrides the group negative permission set.

Specified by:: getPermissions in interface java.security.acl.Acl

Parameters:: user - the principal whose permission set is to be returned.
Returns:: the permission set specifying the permissions the principal is allowed.

checkPermission

public boolean checkPermission(java.security.Principal user,
                               java.security.acl.Permission permission)

Checks whether or not the specified principal has the specified permission. If it does, true is returned, otherwise false is returned. More specifically, this method checks whether the passed permission is a member of the allowed permission set of the specified principal. The allowed permission set is determined by the same algorithm as is used by the getPermissions method.

Specified by:: checkPermission in interface java.security.acl.Acl

Parameters:: user - the principal, assumed to be a valid authenticated Principal.; permission - the permission to be checked for.
Returns:: true if the principal has the specified permission, false otherwise.
See Also:: getPermissions(java.security.Principal)

showPermissions

public java.lang.String showPermissions(java.security.Principal user)

simple debug rtn to display permissions for a user

entries

public java.util.Enumeration entries()

Returns an enumeration of the entries in this ACL. Each element in the enumeration is of type AclEntry.

Specified by:: entries in interface java.security.acl.Acl

Returns:: an enumeration of the entries in this ACL.

toString

public java.lang.String toString()

Returns a string representation of the ACL contents.

Specified by:: toString in interface java.security.acl.Acl
Overrides:: toString in class java.lang.Object

Returns:: a string representation of the ACL contents.

debug

public java.lang.String debug()

Returns a string representation of the ACL contents for debug use.

Returns:: a string representation of the ACL contents.

addOwner

public boolean addOwner(java.security.Principal caller,
                        java.security.Principal owner)
                 throws java.security.acl.NotOwnerException

Adds an owner. Only owners can modify ACL contents. The caller principal must be an owner of the ACL in order to invoke this method. That is, only an owner can add another owner. The initial owner is configured at ACL construction time.

Parameters:: caller - the principal invoking this method. It must be an owner of the ACL.; owner - the owner that should be added to the list of owners.
Returns:: true if successful, false if owner is already an owner.
Throws:: java.security.acl.NotOwnerException - if the caller principal is not an owner of the ACL.

deleteOwner

public boolean deleteOwner(java.security.Principal caller,
                           java.security.Principal owner)
                    throws java.security.acl.NotOwnerException,
                           java.security.acl.LastOwnerException

Deletes an owner. If this is the last owner in the ACL, an exception is raised.

The caller principal must be an owner of the ACL in order to invoke this method.

Parameters:: caller - the principal invoking this method. It must be an owner of the ACL.; owner - the owner to be removed from the list of owners.
Returns:: true if the owner is removed, false if the owner is not part of the list of owners.
Throws:: java.security.acl.NotOwnerException - if the caller principal is not an owner of the ACL.; java.security.acl.LastOwnerException - if there is only one owner left, so that deleteOwner would leave the ACL owner-less.

isOwner

public boolean isOwner(java.security.Principal owner)

Returns true if the given principal is an owner of the ACL.

Parameters:: owner - the principal to be checked to determine whether or not it is an owner.
Returns:: true if the passed principal is in the list of owners, false if not.

main

public static void main(java.lang.String[] argv)

Main **