/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* An Access Control List (ACL) is encapsulated by this class.
* @author Satish Dharmaraj
*/
//
// Maintain four tables. one each for positive and negative
// ACLs. One each depending on whether the entity is a group
// or principal.
//
new Hashtable<>(23);
new Hashtable<>(23);
new Hashtable<>(23);
new Hashtable<>(23);
/**
* Constructor for creating an empty ACL.
*/
super(owner);
try {
} catch (Exception e) {}
}
/**
* Sets the name of the ACL.
* @param caller the principal who is invoking this method.
* @param name the name of the ACL.
* @exception NotOwnerException if the caller principal is
* not on the owners list of the Acl.
*/
throws NotOwnerException
{
throw new NotOwnerException();
}
/**
* Returns the name of the ACL.
* @return the name of the ACL.
*/
return aclName;
}
/**
* Adds an ACL entry to this ACL. An entry associates a
* group or a principal with a set of permissions. Each
* user or group can have one positive ACL entry and one
* negative ACL entry. If there is one of the type (negative
* or positive) already in the table, a false value is returned.
* The caller principal must be a part of the owners list of
* the ACL in order to invoke this method.
* @param caller the principal who is invoking this method.
* @param entry the ACL entry that must be added to the ACL.
* @return true on success, false if the entry is already present.
* @exception NotOwnerException if the caller principal
* is not on the owners list of the Acl.
*/
throws NotOwnerException
{
throw new NotOwnerException();
return false;
return true;
}
/**
* Removes an ACL entry from this ACL.
* The caller principal must be a part of the owners list of the ACL
* in order to invoke this method.
* @param caller the principal who is invoking this method.
* @param entry the ACL entry that must be removed from the ACL.
* @return true on success, false if the entry is not part of the ACL.
* @exception NotOwnerException if the caller principal is not
* the owners list of the Acl.
*/
throws NotOwnerException
{
throw new NotOwnerException();
return (o != null);
}
/**
* This method returns the set of allowed permissions for the
* specified principal. This set of allowed permissions is calculated
* as follows:
*
* If there is no entry for a group or a principal an empty permission
* set is assumed.
*
* The group positive permission set is the union of all
* the positive permissions of each group that the individual belongs to.
* The group negative permission set is the union of all
* the negative permissions of each group that the individual belongs to.
* If there is a specific permission that occurs in both
* the postive permission set and the negative permission set,
* it is removed from both. The group positive and negatoive permission
* sets are calculated.
*
* The individial positive permission set and the individual negative
* permission set is then calculated. Again abscence of an entry means
* the empty set.
*
* The set of permissions granted to the principal is then calculated using
* the simple rule: Individual permissions always override the Group permissions.
* Specifically, individual negative permission set (specific
* denial of permissions) overrides the group positive permission set.
* And the individual positive permission set override the group negative
* permission set.
*
* @param user the principal for which the ACL entry is returned.
* @return The resulting permission set that the principal is allowed.
*/
//
// canonicalize the sets. That is remove common permissions from
// positive and negative sets.
//
//
// net positive permissions is individual positive permissions
// plus (group positive - individual negative).
//
// recalculate the enumeration since we lost it in performing the
// subtraction
//
//
// net negative permissions is individual negative permissions
// plus (group negative - individual positive).
//
}
/**
* This method checks whether or not the specified principal
* has the required permission. If permission is denied
* permission false is returned, a true value is returned otherwise.
* This method does not authenticate the principal. It presumes that
* the principal is a valid authenticated principal.
* @param principal the name of the authenticated principal
* @param permission the permission that the principal must have.
* @return true of the principal has the permission desired, false
* otherwise.
*/
{
while (permSet.hasMoreElements()) {
if (p.equals(permission))
return true;
}
return false;
}
/**
* returns an enumeration of the entries in this ACL.
*/
return new AclEnumerator(this,
}
/**
* return a stringified version of the
* ACL.
*/
while (entries.hasMoreElements()) {
}
}
//
// Find the table that this entry belongs to. There are 4
// tables that are maintained. One each for postive and
// negative ACLs and one each for groups and users.
// This method figures out which
// table is the one that this AclEntry belongs to.
//
if (p instanceof Group) {
if (entry.isNegative())
else
} else {
if (entry.isNegative())
else
}
return aclTable;
}
//
// returns the set e1 U e2.
//
while (e1.hasMoreElements())
while (e2.hasMoreElements()) {
if (!v.contains(o))
v.addElement(o);
}
return v.elements();
}
//
// returns the set e1 - e2.
//
while (e1.hasMoreElements())
while (e2.hasMoreElements()) {
if (v.contains(o))
v.removeElement(o);
}
return v.elements();
}
while (e.hasMoreElements()) {
}
}
return groupPositive;
}
while (e.hasMoreElements()) {
}
}
return groupNegative;
}
return individualPositive;
}
return individualNegative;
}
}
}
public boolean hasMoreElements() {
return (u1.hasMoreElements() ||
u2.hasMoreElements() ||
g1.hasMoreElements() ||
g2.hasMoreElements());
}
{
AclEntry o;
synchronized (acl) {
if (u1.hasMoreElements())
return u1.nextElement();
if (u2.hasMoreElements())
return u2.nextElement();
if (g1.hasMoreElements())
return g1.nextElement();
if (g2.hasMoreElements())
return g2.nextElement();
}
throw new NoSuchElementException("Acl Enumerator");
}
}