|
SilverStream Application Server 3.5 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.sssw.rts.acl.AgoAcl
Represents the access rights to a SilverStream object as an Access Control List. Note that not all SilverStream access rights are representable as an access control list -- only those that constitute "simple expressions".
An AgoAcl can be constructed "from scratch" -- e.g. by an application that is preparing to set security on an object -- or from the security expressions obtained from an already-stored object. In the latter case, the Acl is constructed with a MetaData tree containing the entire security information for the object (all types).
Acl
,
AclEntry
,
AgoAclEntry
Constructor Summary | |
AgoAcl()
|
Method Summary | |
boolean |
addEntry(Principal caller,
AclEntry entry)
Adds an ACL entry to this ACL. |
boolean |
addOwner(Principal caller,
Principal owner)
Adds an owner. |
boolean |
checkPermission(Principal principal,
Permission permission)
Checks whether or not the specified principal has the specified permission. |
boolean |
deleteOwner(Principal caller,
Principal owner)
Deletes an owner. |
Enumeration |
entries()
Returns an enumeration of the entries in this ACL. |
String |
getName()
Returns the name of this ACL. |
Enumeration |
getPermissions(Principal user)
Returns an enumeration for the set of allowed permissions for the specified principal (representing an entity such as an individual or a group). |
boolean |
isOwner(Principal owner)
Returns true if the given principal is an owner of the ACL. |
boolean |
removeEntry(Principal caller,
AclEntry entry)
Removes an ACL entry from this ACL. |
void |
setName(Principal caller,
String name)
Sets the name of this ACL. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Constructor Detail |
public AgoAcl()
Method Detail |
public boolean addOwner(Principal caller, Principal owner) throws NotOwnerException
caller
- the principal invoking this method. It must be an owner
of the ACL.owner
- the owner that should be added to the list of owners.// Create an ACL object. AgoAcl acl = ... // Set the caller. Principal prAclCaller = ... // Set the ACL owner. Principal prAclOwner = ... // Add an owner to the ACL. boolean success = acl.addOwner(prAclCaller, prAclOwner);
public boolean deleteOwner(Principal caller, Principal owner) throws NotOwnerException, LastOwnerException
The caller principal must be an owner of the ACL in order to invoke this method.
caller
- the principal invoking this method. It must be an owner
of the ACL.owner
- the owner to be removed from the list of owners.// Create an ACL object. AgoAcl acl = ... // Set the caller. Principal prAclCaller = ... // Set the ACL owner. Principal prAclOwner = ... // Add an owner to the ACL. boolean success = acl.addOwner(prAclCaller, prAclOwner); // ... some processing // Delete the ACL owner success = acl.deleteOwner(prAclCaller, prAclOwner);
public boolean isOwner(Principal owner)
owner
- the principal to be checked to determine whether or not
it is an owner.// Create an ACL object. AgoAcl acl = ... // ... set up the ACL // Set a Principal Principal pr = ... // See if the specified Principal is the owner of the ACL. boolean isOwner = acl.isOwner(pr);
public void setName(Principal caller, String name) throws NotOwnerException
caller
- the principal invoking this method. It must be an
owner of this ACL.name
- the name to be given to this ACL.// Set the caller Principal prAclCaller = ... // Set the name of the ACL acl.setName(prAclCaller, "ACL1");
public String getName()
String aclName = acl.getName();
public boolean addEntry(Principal caller, AclEntry entry) throws NotOwnerException
caller
- the principal invoking this method. It must be an
owner of this ACL.entry
- the ACL entry to be added to this ACL.// Get the owner for the ACL. Principal owner = server.getCurrentPrincipal(); // Add the "world" entry to the ACL. AclEntry world = server.createAclEntry(); Principal w = server.getWorldPrincipal(); world.setPrincipal(w); world.addPermission(AgoPermission.READ); acl.addEntry(owner, world); // Create an ACL entry AclEntry entry = server.createAclEntry(); // Set the principal into the ACL entry Principal pr = server.parseUser("nightghost"); entry.setPrincipal(pr); // Add the permission for the principal into the ACL entry entry.addPermission(AgoPermission.WRITE); // Add the entry to the ACL boolean success = acl.addEntry(owner, entry);
public boolean removeEntry(Principal caller, AclEntry entry) throws NotOwnerException
caller
- the principal invoking this method. It must be an
owner of this ACL.entry
- the ACL entry to be removed from this ACL.boolean success = acl.removeEntry(owner, entry);
public Enumeration getPermissions(Principal user)
user
- the principal whose permission set is to be returned.
The individual positive and negative permission sets are also determined. The positive permission set contains the permissions specified in the positive ACL entry (if any) for the principal. Similarly, the negative permission set contains the permissions specified in the negative ACL entry (if any) for the principal. The individual positive (or negative) permission set is considered to be null if there is not a positive (negative) ACL entry for the principal in this ACL.
The set of permissions granted to the principal is then calculated using the simple rule that individual permissions always override the group permissions. That is, the principal's individual negative permission set (specific denial of permissions) overrides the group positive permission set, and the principal's individual positive permission set overrides the group negative permission set.
This method is from java.security.acl.Acl.
Principal pr = ... Enumeration e = acl.getPermissions(pr);
public Enumeration entries()
Enumeration e = acl.entries();
public boolean checkPermission(Principal principal, Permission permission)
principal
- the principal, assumed to be a valid authenticated
Principalpermission
- the permission to be checked forThis method checks whether the passed permission
is a member of the allowed permission set of the specified principal.
The allowed permission set is determined by the same algorithm as is
used by the getPermissions
method.
This method is from java.security.acl.Acl.
AgoAcl.getPermissions(Principal)
|
SilverStream Application Server 3.5 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |