Package java.security.acl

Interface Acl

All Superinterfaces:
Owner
public interface Acl
extends Owner
The Access Control List (ACL) interface definition.

An ACL is a set of AclEntry objects.

An AclEntry is a list of Permissions that are granted (positive) or denied (negative) to a Principal.

An Acl has a list of owners (Owner) which are principals as well Principal. Only those principals which are the Acl's owners are allowed to modify the Acl.

The ACL has to conform to the following rules:

  • For each Principal there can be only one positive and one negative AclEntry.
  • If the two AclEntry's (positive and negative) for a specific Principal grant and deny the same Permission to that Principal, then that Permission is treated as neither granted nor denied to that Principal.
  • Permissions associated with an individual Principal always override permissions of the group(s) to which the individual belongs.
  • If there is no AclEntry associated with a specific Principal, then it is interpreted as an empty list of permissions.

  • Method Details

    • setName

      void setName​(Principal caller, String name) throws NotOwnerException
      Sets the name of this ACL instance.
      Parameters:
      caller - the invoking Principal.
      name - the name to be set.
      Throws:
      NotOwnerException - if the invoking Principal is not an owner of this ACL.

    • getName

      String getName()
      Returns the name of this ACL instance.
      Returns:
      the name of this ACL instance.

    • addEntry

      boolean addEntry​(Principal caller, AclEntry entry) throws NotOwnerException
      Adds an AclEntry to this ACL instance.

      If the ACL already has an AclEntry of the same type ( positive or negative) and principal, then the new entry is not added.

      Parameters:
      caller - the invoking Principal.
      entry - the ACL entry to add.
      Returns:
      true if the entry is added, false if there is already an entry of the same type for the same principal
      Throws:
      NotOwnerException - if the invoking Principal is not an owner of this ACL.

    • removeEntry

      boolean removeEntry​(Principal caller, AclEntry entry) throws NotOwnerException
      Removes an AclEntry from this ACL instance.
      Parameters:
      caller - the invoking Principal.
      entry - the ACL entry to remove.
      Returns:
      true if the entry is removed, false if the entry is not in this ACL.
      Throws:
      NotOwnerException - if the invoking Principal is not an owner of this ACL.

    • getPermissions

      Enumeration<Permission> getPermissions​(Principal user)
      Returns the set of allowed permissions for the specified Principal.

      If the specified principal has no entry in this ACL, an empty set is returned.

      The allowed permissions are collected according to the following rules:

      • The two permission lists (positive and negative) of the principal's groups (Group) are collected. The positive (granted) permissions are the union of all group's positive permissions that the principal belongs to, the negative (denied) permissions are the union of all group's negative permissions that the principal belongs to. If a specific permission is in both the positive and the negative list, it is removed from both lists.
      • The individual permissions (positive and negative) of the principal override the group permissions. The positive individual permissions override the group's negative permissions and the negative individual permissions override the grpup's positive permissions.
      Parameters:
      user - the principal to get the allowed permissions for.
      Returns:
      the set of allowed permissions for the specified principal.

    • entries

      Enumeration<AclEntry> entries()
      Returns an Enumeration of the AclEntry of this ACL.
      Returns:
      an Enumeration of the AclEntry of this ACL.

    • checkPermission

      boolean checkPermission​(Principal principal, Permission permission)
      Checks whether the specified principal is granted the specified permission.

      The list of granted permissions is determined according to the rules specified by getPermissions.

      Parameters:
      principal - the principal the check the permissions for.
      permission - the permission to check for the principal.
      Returns:
      true if the principal is granted the permission, otherwise false.
      See Also:
      getPermissions(Principal)

    • toString

      String toString()
      Returns the string representation of this ACL.
      Overrides:
      toString in class Object
      Returns:
      the string representation of this ACL.