| 
 | BEA Systems, Inc. | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
java.lang.Object
  |
  +--weblogic.security.acl.OwnerImpl
        |
        +--weblogic.security.acl.AclImpl
This class implements the java.security.acl.Acl interface with optimization for checking permissions.
The implementation manages permissions in groups of 32. Each group has separate hash tables mapping groups and users to pairs of bit masks representing granted and not denied permissions. Permission is checked by finding the right group, computing the bitmask corresponding to the specific permission, and doing the bit arithmetic.
The AclEntry objects used in the interfaces are not kept. They are analyzed on input and synthesized on demand.
An ACL is a data structure with multiple AclEntry objects. Each AclEntry object contains a set of permissions associated with a particular principal, which represents an entity such as an individual user or a group).
Additionally, each AclEntry is specified as either positive or negative. If positive, the permissions are to be granted to the associated principal. If negative, the permissions are to be denied.
Each AclEntry in each ACL observes the following rules:
The java.security.acl package provides the interfaces to the ACL and related data structures (ACL entries, groups, permissions, etc.), and the sun.security.acl classes provide a default implementation of the interfaces. For example, java.security.acl.Acl provides the interface to an ACL and the sun.security.acl.AclImpl class provides the default implementation of the interface.
The java.security.acl.Acl interface extends the java.security.acl.Owner interface. The Owner interface is used to maintain a list of owners for each ACL. Only owners are allowed to modify an ACL. For example, only an owner can call the ACL's addEntry() method to add a new AclEntry to the ACL.
AclEntry, 
Owner, 
Acl.getPermissions(java.security.Principal), Serialized Form| Constructor Summary | |
| AclImpl(java.security.Principal caller,
        java.lang.String name)Deprecated. Sets the name of an ACL to the specified string. | |
| Method Summary | |
|  boolean | addEntry(java.security.Principal caller,
         java.security.acl.AclEntry entry)Deprecated. Adds an AclEntry. | 
|  boolean | checkPermission(java.security.Principal principal,
                java.security.acl.Permission permission)Deprecated. Determines whether the specified principal has the specified permission. | 
|  java.util.Enumeration | entries()Deprecated. Returns an enumeration of the entries in an ACL. | 
|  java.lang.String | getName()Deprecated. Returns the name of this ACL as a string. | 
| protected  int | getPermission(java.security.Principal principal,
              java.security.acl.Permission permission)Deprecated. | 
|  java.util.Enumeration | getPermissions(java.security.Principal user)Deprecated. Returns an enumeration for the set of allowed permissions for the specified principal (representing an entity such as an individual or a group). | 
|  boolean | removeEntry(java.security.Principal caller,
            java.security.acl.AclEntry entry)Deprecated. Removes an AclEntry from an ACL. | 
|  void | setName(java.security.Principal caller,
        java.lang.String name)Deprecated. Sets the name of an ACL to the specified string. | 
|  java.lang.String | toString()Deprecated. Returns a string representation of the contents of an ACL. | 
| Methods inherited from class weblogic.security.acl.OwnerImpl | 
| addOwner, 
deleteOwner, 
isOwner | 
| Methods inherited from class java.lang.Object | 
| clone, 
equals, 
finalize, 
getClass, 
hashCode, 
notify, 
notifyAll, 
wait, 
wait, 
wait | 
| Constructor Detail | 
public AclImpl(java.security.Principal caller,
               java.lang.String name)
principal - Principal that owns the ACLname - Name for the ACL| Method Detail | 
public void setName(java.security.Principal caller,
                    java.lang.String name)
             throws java.security.acl.NotOwnerException
principal - Principal that owns the ACLname - Name for the ACLpublic java.lang.String getName()
public boolean addEntry(java.security.Principal caller,
                        java.security.acl.AclEntry entry)
                 throws java.security.acl.NotOwnerException
The principal that owns the ACL must be supplied.
caller - Principal that owns the ACLentry - AclEntry to be added to an ACL
public boolean removeEntry(java.security.Principal caller,
                           java.security.acl.AclEntry entry)
                    throws java.security.acl.NotOwnerException
caller - Principal that owns the ACLentry - AclEntry to be removed from an ACLpublic java.util.Enumeration getPermissions(java.security.Principal user)
The individual positive and negative permission sets are also determined. The positive permission set contains the permissions specified in the positive AclEntry (if any) for the principal. Similarly, the negative permission set contains the permissions specified in the negative AclEntry (if any) for the principal. The individual positive (or negative) permission set is considered to be null if there is not a positive (negative) AclEntry for the principal in an ACL.
The set of permissions granted to the principal is then calculated using the simple rule that individual permissions always override the group permissions. That is, the principal's individual negative permission set (specific denial of permissions) overrides the group positive permission set, and the principal's individual positive permission set overrides the group negative permission set.
user - Principal whose permission set is to be returnedpublic java.util.Enumeration entries()
public boolean checkPermission(java.security.Principal principal,
                               java.security.acl.Permission permission)
More specifically, this method checks whether the passed permission is a member of the allowed permission set of the specified principal. The allowed permission set is determined by the same algorithm as is used by the getPermissions() method.
principal - Principal (assumed to be a valid authenticated Principal)permission - Permission to be checked forgetPermissions(java.security.Principal)
protected int getPermission(java.security.Principal principal,
                            java.security.acl.Permission permission)
public java.lang.String toString()
| 
 | Documentation is available at http://download.oracle.com/docs/cd/E13222_01/wls/docs81 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||