Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.6)

Part Number E13941-06

weblogic.security.acl
Class AclImpl

java.lang.Object
  extended by weblogic.security.acl.OwnerImpl
      extended by weblogic.security.acl.AclImpl
All Implemented Interfaces:
Serializable, Acl, Owner

Deprecated. Deprecated in WebLogic Server 7.0. Replaced by the rules-based Authorization Provider in the Pluggable Security Infrastructure.

public class AclImpl
extends OwnerImpl
implements Acl, Serializable

This class implements the java.security.acl.Acl interface with optimization for checking permissions.

The implementation manages permissions in groups of 32. Each group has separate hash tables mapping groups and users to pairs of bit masks representing granted and not denied permissions. Permission is checked by finding the right group, computing the bitmask corresponding to the specific permission, and doing the bit arithmetic.

The AclEntry objects used in the interfaces are not kept. They are analyzed on input and synthesized on demand.

An ACL is a data structure with multiple AclEntry objects. Each AclEntry object contains a set of permissions associated with a particular principal, which represents an entity such as an individual user or a group).

Additionally, each AclEntry is specified as either positive or negative. If positive, the permissions are to be granted to the associated principal. If negative, the permissions are to be denied.

Each AclEntry in each ACL observes the following rules:

The java.security.acl package provides the interfaces to the ACL and related data structures (ACL entries, groups, permissions, etc.), and the sun.security.acl classes provide a default implementation of the interfaces. For example, java.security.acl.Acl provides the interface to an ACL and the sun.security.acl.AclImpl class provides the default implementation of the interface.

The java.security.acl.Acl interface extends the java.security.acl.Owner interface. The Owner interface is used to maintain a list of owners for each ACL. Only owners are allowed to modify an ACL. For example, only an owner can call the ACL's addEntry() method to add a new AclEntry to the ACL.

See Also:
AclEntry, Owner, Acl.getPermissions(java.security.Principal), Serialized Form

Constructor Summary
AclImpl(Principal caller, String name)
          Deprecated. Sets the name of an ACL to the specified string.
 
Method Summary
 boolean addEntry(Principal caller, AclEntry entry)
          Deprecated. Adds an AclEntry.
 boolean checkPermission(Principal principal, Permission permission)
          Deprecated. Determines whether the specified principal has the specified permission.
 Enumeration entries()
          Deprecated. Returns an enumeration of the entries in an ACL.
 String getName()
          Deprecated. Returns the name of this ACL as a string.
protected  int getPermission(Principal principal, Permission permission)
          Deprecated.  
 Enumeration getPermissions(Principal user)
          Deprecated. Returns an enumeration for the set of allowed permissions for the specified principal (representing an entity such as an individual or a group).
 boolean removeEntry(Principal caller, AclEntry entry)
          Deprecated. Removes an AclEntry from an ACL.
 void setName(Principal caller, String name)
          Deprecated. Sets the name of an ACL to the specified string.
 String toString()
          Deprecated. Returns a string representation of the contents of an ACL.
 
Methods inherited from class weblogic.security.acl.OwnerImpl
addOwner, deleteOwner, isOwner
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface java.security.acl.Owner
addOwner, deleteOwner, isOwner
 

Constructor Detail

AclImpl

public AclImpl(Principal caller,
               String name)
Deprecated. 
Sets the name of an ACL to the specified string. The principal that owns the ACL must be supplied.

Parameters:
caller - Principal that owns the ACL
name - Name for the ACL
Method Detail

setName

public void setName(Principal caller,
                    String name)
             throws NotOwnerException
Deprecated. 
Sets the name of an ACL to the specified string. The principal that owns the ACL must be supplied.

Specified by:
setName in interface Acl
Parameters:
caller - Principal that owns the ACL
name - Name for the ACL
Throws:
NotOwnerException - if the caller principal does not own the ACL

getName

public String getName()
Deprecated. 
Returns the name of this ACL as a string.

Specified by:
getName in interface Acl
Returns:
ACL name

addEntry

public boolean addEntry(Principal caller,
                        AclEntry entry)
                 throws NotOwnerException
Deprecated. 
Adds an AclEntry. An AclEntry associates a principal (e.g., an individual or a group) with a set of permissions. Each principal can have at most one positive AclEntry (specifying permissions to be granted to the principal) and one negative AclEntry (specifying permissions to be denied). If there is already an AclEntry of the same type (negative or positive) already in the ACL, false is returned.

The principal that owns the ACL must be supplied.

Specified by:
addEntry in interface Acl
Parameters:
caller - Principal that owns the ACL
entry - AclEntry to be added to an ACL
Returns:
false if an entry of the same type (positive or negative) for the same principal is already present
Throws:
NotOwnerException - if the caller principal does not own the ACL

removeEntry

public boolean removeEntry(Principal caller,
                           AclEntry entry)
                    throws NotOwnerException
Deprecated. 
Removes an AclEntry from an ACL. The principal that owns the ACL must be supplied.

Specified by:
removeEntry in interface Acl
Parameters:
caller - Principal that owns the ACL
entry - AclEntry to be removed from an ACL
Returns:
false if there is no entry
Throws:
NotOwnerException - if the caller principal does not own the ACL

getPermissions

public Enumeration getPermissions(Principal user)
Deprecated. 
Returns an enumeration for the set of allowed permissions for the specified principal (representing an entity such as an individual or a group). This set of allowed permissions is calculated as follows:

Specified by:
getPermissions in interface Acl
Parameters:
user - Principal whose permission set is to be returned
Returns:
Enumeration of permissions the principal is allowed

entries

public Enumeration entries()
Deprecated. 
Returns an enumeration of the entries in an ACL. Each element in the enumeration is of type AclEntry.

Specified by:
entries in interface Acl
Returns:
Enumeration of the entries in an ACL

checkPermission

public boolean checkPermission(Principal principal,
                               Permission permission)
Deprecated. 
Determines whether the specified principal has the specified permission. True is returned if so; otherwise false is returned.

More specifically, this method checks whether the passed permission is a member of the allowed permission set of the specified principal. The allowed permission set is determined by the same algorithm as is used by the getPermissions() method.

Specified by:
checkPermission in interface Acl
Parameters:
principal - Principal (assumed to be a valid authenticated Principal)
permission - Permission to be checked for
Returns:
true if the principal has the specified permission
See Also:
AclImpl.getPermissions(java.security.Principal)

getPermission

protected int getPermission(Principal principal,
                            Permission permission)
Deprecated. 

toString

public String toString()
Deprecated. 
Returns a string representation of the contents of an ACL.

Specified by:
toString in interface Acl
Overrides:
toString in class Object
Returns:
String representation of the ACL contents

Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.6)

Part Number E13941-06