|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object atg.security.AccessControlList
public class AccessControlList
A set of access rights that determine the accessibility of something to someone.
java.security.acl.Acl compatibility notes:
AccessControlEntry
,
AccessRight
,
Serialized FormField Summary | |
---|---|
static java.lang.String |
CLASS_VERSION
|
static AccessControlList |
EMPTY
An empty access control list, useful as a default or error value for routines that need to return such a thing. |
static AccessControlEntry[] |
EMPTY_ACL
Deprecated. |
Fields inherited from interface atg.security.StandardAccessRights |
---|
CREATE, DELETE, DESTROY, EXECUTE, LIST, MAP, PRIVILEGE, READ, READ_ACL, READ_OWNER, RENAME, TRAVERSE, WRITE, WRITE_ACL, WRITE_OWNER |
Constructor Summary | |
---|---|
AccessControlList()
Creates an empty access control list. |
|
AccessControlList(AccessControlEntry[] pAcl)
Creates an access control list for a series of access control entries. |
|
AccessControlList(AccessControlList pAcl)
Creates a copy of an access control list. |
|
AccessControlList(AccessControlList[] pAcls)
Creates a new access control list that is the concatenation of a set of other access control lists. |
|
AccessControlList(AccessControlList pAcl1,
AccessControlList pAcl2)
Creates a new access control list that merges two access control lists. |
Method Summary | |
---|---|
void |
add(AccessControlEntry pAce)
Adds a given ACE from the ACL. |
static AccessControlEntry[] |
add(AccessControlEntry[] pAcl,
AccessControlEntry pEntry)
Adds a new access control entry to an access control list, returning the concatenated list. |
void |
add(Persona pPersona,
AccessRight pRight,
int pType)
Adds an access right if it does not already exist. |
boolean |
addEntry(java.security.Principal pCaller,
java.security.acl.AclEntry pEntry)
|
boolean |
addOwner(java.security.Principal pCaller,
java.security.Principal pNewOwner)
|
void |
append(AccessControlList pAcl)
Appends the access control information from another access control list onto this one. |
void |
canonicalize()
Transforms the ACL into a set of ACEs where each ACE has only one access right. |
boolean |
checkPermission(java.security.Principal pPrincipal,
java.security.acl.Permission pPermission)
|
java.lang.Object |
clone()
Creates a copy of this object. |
boolean |
deleteOwner(java.security.Principal pCaller,
java.security.Principal pOldOwner)
|
java.util.Enumeration |
entries()
|
AccessControlEntry[] |
getAccessControlEntries()
Returns the raw access control entries in the list. |
AccessControlEntry[] |
getEntriesForPersona(Persona pPersona)
Returns the access control entries that apply to a particular user. |
int |
getLength()
Returns the number of access control entries in the list. |
java.lang.String |
getName()
|
java.util.Enumeration |
getPermissions(java.security.Principal pPrincipal)
|
Persona[] |
getPersonae()
Returns a list of personae that are referred to by the ACL. |
static boolean |
hasAccessRight(User pUser,
AccessRight pDesiredRight,
AccessControlEntry[] pAcl)
Determines whether or not a user has a particular right within an access control list. |
boolean |
isOwner(java.security.Principal pPrincipal)
|
boolean |
isReadOnly()
Returns true if this ACL has been marked as read-only. |
void |
optimize()
Optimizes the ACL. |
static AccessControlList |
parse(java.lang.String pAclString,
SecurityConfiguration pConfig)
Converts a string describing an ACL into an actual ACL, validating personae, ACE types, and access rights. |
static AccessControlList |
parse(java.lang.String pAclString,
SecurityConfiguration pConfig,
boolean pBestEffort)
An ACL parsing variant that will ignore inconsistencies if pBestEffort is true. |
static AccessControlEntry[] |
parse(java.lang.String pAclString,
UserAuthority pAuthority)
Deprecated. |
void |
remove(AccessControlEntry pAce)
Removes a given ACE from the ACL. |
static AccessControlEntry[] |
remove(AccessControlEntry[] pAcl,
AccessControlEntry pEntry)
Removes an access control entry from an access control list, returning the resulting list. |
void |
remove(Persona pPersona,
AccessRight pRight,
int pType)
Removes an access right if it exists. |
boolean |
removeEntry(java.security.Principal pCaller,
java.security.acl.AclEntry pEntry)
|
void |
setName(java.security.Principal pCaller,
java.lang.String pName)
|
void |
setReadOnly(boolean b)
If set to true, this ACL becomes immutable. |
java.lang.String |
toString()
Returns a string representation of an ACL. |
static java.lang.String |
toString(AccessControlEntry[] pAcl)
Converts an access control list into a string. |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static java.lang.String CLASS_VERSION
public static final AccessControlEntry[] EMPTY_ACL
EMPTY
,
AccessControlEntry#EMPTY_ACES
public static final AccessControlList EMPTY
Constructor Detail |
---|
public AccessControlList()
public AccessControlList(AccessControlEntry[] pAcl)
public AccessControlList(AccessControlList pAcl)
public AccessControlList(AccessControlList pAcl1, AccessControlList pAcl2)
public AccessControlList(AccessControlList[] pAcls)
Method Detail |
---|
public void add(AccessControlEntry pAce)
java.lang.IllegalStateException
- if this ACL has been marked read-only.add(Persona, AccessRight, int)
,
setReadOnly
public void remove(AccessControlEntry pAce)
java.lang.IllegalStateException
- if this ACL has been marked read-only.remove(Persona, AccessRight, int)
,
setReadOnly
public void add(Persona pPersona, AccessRight pRight, int pType)
java.lang.IllegalStateException
- if this ACL has been marked read-only.setReadOnly
public void append(AccessControlList pAcl)
public void remove(Persona pPersona, AccessRight pRight, int pType)
java.lang.IllegalStateException
- if this ACL has been marked read-only.setReadOnly
public void canonicalize()
public void optimize()
java.lang.IllegalStateException
- if this ACL has been marked read-only.setReadOnly
public AccessControlEntry[] getAccessControlEntries()
public int getLength()
public Persona[] getPersonae()
public AccessControlEntry[] getEntriesForPersona(Persona pPersona)
public boolean isReadOnly()
public void setReadOnly(boolean b)
public java.lang.Object clone()
clone
in class java.lang.Object
public java.lang.String toString()
toString
in interface java.security.acl.Acl
toString
in class java.lang.Object
public static boolean hasAccessRight(User pUser, AccessRight pDesiredRight, AccessControlEntry[] pAcl)
public static AccessControlEntry[] add(AccessControlEntry[] pAcl, AccessControlEntry pEntry)
public static AccessControlEntry[] remove(AccessControlEntry[] pAcl, AccessControlEntry pEntry)
public static AccessControlEntry[] parse(java.lang.String pAclString, UserAuthority pAuthority)
The properties entry list is expected to be in the form:
acl ::= ace ( ';' ace )+ ace ::= ( ace-type '{' persona-and-rights '}' ) | persona-and-rights ace-type ::= "grant" | "deny" | "inheritable" | "effective" persona-and-rights ::= persona ':' right ( ',' right )+
where persona is determined by the user authority in the security configuration, and right is selected from StandardAccessRights.MAP or manufactured out of GenericAccessRight.
StandardAccessControlRights#MAP
public static AccessControlList parse(java.lang.String pAclString, SecurityConfiguration pConfig) throws InvalidPersonaException, InvalidAccessRightException, atg.security.InvalidAccessControlListException
The properties entry list is expected to be in the form:
acl ::= ace ( ';' ace )+ ace ::= ( ace-type '{' persona-and-rights '}' ) | persona-and-rights ace-type ::= "grant" | "deny" | "inheritable" | "effective" persona-and-rights ::= persona ':' right ( ',' right )+
where persona is determined by the user authority passed in the security configuration, and right is determined by the access rights map passed in the security configuration.
The returned ACL will be marked read-only.
InvalidPersonaException
- if a persona in the ACL does not valid.
InvalidAccessRightException
- if an access right in the ACL
is not valid.
InvalidAccessControlListException
- if there is a syntactic error
in the ACL.public static AccessControlList parse(java.lang.String pAclString, SecurityConfiguration pConfig, boolean pBestEffort) throws InvalidPersonaException, InvalidAccessRightException, atg.security.InvalidAccessControlListException
The returned ACL will be marked read-only.
InvalidPersonaException
InvalidAccessRightException
atg.security.InvalidAccessControlListException
public static java.lang.String toString(AccessControlEntry[] pAcl)
public boolean addEntry(java.security.Principal pCaller, java.security.acl.AclEntry pEntry)
addEntry
in interface java.security.acl.Acl
public boolean checkPermission(java.security.Principal pPrincipal, java.security.acl.Permission pPermission)
checkPermission
in interface java.security.acl.Acl
public java.util.Enumeration entries()
entries
in interface java.security.acl.Acl
public java.lang.String getName()
getName
in interface java.security.acl.Acl
public java.util.Enumeration getPermissions(java.security.Principal pPrincipal)
getPermissions
in interface java.security.acl.Acl
public boolean removeEntry(java.security.Principal pCaller, java.security.acl.AclEntry pEntry)
removeEntry
in interface java.security.acl.Acl
public void setName(java.security.Principal pCaller, java.lang.String pName)
setName
in interface java.security.acl.Acl
public boolean addOwner(java.security.Principal pCaller, java.security.Principal pNewOwner)
addOwner
in interface java.security.acl.Owner
public boolean deleteOwner(java.security.Principal pCaller, java.security.Principal pOldOwner)
deleteOwner
in interface java.security.acl.Owner
public boolean isOwner(java.security.Principal pPrincipal)
isOwner
in interface java.security.acl.Owner
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |