Book Home Java Enterprise in a Nutshell Search this book

Chapter 18. The java.security.acl Package

The java.security.acl package defines, but does not implement, an incomplete framework for working with access control lists (ACLs). This package was added in Java 1.1, but has been superseded in Java 1.2 by the access-control mechanisms of the java.security package. In particular, see the Permission and Policy classes of that package. The use of this package is not recommended. Figure 18-1 shows the class hierarchy of this package.

figure

Figure 18-1. The java.security.acl package

AclJava 1.1
java.security.acl

This interface represents an access control list, or ACL. An ACL is a list of AclEntry objects; most of the methods of this class manage that list. The exception is the checkPermission() method that tests whether this ACL grants a specified java.security.acl.Permission to a specified java.security.Principal. Note that Acl extends Owner. The methods of the Owner interface maintain a list of ACL owners. Only owners are allowed to modify an ACL.

public interface Acl extends Owner {
// Public Instance Methods
public abstract boolean addEntry (java.security.Principal caller, AclEntry entry) throws NotOwnerException;
public abstract boolean checkPermission (java.security.Principal principal, java.security.acl.Permission permission);
public abstract java.util.Enumeration entries ();
public abstract String getName ();
public abstract java.util.Enumeration getPermissions (java.security.Principal user);
public abstract boolean removeEntry (java.security.Principal caller, AclEntry entry) throws NotOwnerException;
public abstract void setName (java.security.Principal caller, String name) throws NotOwnerException;
public abstract String toString ();
}

Hierarchy: (Acl(Owner))

AclEntryJava 1.1
java.security.aclcloneable

This interface defines a single entry of an ACL. Each AclEntry represents a set of java.security.acl.Permission objects either granted or denied to a given java.security.Principal. By default, an AclEntry represents permissions granted to the principal. Call setNegativePermissions() if you want the AclEntry to represent a set of permissions to be denied.

public interface AclEntry extends Cloneable {
// Public Instance Methods
public abstract boolean addPermission (java.security.acl.Permission permission);
public abstract boolean checkPermission (java.security.acl.Permission permission);
public abstract Object clone ();
public abstract java.security.Principal getPrincipal ();
public abstract boolean isNegative ();
public abstract java.util.Enumeration permissions ();
public abstract boolean removePermission (java.security.acl.Permission permission);
public abstract void setNegativePermissions ();
public abstract boolean setPrincipal (java.security.Principal user);
public abstract String toString ();
}

Hierarchy: (AclEntry(Cloneable))

Passed To: Acl.{addEntry(), removeEntry()}

AclNotFoundExceptionJava 1.1
java.security.aclserializable checked

Signals that the specified Acl could not be found. Note that none of the interfaces in java.security.acl throw this exception; it is provided for the benefit of Acl implementations.

public class AclNotFoundException extends Exception {
// Public Constructors
public AclNotFoundException ();
}

Hierarchy: Object-->Throwable(Serializable)-->Exception-->AclNotFoundException

GroupJava 1.1
java.security.acl

This interface represents a set, or group, of java.security.Principal objects. The methods of the interface serve to manage the membership of the group. Note that Group extends the Principal interface, and, therefore, you can use a Group object wherever you would use a Principal object in this package.

public interface Group extends java.security.Principal {
// Public Instance Methods
public abstract boolean addMember (java.security.Principal user);
public abstract boolean isMember (java.security.Principal member);
public abstract java.util.Enumeration members ();
public abstract boolean removeMember (java.security.Principal user);
}

Hierarchy: (Group(java.security.Principal))

LastOwnerExceptionJava 1.1
java.security.aclserializable checked

Signals that an Acl or Owner has only one Principal remaining in its ownership list and that this single owner cannot be removed.

public class LastOwnerException extends Exception {
// Public Constructors
public LastOwnerException ();
}

Hierarchy: Object-->Throwable(Serializable)-->Exception-->LastOwnerException

Thrown By: Owner.deleteOwner()

NotOwnerExceptionJava 1.1
java.security.aclserializable checked

Thrown by various methods of Acl and Owner when they are called by a Principal that is not an owner.

public class NotOwnerException extends Exception {
// Public Constructors
public NotOwnerException ();
}

Hierarchy: Object-->Throwable(Serializable)-->Exception-->NotOwnerException

Thrown By: Acl.{addEntry(), removeEntry(), setName()}, Owner.{addOwner(), deleteOwner()}

OwnerJava 1.1
java.security.acl

This interface represents the owner or owners of an ACL. The interface defines methods for managing and checking membership in the list of owners.

public interface Owner {
// Public Instance Methods
public abstract boolean addOwner (java.security.Principal caller, java.security.Principal owner) throws NotOwnerException;
public abstract boolean deleteOwner (java.security.Principal caller, java.security.Principal owner) throws NotOwnerExceptionLastOwnerException;
public abstract boolean isOwner (java.security.Principal owner);
}

Implementations: Acl

PermissionJava 1.1
java.security.acl

This interface represents a permission. The meaning of the permission is entirely up to the implementation. Do not confuse this interface with the newer java.security.Permission class. Also note that this interface does not have the implies() method of java.security.Permission and is therefore significantly less versatile.

public interface Permission {
// Public Instance Methods
public abstract boolean equals (Object another);
public abstract String toString ();
}

Passed To: Acl.checkPermission(), AclEntry.{addPermission(), checkPermission(), removePermission()}



Library Navigation Links

Copyright © 2001 O'Reilly & Associates. All rights reserved.