151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Copyright (c) 1996, 2004, Oracle and/or its affiliates. All rights reserved. 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage java.security.acl; 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Enumeration; 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.Principal; 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This is the interface used for representing one entry in an Access 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Control List (ACL).<p> 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * An ACL can be thought of as a data structure with multiple ACL entry 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * objects. Each ACL entry object contains a set of permissions associated 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * with a particular principal. (A principal represents an entity such as 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * an individual user or a group). Additionally, each ACL entry is specified 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * as being either positive or negative. If positive, the permissions are 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * to be granted to the associated principal. If negative, the permissions 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * are to be denied. Each principal can have at most one positive ACL entry 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * and one negative entry; that is, multiple positive or negative ACL 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * entries are not allowed for any principal. 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Note: ACL entries are by default positive. An entry becomes a 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * negative entry only if the 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link #setNegativePermissions() setNegativePermissions} 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method is called on it. 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see java.security.acl.Acl 5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Satish Dharmaraj 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic interface AclEntry extends Cloneable { 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 5651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Specifies the principal for which permissions are granted or denied 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by this ACL entry. If a principal was already set for this ACL entry, 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * false is returned, otherwise true is returned. 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param user the principal to be set for this entry. 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if the principal is set, false if there was 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * already a principal set for this entry. 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getPrincipal 6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean setPrincipal(Principal user); 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the principal for which permissions are granted or denied by 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * this ACL entry. Returns null if there is no principal set for this 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * entry yet. 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the principal associated with this entry. 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setPrincipal 7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Principal getPrincipal(); 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Sets this ACL entry to be a negative one. That is, the associated 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * principal (e.g., a user or a group) will be denied the permission set 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specified in the entry. 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Note: ACL entries are by default positive. An entry becomes a 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * negative entry only if this <code>setNegativePermissions</code> 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method is called on it. 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public void setNegativePermissions(); 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns true if this is a negative ACL entry (one denying the 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * associated principal the set of permissions in the entry), false 9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * otherwise. 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if this is a negative ACL entry, false if it's not. 9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean isNegative(); 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 10251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Adds the specified permission to this ACL entry. Note: An entry can 10351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * have multiple permissions. 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 10551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param permission the permission to be associated with 10651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the principal in this entry. 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if the permission was added, false if the 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * permission was already part of this entry's permission set. 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 11151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean addPermission(Permission permission); 11251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Removes the specified permission from this ACL entry. 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param permission the permission to be removed from this entry. 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if the permission is removed, false if the 11951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * permission was not part of this entry's permission set. 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean removePermission(Permission permission); 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 12351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Checks if the specified permission is part of the 12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * permission set in this entry. 12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param permission the permission to be checked for. 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if the permission is part of the 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * permission set in this entry, false otherwise. 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean checkPermission(Permission permission); 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns an enumeration of the permissions in this ACL entry. 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return an enumeration of the permissions in this ACL entry. 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Enumeration<Permission> permissions(); 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a string representation of the contents of this ACL entry. 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a string representation of the contents. 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public String toString(); 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Clones this ACL entry. 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a clone of this ACL entry. 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Object clone(); 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 155