Back to index...

	/*
	* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/


	package com.sun.jmx.snmp.IPAcl;



	import java.security.Principal;
	import java.security.acl.Acl;
	import java.security.acl.AclEntry;
	import java.security.acl.NotOwnerException;

	import java.io.Serializable;
	import java.security.acl.Permission;
	import java.util.Vector;
	import java.util.Enumeration;


	/**
	* Represent an Access Control List (ACL) which is used to guard access to http adaptor.
	* <P>
	* It is a data structure with multiple ACL entries. Each ACL entry, of interface type
	* AclEntry, contains a set of permissions and a set of communities associated with a
	* particular principal. (A principal represents an entity such as a host or a group of host).
	* Additionally, each ACL entry is specified as being either positive or negative.
	* If positive, the permissions are to be granted to the associated principal.
	* If negative, the permissions are to be denied.
	*
	* @see java.security.acl.Acl
	*/

	class AclImpl extends OwnerImpl implements Acl, Serializable {
	private static final long serialVersionUID = -2250957591085270029L;

	private Vector<AclEntry> entryList = null;
	private String aclName = null;

	/**
	* Constructs the ACL with a specified owner
	*
	* @param owner owner of the ACL.
	* @param name name of this ACL.
	*/
	public AclImpl (PrincipalImpl owner, String name) {
	super(owner);
	entryList = new Vector<>();
	aclName = name;
	}

	/**
	* Sets the name of this ACL.
	*
	* @param caller the principal invoking this method. It must be an owner
	* of this ACL.
	* @param name the name to be given to this ACL.
	*
	* @exception NotOwnerException if the caller principal is not an owner
	* of this ACL.
	* @see java.security.Principal
	*/
	@Override
	public void setName(Principal caller, String name)
	throws NotOwnerException {
	if (!isOwner(caller))
	throw new NotOwnerException();
	aclName = name;
	}

	/**
	* Returns the name of this ACL.
	*
	* @return the name of this ACL.
	*/
	@Override
	public String getName(){
	return aclName;
	}

	/**
	* Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group)
	* with a set of permissions. Each principal can have at most one positive ACL entry
	* (specifying permissions to be granted to the principal) and one negative ACL entry
	* (specifying permissions to be denied). If there is already an ACL entry
	* of the same type (negative or positive) already in the ACL, false is returned.
	*
	* @param caller the principal invoking this method. It must be an owner
	* of this ACL.
	* @param entry the ACL entry to be added to this ACL.
	* @return true on success, false if an entry of the same type (positive
	* or negative) for the same principal is already present in this ACL.
	* @exception NotOwnerException if the caller principal is not an owner of
	* this ACL.
	* @see java.security.Principal
	*/
	@Override
	public boolean addEntry(Principal caller, AclEntry entry)
	throws NotOwnerException {
	if (!isOwner(caller))
	throw new NotOwnerException();

	if (entryList.contains(entry))
	return false;
	/*
	for (Enumeration e = entryList.elements();e.hasMoreElements();){
	AclEntry ent = (AclEntry) e.nextElement();
	if (ent.getPrincipal().equals(entry.getPrincipal()))
	return false;
	}
	*/

	entryList.addElement(entry);
	return true;
	}

	/**
	* Removes an ACL entry from this ACL.
	*
	* @param caller the principal invoking this method. It must be an owner
	* of this ACL.
	* @param entry the ACL entry to be removed from this ACL.
	* @return true on success, false if the entry is not part of this ACL.
	* @exception NotOwnerException if the caller principal is not an owner
	* of this Acl.
	* @see java.security.Principal
	* @see java.security.acl.AclEntry
	*/
	@Override
	public boolean removeEntry(Principal caller, AclEntry entry)
	throws NotOwnerException {
	if (!isOwner(caller))
	throw new NotOwnerException();

	return (entryList.removeElement(entry));
	}

	/**
	* Removes all ACL entries from this ACL.
	*
	* @param caller the principal invoking this method. It must be an owner
	* of this ACL.
	* @exception NotOwnerException if the caller principal is not an owner of
	* this Acl.
	* @see java.security.Principal
	*/
	public void removeAll(Principal caller)
	throws NotOwnerException {
	if (!isOwner(caller))
	throw new NotOwnerException();
	entryList.removeAllElements();
	}

	/**
	* Returns an enumeration for the set of allowed permissions for
	* the specified principal
	* (representing an entity such as an individual or a group).
	* This set of allowed permissions is calculated as follows:
	* <UL>
	* <LI>If there is no entry in this Access Control List for the specified
	* principal, an empty permission set is returned.</LI>
	* <LI>Otherwise, the principal's group permission sets are determined.
	* (A principal can belong to one or more groups, where a group is a group
	* of principals, represented by the Group interface.)</LI>
	* </UL>
	* @param user the principal whose permission set is to be returned.
	* @return the permission set specifying the permissions the principal
	* is allowed.
	* @see java.security.Principal
	*/
	@Override
	public Enumeration<Permission> getPermissions(Principal user){
	Vector<Permission> empty = new Vector<>();
	for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
	AclEntry ent = e.nextElement();
	if (ent.getPrincipal().equals(user))
	return ent.permissions();
	}
	return empty.elements();
	}

	/**
	* Returns an enumeration of the entries in this ACL. Each element in the
	* enumeration is of type AclEntry.
	*
	* @return an enumeration of the entries in this ACL.
	*/
	@Override
	public Enumeration<AclEntry> entries(){
	return entryList.elements();
	}

	/**
	* Checks whether or not the specified principal has the specified
	* permission.
	* If it does, true is returned, otherwise false is returned.
	* More specifically, this method checks whether the passed permission
	* is a member of the allowed permission set of the specified principal.
	* The allowed permission set is determined by the same algorithm as is
	* used by the getPermissions method.
	*
	* @param user the principal, assumed to be a valid authenticated Principal.
	* @param perm the permission to be checked for.
	* @return true if the principal has the specified permission,
	* false otherwise.
	* @see java.security.Principal
	* @see java.security.Permission
	*/
	@Override
	public boolean checkPermission(Principal user,
	java.security.acl.Permission perm) {
	for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
	AclEntry ent = e.nextElement();
	if (ent.getPrincipal().equals(user))
	if (ent.checkPermission(perm)) return true;
	}
	return false;
	}

	/**
	* Checks whether or not the specified principal has the specified
	* permission.
	* If it does, true is returned, otherwise false is returned.
	* More specifically, this method checks whether the passed permission
	* is a member of the allowed permission set of the specified principal.
	* The allowed permission set is determined by the same algorithm as is
	* used by the getPermissions method.
	*
	* @param user the principal, assumed to be a valid authenticated Principal.
	* @param community the community name associated with the principal.
	* @param perm the permission to be checked for.
	* @return true if the principal has the specified permission, false
	* otherwise.
	* @see java.security.Principal
	* @see java.security.Permission
	*/
	public boolean checkPermission(Principal user, String community,
	java.security.acl.Permission perm) {
	for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
	AclEntryImpl ent = (AclEntryImpl) e.nextElement();
	if (ent.getPrincipal().equals(user))
	if (ent.checkPermission(perm) && ent.checkCommunity(community)) return true;
	}
	return false;
	}

	/**
	* Checks whether or not the specified community string is defined.
	*
	* @param community the community name associated with the principal.
	*
	* @return true if the specified community string is defined, false
	* otherwise.
	* @see java.security.Principal
	* @see java.security.Permission
	*/
	public boolean checkCommunity(String community) {
	for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
	AclEntryImpl ent = (AclEntryImpl) e.nextElement();
	if (ent.checkCommunity(community)) return true;
	}
	return false;
	}

	/**
	* Returns a string representation of the ACL contents.
	*
	* @return a string representation of the ACL contents.
	*/
	@Override
	public String toString(){
	return ("AclImpl: "+ getName());
	}
	}

Back to index...