File Doc Category Size Date Package
Acl.java API Doc Android 1.5 API 6911 Wed May 06 22:41:06 BST 2009 java.security.acl

Acl

public interface Acl implements Owner

The Access Control List (ACL) interface definition.

An ACL is a set of {@link AclEntry} objects.

An {@code AclEntry} is a list of {@link Permission}s that are granted (positive) or denied (negative) to a {@link Principal}.

An {@code Acl} has a list of owners ({@link Owner}) which are principals as well {@code Principal}. Only those principals which are the {@code Acl}'s owners are allowed to modify the {@code Acl}.

The ACL has to conform to the following rules:

For each {@code Principal} there can be only one positive and one negative {@code AclEntry}.
If the two {@code AclEntry}'s (positive and negative) for a specific {@code Principal} grant and deny the same {@code Permission} to that {@code Principal}, then that {@code Permission} is treated as neither granted nor denied to that {@code Principal}.
Permissions associated with an individual {@code Principal} always override permissions of the group(s) to which the individual belongs.
If there is no {@code AclEntry} associated with a specific {@code Principal}, then it is interpreted as an empty list of permissions.

since: Android 1.0

Fields Summary
Constructors Summary
Methods Summary
public boolean addEntry(java.security.Principal caller, AclEntry entry)
Adds an {@code AclEntry} to this ACL instance.
If the ACL already has an {@code AclEntry} of the same type ( positive or negative) and principal, then the new entry is not added.
param
caller the invoking {@code Principal}.
param
entry the ACL entry to add.
return
{@code true} if the entry is added, {@code false} if there is already an entry of the same type for the same principal
throws
NotOwnerException if the invoking {@code Principal} is not an owner of this ACL.
since
Android 1.0
public boolean checkPermission(java.security.Principal principal, Permission permission)
Checks whether the specified principal is granted the specified permission.
The list of granted permissions is determined according to the rules specified by {@code getPermissions}.
param
principal the principal the check the permissions for.
param
permission the permission to check for the principal.
return
{@code true} if the principal is granted the permission, otherwise {@code false}.
see
#getPermissions(Principal)
since
Android 1.0
public java.util.Enumeration entries()
Returns an {@code Enumeration} of the {@code AclEntry} of this ACL.
return
an {@code Enumeration} of the {@code AclEntry} of this ACL.
since
Android 1.0
public java.lang.String getName()
Returns the name of this ACL instance.
return
the name of this ACL instance.
since
Android 1.0
public java.util.Enumeration getPermissions(java.security.Principal user)
Returns the set of allowed permissions for the specified {@code Principal}.
If the specified principal has no entry in this ACL, an empty set is returned.

The allowed permissions are collected according to the following rules:

The two permission lists (positive and negative) of the principal's groups ({@link Group}) are collected. The positive (granted) permissions are the union of all group's positive permissions that the principal belongs to, the negative (denied) permissions are the union of all group's negative permissions that the principal belongs to. If a specific permission is in both the positive and the negative list, it is removed from both lists.

The individual permissions (positive and negative) of the principal override the group permissions. The positive individual permissions override the group's negative permissions and the negative individual permissions override the grpup's positive permissions.

param
user the principal to get the allowed permissions for.
return
the set of allowed permissions for the specified principal.
since
Android 1.0
public boolean removeEntry(java.security.Principal caller, AclEntry entry)
Removes an {@code AclEntry} from this ACL instance.
param
caller the invoking {@code Principal}.
param
entry the ACL entry to remove.
return
{@code true} if the entry is removed, {@code false} if the entry is not in this ACL.
throws
NotOwnerException if the invoking {@code Principal} is not an owner of this ACL.
since
Android 1.0
public void setName(java.security.Principal caller, java.lang.String name)
Sets the name of this ACL instance.
param
caller the invoking {@code Principal}.
param
name the name to be set.
throws
NotOwnerException if the invoking {@code Principal} is not an owner of this ACL.
since
Android 1.0
public java.lang.String toString()
Returns the string representation of this ACL.
return
the string representation of this ACL.
since
Android 1.0