// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.acls;
import java.util.Enumeration;
import java.util.Vector;
/**
* A class represents an access control list (ACL). An ACL
* is associated with an protected resources. The policy
* enforcer can verify the ACLs with the current
* context to see if the corresponding resource is accessible.
*
* An ACL
may contain one or more ACLEntry
. However, in case of multiple ACLEntry
* , a subject must pass ALL of the ACLEntry
evaluation for permission to be granted
*
*
* @version $Revision$, $Date$
*/
public class ACL implements IACL, java.io.Serializable {
/**
*
*/
private static final long serialVersionUID = -1867465948611161868L;
protected Vector mEntries = new Vector(); // ACL entries
protected Vector mRights = null; // possible rights entries
protected String mResourceACLs = null; // exact resourceACLs string on ldap server
protected String mName = null; // resource name
protected String mDescription = null; // resource description
/**
* Class constructor.
*/
public ACL() {
}
/**
* Class constructor.
* Constructs an access control list associated
* with a resource name
*
* @param name resource name
* @param rights applicable rights defined for this resource
* @param resourceACLs the entire ACL specification. For example:
* "certServer.log.configuration:read,modify:
* allow (read,modify)
* group=\"Administrators\":
* Allow administrators to read and modify log
* configuration"
*/
public ACL(String name, Vector rights, String resourceACLs) {
setName(name);
if (rights != null) {
mRights = rights;
} else {
mRights = new Vector();
}
mResourceACLs = resourceACLs;
}
/**
* Sets the name of the resource governed by this
* access control.
*
* @param name name of the resource
*/
public void setName(String name) {
mName = name;
}
/**
* Retrieves the name of the resource governed by
* this access control.
*
* @return name of the resource
*/
public String getName() {
return mName;
}
/**
* Retrieves the exact string of the resourceACLs
*
* @return resource's acl
*/
public String getResourceACLs() {
return mResourceACLs;
}
/**
* Sets the description of the resource governed by this
* access control.
*
* @param description Description of the protected resource
*/
public void setDescription(String description) {
mDescription = description;
}
/**
* Retrieves the description of the resource governed by
* this access control.
*
* @return Description of the protected resource
*/
public String getDescription() {
return mDescription;
}
/**
* Adds an ACL entry to this list.
*
* @param entry the ACLEntry
to be added to this resource
*/
public void addEntry(ACLEntry entry) {
mEntries.addElement(entry);
}
/**
* Returns ACL entries.
*
* @return enumeration for the ACLEntry
vector
*/
public Enumeration entries() {
return mEntries.elements();
}
/**
* Returns the string reprsentation.
*
* @return the string representation of the ACL entries in the
* following format:
* [,,...]
*/
public String toString() {
StringBuffer entries = new StringBuffer();
Enumeration e = entries();
for (; e.hasMoreElements();) {
ACLEntry entry = e.nextElement();
entries.append(entry.toString());
if (e.hasMoreElements())
entries.append(",");
}
return getName() + "[" + entries.toString() + "]";
}
/**
* Adds an rights entry to this list.
*
* @param right The right to be added for this ACL
*/
public void addRight(String right) {
mRights.addElement(right);
}
/**
* Tells if the permission is one of the defined "rights"
*
* @param permission permission to be checked
* @return true if it's one of the "rights"; false otherwise
*/
public boolean checkRight(String permission) {
return mRights.contains(permission);
}
/**
* Returns rights entries.
*
* @return enumeration of rights defined for this ACL
*/
public Enumeration rights() {
return mRights.elements();
}
}