// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.acls; import java.util.Enumeration; import java.util.Vector; /** * A class represents an access control list (ACL). An ACL is associated with an * protected resources. The policy enforcer can verify the ACLs with the current * context to see if the corresponding resource is accessible. *
* An ACL
may contain one or more ACLEntry
. However,
* in case of multiple ACLEntry
, a subject must pass ALL of the
* ACLEntry
evaluation for permission to be granted
*
*
* @version $Revision$, $Date$
*/
public class ACL implements IACL, java.io.Serializable {
/**
*
*/
private static final long serialVersionUID = -1867465948611161868L;
protected Vector mEntries = new Vector(); // ACL entries
protected Vector mRights = null; // possible rights entries
protected String mResourceACLs = null; // exact resourceACLs string on ldap
// server
protected String mName = null; // resource name
protected String mDescription = null; // resource description
/**
* Class constructor.
*/
public ACL() {
}
/**
* Class constructor. Constructs an access control list associated with a
* resource name
*
* @param name resource name
* @param rights applicable rights defined for this resource
* @param resourceACLs the entire ACL specification. For example:
* "certServer.log.configuration:read,modify: allow (read,modify)
* group=\"Administrators\": Allow administrators to read and
* modify log configuration"
*/
public ACL(String name, Vector rights, String resourceACLs) {
setName(name);
if (rights != null) {
mRights = rights;
} else {
mRights = new Vector();
}
mResourceACLs = resourceACLs;
}
/**
* Sets the name of the resource governed by this access control.
*
* @param name name of the resource
*/
public void setName(String name) {
mName = name;
}
/**
* Retrieves the name of the resource governed by this access control.
*
* @return name of the resource
*/
public String getName() {
return mName;
}
/**
* Retrieves the exact string of the resourceACLs
*
* @return resource's acl
*/
public String getResourceACLs() {
return mResourceACLs;
}
/**
* Sets the description of the resource governed by this access control.
*
* @param description Description of the protected resource
*/
public void setDescription(String description) {
mDescription = description;
}
/**
* Retrieves the description of the resource governed by this access
* control.
*
* @return Description of the protected resource
*/
public String getDescription() {
return mDescription;
}
/**
* Adds an ACL entry to this list.
*
* @param entry the ACLEntry
to be added to this resource
*/
public void addEntry(ACLEntry entry) {
mEntries.addElement(entry);
}
/**
* Returns ACL entries.
*
* @return enumeration for the ACLEntry
vector
*/
public Enumeration entries() {
return mEntries.elements();
}
/**
* Returns the string reprsentation.
*
* @return the string representation of the ACL entries in the following
* format: