/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package java.security.acl; import java.security.Principal; import java.util.Enumeration; /** * The Access Control List (ACL) interface definition. *
* An ACL is a set of {@link AclEntry} objects. *
* An {@code AclEntry} is a list of {@link Permission}s that are granted * (positive) or denied * (negative) to a {@link Principal}. *
* An {@code Acl} has a list of owners ({@link Owner}) which are principals as * well {@code Principal}. Only those principals which are the {@code Acl}'s * owners are allowed to modify the {@code * Acl}. *
* The ACL has to conform to the following rules: *
* If the ACL already has an {@code AclEntry} of the same type ( * positive or negative) and principal, then the new entry is not added. * * @param caller * the invoking {@code Principal}. * @param entry * the ACL entry to add. * @return {@code true} if the entry is added, {@code false} if there is * already an entry of the same type for the same principal * @throws NotOwnerException * if the invoking {@code Principal} is not an owner of this * ACL. */ boolean addEntry(Principal caller, AclEntry entry) throws NotOwnerException; /** * Removes an {@code AclEntry} from this ACL instance. * * @param caller * the invoking {@code Principal}. * @param entry * the ACL entry to remove. * @return {@code true} if the entry is removed, {@code false} if the entry * is not in this ACL. * @throws NotOwnerException * if the invoking {@code Principal} is not an owner of this * ACL. */ boolean removeEntry(Principal caller, AclEntry entry) throws NotOwnerException; /** * Returns the set of allowed permissions for the specified {@code * Principal}. *
* If the specified principal has no entry in this ACL, an empty set is * returned. *
* The allowed permissions are collected according to the following rules: *
* The list of granted permissions is determined according to the rules * specified by {@code getPermissions}. * * @param principal * the principal the check the permissions for. * @param permission * the permission to check for the principal. * @return {@code true} if the principal is granted the permission, * otherwise {@code false}. * @see #getPermissions(Principal) */ boolean checkPermission(Principal principal, Permission permission); /** * Returns the string representation of this ACL. * * @return the string representation of this ACL. */ String toString(); }