1 /* 2 * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 package sun.security.acl; 26 27 import java.util.*; 28 import java.security.Principal; 29 import java.security.acl.*; 30 31 /** 32 * This is a class that describes one entry that associates users 33 * or groups with permissions in the ACL. 34 * The entry may be used as a way of granting or denying permissions. 35 * @author Satish Dharmaraj 36 */ 37 public class AclEntryImpl implements AclEntry { 38 private Principal user = null; 39 private Vector<Permission> permissionSet = new Vector<>(10, 10); 40 private boolean negative = false; 41 42 /** 43 * Construct an ACL entry that associates a user with permissions 44 * in the ACL. 45 * @param user The user that is associated with this entry. 46 */ AclEntryImpl(Principal user)47 public AclEntryImpl(Principal user) { 48 this.user = user; 49 } 50 51 /** 52 * Construct a null ACL entry 53 */ AclEntryImpl()54 public AclEntryImpl() { 55 } 56 57 /** 58 * Sets the principal in the entity. If a group or a 59 * principal had already been set, a false value is 60 * returned, otherwise a true value is returned. 61 * @param user The user that is associated with this entry. 62 * @return true if the principal is set, false if there is 63 * one already. 64 */ setPrincipal(Principal user)65 public boolean setPrincipal(Principal user) { 66 if (this.user != null) 67 return false; 68 this.user = user; 69 return true; 70 } 71 72 /** 73 * This method sets the ACL to have negative permissions. 74 * That is the user or group is denied the permission set 75 * specified in the entry. 76 */ setNegativePermissions()77 public void setNegativePermissions() { 78 negative = true; 79 } 80 81 /** 82 * Returns true if this is a negative ACL. 83 */ isNegative()84 public boolean isNegative() { 85 return negative; 86 } 87 88 /** 89 * A principal or a group can be associated with multiple 90 * permissions. This method adds a permission to the ACL entry. 91 * @param permission The permission to be associated with 92 * the principal or the group in the entry. 93 * @return true if the permission was added, false if the 94 * permission was already part of the permission set. 95 */ addPermission(Permission permission)96 public boolean addPermission(Permission permission) { 97 98 if (permissionSet.contains(permission)) 99 return false; 100 101 permissionSet.addElement(permission); 102 103 return true; 104 } 105 106 /** 107 * The method disassociates the permission from the Principal 108 * or the Group in this ACL entry. 109 * @param permission The permission to be disassociated with 110 * the principal or the group in the entry. 111 * @return true if the permission is removed, false if the 112 * permission is not part of the permission set. 113 */ removePermission(Permission permission)114 public boolean removePermission(Permission permission) { 115 return permissionSet.removeElement(permission); 116 } 117 118 /** 119 * Checks if the passed permission is part of the allowed 120 * permission set in this entry. 121 * @param permission The permission that has to be part of 122 * the permission set in the entry. 123 * @return true if the permission passed is part of the 124 * permission set in the entry, false otherwise. 125 */ checkPermission(Permission permission)126 public boolean checkPermission(Permission permission) { 127 return permissionSet.contains(permission); 128 } 129 130 /** 131 * return an enumeration of the permissions in this ACL entry. 132 */ permissions()133 public Enumeration<Permission> permissions() { 134 return permissionSet.elements(); 135 } 136 137 /** 138 * Return a string representation of the contents of the ACL entry. 139 */ toString()140 public String toString() { 141 StringBuffer s = new StringBuffer(); 142 if (negative) 143 s.append("-"); 144 else 145 s.append("+"); 146 if (user instanceof Group) 147 s.append("Group."); 148 else 149 s.append("User."); 150 s.append(user + "="); 151 Enumeration<Permission> e = permissions(); 152 while(e.hasMoreElements()) { 153 Permission p = e.nextElement(); 154 s.append(p); 155 if (e.hasMoreElements()) 156 s.append(","); 157 } 158 return new String(s); 159 } 160 161 /** 162 * Clones an AclEntry. 163 */ 164 @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly clone()165 public synchronized Object clone() { 166 AclEntryImpl cloned; 167 cloned = new AclEntryImpl(user); 168 cloned.permissionSet = (Vector<Permission>) permissionSet.clone(); 169 cloned.negative = negative; 170 return cloned; 171 } 172 173 /** 174 * Return the Principal associated in this ACL entry. 175 * The method returns null if the entry uses a group 176 * instead of a principal. 177 */ getPrincipal()178 public Principal getPrincipal() { 179 return user; 180 } 181 } 182