Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.redhat.rhn.common.security.acl
Class Acl

java.lang.Object
  extended by com.redhat.rhn.common.security.acl.Acl

public class Acl
extends java.lang.Object

Class for handling ACLs. Register AclHandlers with this class with Acl(String[]) and/or registerHandler(String). AclHandler implementations must have a no-arg constructor. AclHandler methods that begin with the prefix "acl" and have a signature like the following are registered as ACL handler methods that can be referenced in ACL strings. 

     public boolean aclXXXX(Object context, String params[]);
or 
     public static boolean aclXXXX(Object context, String params[]);
The handlers can then be referred to in ACL strings when evalAcl(java.lang.Object, java.lang.String) is called.

ACL strings take the form: 

  ACL         := EXPRESSION [; EXPRESSION; ]+
  EXPRESSION  := STATEMENT [ OR STATEMENT ]+
A semicolon separating expressions implies an AND operation.

An expression uses AclHandlers registered through Acl(String[]) and/or registerHandler(String). ACL method names are changed to ACL handler names referenceable in expression using the following translation algorithm:

More examples:
Method Name ACL Handler Name
aclFooBar foo_bar
aclTestSomeValuetest_some_value
aclCheckXML check_xml
aclCheckXMLFilecheck_xml_file
aclXMLCheckxml_check
The following demonstrates the use of the Acl class: 
  Map context = new HashMap();
  context.put("thingamajig", "foo");
  context.put("doodad", "bar");
  context.put("widget", "baz");

  ...

  // we can register a default handler with the constructor that takes
  // an array of fully-qualified AclHandler implementations
  Acl acl = new Acl(
    new String[]{"com.redhat.rhn.security.acl.handlers.DefaultHandler"});

  // and later register additional handlers
  acl.registerHandler("com.redhat.rhn.security.acl.handlers.MyHandler");

  // all will return true
  boolean result = acl.evalAcl(context, "has_thingamajig(foo)");
  result = acl.evalAcl(context, "has_doodad(bar)");
  result = acl.evalAcl(context, "has_widget(baz)");
DefaultHandler: 
  package com.redhat.rhn.security.acl.handlers;

  import com.rhn.redhat.security.acl.AclHandler;

  public class DefaultHandler implements AclHandler {
      // return true if the context has the specified thingamajig
      public boolean aclHasThingmajig(Object context, String[] params) {
          Map map = (Map)context;
          String thingamajig = (String)map.get("thingamajig");
          return thingamajig.equals(params[0]);
      }
  }
MyHandler: 
  package com.redhat.rhn.security.acl.handlers;

  import com.rhn.redhat.security.acl.AclHandler;

  public class MyHandler implements AclHandler {
      // return true if the context has the specified doodad
      public boolean aclHasDooDad(Object context, String[] params) {
          Map map = (Map)context;
          String doodad = (String)map.get("doodad");
          return doodad.equals(params[0]);
      }
      // return true if the context has the specified widget
      public boolean aclHasWidget(Object context, String[] params) {
          Map map = (Map)context;
          String widget = (String)map.get("widget");
          return widget.equals(params[0]);
      }
  }

Constructor Summary
Acl()
          Constructor for a new Acl instance without any default ACL handlers.
Acl(java.lang.String[] defaultHandlerClasses)
          Creates a new Acl instance with the specified default ACL handler classes.
 
Method Summary
 boolean evalAcl(java.lang.Object context, java.lang.String acl)
          Evaluates an ACL string within a given context.
 java.util.TreeSet getAclHandlerNames()
          Returns the set of registered ACL handler names.
 void registerHandler(AclHandler aclHandler)
          Register an AclHandler.
 void registerHandler(java.lang.Class aclClazz)
          Register an AclHandler class.
 void registerHandler(java.lang.String aclClassname)
          Register an AclHandler class.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Acl

public Acl()
Constructor for a new Acl instance without any default ACL handlers.

Acl

public Acl(java.lang.String[] defaultHandlerClasses)
Creates a new Acl instance with the specified default ACL handler classes.

Parameters:
defaultHandlerClasses - an array of handler classes. Each entry must be a fully-qualified name of an implementation of AclHandler
See Also:
registerHandler(String), registerHandler(Class), registerHandler(AclHandler)
Method Detail

registerHandler

public void registerHandler(java.lang.String aclClassname)
Register an AclHandler class.

Parameters:
aclClassname - fully-qualified classname of an AclHandler implementation
See Also:
registerHandler(AclHandler)

registerHandler

public void registerHandler(java.lang.Class aclClazz)
Register an AclHandler class.

Parameters:
aclClazz - an AclHandler implementation
See Also:
registerHandler(AclHandler)

registerHandler

public void registerHandler(AclHandler aclHandler)
Register an AclHandler. All methods with the valid signature will be registered. 
     public boolean aclXXX(Object, String[])
or 
     public static boolean aclXXX(Object, String[])
Methods without the "acl" prefix are ignored. If a method begins with the "acl" prefix but the method signature is invalid, a warning is logged and the method is ignored.

Parameters:
aclHandler - AclHandler

getAclHandlerNames

public java.util.TreeSet getAclHandlerNames()
Returns the set of registered ACL handler names.

Returns:
set of handler names usable in an ACL string

evalAcl

public boolean evalAcl(java.lang.Object context,
                       java.lang.String acl)
Evaluates an ACL string within a given context. See class description for sample usage.

Parameters:
context - context in which the acl string is evaluated
acl - the ACL string.
Returns:
true if the ACL string and given context allow access, false otherwise
See Also:
AclHandler
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD