| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||||
| Acl |
|
| 1.0;1 |
| 1 | /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited |
|
| 2 | * |
|
| 3 | * Licensed under the Apache License, Version 2.0 (the "License"); |
|
| 4 | * you may not use this file except in compliance with the License. |
|
| 5 | * You may obtain a copy of the License at |
|
| 6 | * |
|
| 7 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
| 8 | * |
|
| 9 | * Unless required by applicable law or agreed to in writing, software |
|
| 10 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
| 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
| 12 | * See the License for the specific language governing permissions and |
|
| 13 | * limitations under the License. |
|
| 14 | */ |
|
| 15 | package org.acegisecurity.acls; |
|
| 16 | ||
| 17 | import org.acegisecurity.acls.objectidentity.ObjectIdentity; |
|
| 18 | import org.acegisecurity.acls.sid.Sid; |
|
| 19 | ||
| 20 | import java.io.Serializable; |
|
| 21 | ||
| 22 | ||
| 23 | /** |
|
| 24 | * Represents an access control list (ACL) for a domain object. |
|
| 25 | * |
|
| 26 | * <p> |
|
| 27 | * An <code>Acl</code> represents all ACL entries for a given domain object. In |
|
| 28 | * order to avoid needing references to the domain object itself, this |
|
| 29 | * interface handles indirection between a domain object and an ACL object |
|
| 30 | * identity via the {@link |
|
| 31 | * org.acegisecurity.acls.objectidentity.ObjectIdentity} interface. |
|
| 32 | * </p> |
|
| 33 | * |
|
| 34 | * <p> |
|
| 35 | * An implementation represents the {@link org.acegisecurity.acls.Permission} |
|
| 36 | * list applicable for some or all {@link org.acegisecurity.acls.sid.Sid} |
|
| 37 | * instances. |
|
| 38 | * </p> |
|
| 39 | * |
|
| 40 | * @author Ben Alex |
|
| 41 | * @version $Id: Acl.java 1784 2007-02-24 21:00:24Z luke_t $ |
|
| 42 | */ |
|
| 43 | public interface Acl extends Serializable { |
|
| 44 | //~ Methods ======================================================================================================== |
|
| 45 | ||
| 46 | /** |
|
| 47 | * Returns all of the entries represented by the present <code>Acl</code> (not parents).<p>This method is |
|
| 48 | * typically used for administrative purposes.</p> |
|
| 49 | * <p>The order that entries appear in the array is unspecified. However, if implementations use |
|
| 50 | * particular ordering logic in authorization decisions, the entries returned by this method <em>MUST</em> be |
|
| 51 | * ordered in that manner.</p> |
|
| 52 | * <p>Do <em>NOT</em> use this method for making authorization decisions. Instead use {@link |
|
| 53 | * #isGranted(Permission[], Sid[], boolean)}.</p> |
|
| 54 | * <p>This method must operate correctly even if the <code>Acl</code> only represents a subset of |
|
| 55 | * <code>Sid</code>s. The caller is responsible for correctly handling the result if only a subset of |
|
| 56 | * <code>Sid</code>s is represented.</p> |
|
| 57 | * |
|
| 58 | * @return the list of entries represented by the <code>Acl</code> |
|
| 59 | */ |
|
| 60 | AccessControlEntry[] getEntries(); |
|
| 61 | ||
| 62 | /** |
|
| 63 | * Obtains the domain object this <code>Acl</code> provides entries for. This is immutable once an |
|
| 64 | * <code>Acl</code> is created. |
|
| 65 | * |
|
| 66 | * @return the object identity |
|
| 67 | */ |
|
| 68 | ObjectIdentity getObjectIdentity(); |
|
| 69 | ||
| 70 | /** |
|
| 71 | * Determines the owner of the <code>Acl</code>. The meaning of ownership varies by implementation and is |
|
| 72 | * unspecified. |
|
| 73 | * |
|
| 74 | * @return the owner (may be null if the implementation does not use ownership concepts) |
|
| 75 | */ |
|
| 76 | Sid getOwner(); |
|
| 77 | ||
| 78 | /** |
|
| 79 | * A domain object may have a parent for the purpose of ACL inheritance. If there is a parent, its ACL can |
|
| 80 | * be accessed via this method. In turn, the parent's parent (grandparent) can be accessed and so on.<p>This |
|
| 81 | * method solely represents the presence of a navigation hierarchy between the parent <code>Acl</code> and this |
|
| 82 | * <code>Acl</code>. For actual inheritance to take place, the {@link #isEntriesInheriting()} must also be |
|
| 83 | * <code>true</code>.</p> |
|
| 84 | * <p>This method must operate correctly even if the <code>Acl</code> only represents a subset of |
|
| 85 | * <code>Sid</code>s. The caller is responsible for correctly handling the result if only a subset of |
|
| 86 | * <code>Sid</code>s is represented.</p> |
|
| 87 | * |
|
| 88 | * @return the parent <code>Acl</code> |
|
| 89 | */ |
|
| 90 | Acl getParentAcl(); |
|
| 91 | ||
| 92 | /** |
|
| 93 | * Indicates whether the ACL entries from the {@link #getParentAcl()} should flow down into the current |
|
| 94 | * <code>Acl</code>.<p>The mere link between an <code>Acl</code> and a parent <code>Acl</code> on its own |
|
| 95 | * is insufficient to cause ACL entries to inherit down. This is because a domain object may wish to have entirely |
|
| 96 | * independent entries, but maintain the link with the parent for navigation purposes. Thus, this method denotes |
|
| 97 | * whether or not the navigation relationship also extends to the actual inheritence of entries.</p> |
|
| 98 | * |
|
| 99 | * @return <code>true</code> if parent ACL entries inherit into the current <code>Acl</code> |
|
| 100 | */ |
|
| 101 | boolean isEntriesInheriting(); |
|
| 102 | ||
| 103 | /** |
|
| 104 | * This is the actual authorization logic method, and must be used whenever ACL authorization decisions are |
|
| 105 | * required.<p>An array of <code>Sid</code>s are presented, representing security identifies of the current |
|
| 106 | * principal. In addition, an array of <code>Permission</code>s is presented which will have one or more bits set |
|
| 107 | * in order to indicate the permissions needed for an affirmative authorization decision. An array is presented |
|
| 108 | * because holding <em>any</em> of the <code>Permission</code>s inside the array will be sufficient for an |
|
| 109 | * affirmative authorization.</p> |
|
| 110 | * <p>The actual approach used to make authorization decisions is left to the implementation and is not |
|
| 111 | * specified by this interface. For example, an implementation <em>MAY</em> search the current ACL in the order |
|
| 112 | * the ACL entries have been stored. If a single entry is found that has the same active bits as are shown in a |
|
| 113 | * passed <code>Permission</code>, that entry's grant or deny state may determine the authorization decision. If |
|
| 114 | * the case of a deny state, the deny decision will only be relevant if all other <code>Permission</code>s passed |
|
| 115 | * in the array have also been unsuccessfully searched. If no entry is found that match the bits in the current |
|
| 116 | * ACL, provided that {@link #isEntriesInheriting()} is <code>true</code>, the authorization decision may be |
|
| 117 | * passed to the parent ACL. If there is no matching entry, the implementation MAY throw an exception, or make a |
|
| 118 | * predefined authorization decision.</p> |
|
| 119 | * <p>This method must operate correctly even if the <code>Acl</code> only represents a subset of |
|
| 120 | * <code>Sid</code>s.</p> |
|
| 121 | * |
|
| 122 | * @param permission the permission or permissions required |
|
| 123 | * @param sids the security identities held by the principal |
|
| 124 | * @param administrativeMode if <code>true</code> denotes the query is for administrative purposes and no logging |
|
| 125 | * or auditing (if supported by the implementation) should be undertaken |
|
| 126 | * |
|
| 127 | * @return <code>true</code> is authorization is granted |
|
| 128 | * |
|
| 129 | * @throws NotFoundException MUST be thrown if an implementation cannot make an authoritative authorization |
|
| 130 | * decision, usually because there is no ACL information for this particular permission and/or SID |
|
| 131 | * @throws UnloadedSidException thrown if the <code>Acl</code> does not have details for one or more of the |
|
| 132 | * <code>Sid</code>s passed as arguments |
|
| 133 | */ |
|
| 134 | boolean isGranted(Permission[] permission, Sid[] sids, boolean administrativeMode) |
|
| 135 | throws NotFoundException, UnloadedSidException; |
|
| 136 | ||
| 137 | /** |
|
| 138 | * For efficiency reasons an <code>Acl</code> may be loaded and <em>not</em> contain entries for every |
|
| 139 | * <code>Sid</code> in the system. If an <code>Acl</code> has been loaded and does not represent every |
|
| 140 | * <code>Sid</code>, all methods of the <code>Sid</code> can only be used within the limited scope of the |
|
| 141 | * <code>Sid</code> instances it actually represents. |
|
| 142 | * <p> |
|
| 143 | * It is normal to load an <code>Acl</code> for only particular <code>Sid</code>s if read-only authorization |
|
| 144 | * decisions are being made. However, if user interface reporting or modification of <code>Acl</code>s are |
|
| 145 | * desired, an <code>Acl</code> should be loaded with all <code>Sid</code>s. This method denotes whether or |
|
| 146 | * not the specified <code>Sid</code>s have been loaded or not. |
|
| 147 | * </p> |
|
| 148 | * |
|
| 149 | * @param sids one or more security identities the caller is interest in knowing whether this <code>Sid</code> |
|
| 150 | * supports |
|
| 151 | * |
|
| 152 | * @return <code>true</code> if every passed <code>Sid</code> is represented by this <code>Acl</code> instance |
|
| 153 | */ |
|
| 154 | boolean isSidLoaded(Sid[] sids); |
|
| 155 | } |