|
BEA Systems, Inc. | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--weblogic.security.acl.OwnerImpl | +--weblogic.security.acl.AclImpl | +--weblogic.security.acl.URLAcl
weblogic.security.acl.AclImpl associates an Owner Principal with a vector of AclEntryImpls and is keyed into the Realm by a specific Acl name. AclEntry maps a set of Permissions to a single Principal. The Acl contains at most one positive and one negative AclEntry for every Principal in its care.
URLAcl is the sole Acl for all URL Permissions in the server. It uses a default vector of AclEntryImpls, which contain the PermissionImpls.
Both positive and negative AclEntryImpls are supported. PermissionImpl Strings for the URLAcl should take a form similar to the java.io.FilePermission String formatting:
http://java.sun.com/products/jdk/1.2/docs/api/java/io/FilePermission.html
The more specific the Entry, the higher the priority. NOTE: Assumes case-sensitive file names.
Field Summary | |
static char |
SEPERATOR_CHAR
|
static java.lang.String |
theName
|
Constructor Summary | |
URLAcl(java.security.Principal p,
java.lang.String name)
|
Method Summary | |
boolean |
checkPermission(java.security.Principal p,
java.security.acl.Permission perm)
Checks if Principal p is allowed to access perm, where perm is a file. |
void |
setName(java.security.Principal caller,
java.lang.String newName)
WebLogic Server uses one URLAcl named 'weblogic.url' for all URL access. |
Methods inherited from class weblogic.security.acl.AclImpl |
addEntry,
entries,
getName,
getPermission,
getPermissions,
removeEntry,
toString |
Methods inherited from class weblogic.security.acl.OwnerImpl |
addOwner,
deleteOwner,
isOwner |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
wait,
wait,
wait |
Field Detail |
public static final java.lang.String theName
public static final char SEPERATOR_CHAR
Constructor Detail |
public URLAcl(java.security.Principal p, java.lang.String name)
p
- Owner of this ACLname
- Name of this ACL (not used)Method Detail |
public void setName(java.security.Principal caller, java.lang.String newName) throws java.security.acl.NotOwnerException
caller
- URLAcl ownernewName
- new Name for the URLAcl.public boolean checkPermission(java.security.Principal p, java.security.acl.Permission perm)
When checking for access to a file:
/myfiles/test/test.html
The following checks are performed:
/myfiles/test/test.html /myfiles/test/test.html/ <-- check for access to directory without /myfiles/test/* trailing 'SEPERATOR_CHAR' /myfiles/test/- /myfiles/- -
When checking for access to a directory:
/myfiles/test/testdir/ /myfiles/test/testdir
The following checks will be performed:
/myfiles/test/testdir/ /myfiles/test/* /myfiles/test/- /myfiles/- -
The checks terminate when a permission is encountered that either explicitly allows or explicitly denys the access. If there are no permissions that explicitly allow or deny the access, the access is denied by default.
p
- User or Group to testperm
- file path to check
|
Documentation is available at http://www.weblogic.com/docs51 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |