BEA Systems, Inc.

WebLogic Server 5.1.0 API Reference
Class URLAcl


public class URLAcl
extends AclImpl associates an Owner Principal with a vector of AclEntryImpls and is keyed into the Realm by a specific Acl name. AclEntry maps a set of Permissions to a single Principal. The Acl contains at most one positive and one negative AclEntry for every Principal in its care.

URLAcl is the sole Acl for all URL Permissions in the server. It uses a default vector of AclEntryImpls, which contain the PermissionImpls.

Both positive and negative AclEntryImpls are supported. PermissionImpl Strings for the URLAcl should take a form similar to the String formatting:

The more specific the Entry, the higher the priority. NOTE: Assumes case-sensitive file names.

Copyright (c) 2000. BEA Systems, Inc. All Rights Reserved.
See Also:
Serialized Form

Field Summary
static char SEPERATOR_CHAR
static java.lang.String theName
Constructor Summary
URLAcl( p, java.lang.String name)
Method Summary
 boolean checkPermission( p, perm)
          Checks if Principal p is allowed to access perm, where perm is a file.
 void setName( caller, java.lang.String newName)
          WebLogic Server uses one URLAcl named 'weblogic.url' for all URL access.
Methods inherited from class
addEntry, entries, getName, getPermission, getPermissions, removeEntry, toString
Methods inherited from class
addOwner, deleteOwner, isOwner
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail


public static final java.lang.String theName


public static final char SEPERATOR_CHAR
Constructor Detail


public URLAcl( p,
              java.lang.String name)

p - Owner of this ACL
name - Name of this ACL (not used)
Method Detail


public void setName( caller,
                    java.lang.String newName)
WebLogic Server uses one URLAcl named 'weblogic.url' for all URL access. This name cannot be changed.

caller - URLAcl owner
newName - new Name for the URLAcl.
java.lang.SecurityException - - if the caller is not the owner of the Acl.
setName in class AclImpl


public boolean checkPermission( p,
Checks if Principal p is allowed to access perm, where perm is a file. This check is performed from the least specific to the most specific permission. The check is a little different for files and directories. For example:

When checking for access to a file:


The following checks are performed:

    /myfiles/test/test.html/ <-- check for access to directory without 
    /myfiles/test/*              trailing 'SEPERATOR_CHAR'

When checking for access to a directory:


The following checks will be performed:


The checks terminate when a permission is encountered that either explicitly allows or explicitly denys the access. If there are no permissions that explicitly allow or deny the access, the access is denied by default.

p - User or Group to test
perm - file path to check
checkPermission in class AclImpl

Documentation is available at