WebLogic Server 5.1.0 API Reference

weblogic.security.acl
Class URLAcl

java.lang.Object
  |
  +--weblogic.security.acl.OwnerImpl
        |
        +--weblogic.security.acl.AclImpl
              |
              +--weblogic.security.acl.URLAcl

public class URLAcl

extends AclImpl

weblogic.security.acl.AclImpl associates an Owner Principal with a vector of AclEntryImpls and is keyed into the Realm by a specific Acl name. AclEntry maps a set of Permissions to a single Principal. The Acl contains at most one positive and one negative AclEntry for every Principal in its care.

URLAcl is the sole Acl for all URL Permissions in the server. It uses a default vector of AclEntryImpls, which contain the PermissionImpls.

Both positive and negative AclEntryImpls are supported. PermissionImpl Strings for the URLAcl should take a form similar to the java.io.FilePermission String formatting:

http://java.sun.com/products/jdk/1.2/docs/api/java/io/FilePermission.html

The more specific the Entry, the higher the priority. NOTE: Assumes case-sensitive file names.

Author:

Copyright (c) 2000. BEA Systems, Inc. All Rights Reserved.

See Also:

Serialized Form

Field Summary

static char	SEPERATOR_CHAR
static java.lang.String	theName

Constructor Summary

URLAcl(java.security.Principal p, java.lang.String name)

Method Summary

boolean	checkPermission(java.security.Principal p, java.security.acl.Permission perm) Checks if Principal p is allowed to access perm, where perm is a file.
void	setName(java.security.Principal caller, java.lang.String newName) WebLogic Server uses one URLAcl named 'weblogic.url' for all URL access.

Methods inherited from class weblogic.security.acl.AclImpl

addEntry, entries, getName, getPermission, getPermissions, removeEntry, toString

Methods inherited from class weblogic.security.acl.OwnerImpl

addOwner, deleteOwner, isOwner

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

theName

public static final java.lang.String theName

SEPERATOR_CHAR

public static final char SEPERATOR_CHAR

Constructor Detail

URLAcl

public URLAcl(java.security.Principal p,
              java.lang.String name)

Parameters:

p - Owner of this ACL

name - Name of this ACL (not used)

Method Detail

setName

public void setName(java.security.Principal caller,
                    java.lang.String newName)
             throws java.security.acl.NotOwnerException

WebLogic Server uses one URLAcl named 'weblogic.url' for all URL access. This name cannot be changed.

Parameters:

caller - URLAcl owner

newName - new Name for the URLAcl.

Throws:

java.lang.SecurityException -

java.security.acl.NotOwnerException - if the caller is not the owner of the Acl.

Overrides:

setName in class AclImpl

checkPermission

public boolean checkPermission(java.security.Principal p,
                               java.security.acl.Permission perm)

Checks if Principal p is allowed to access perm, where perm is a file. This check is performed from the least specific to the most specific permission. The check is a little different for files and directories. For example:

When checking for access to a file:

  /myfiles/test/test.html

The following checks are performed:

  /myfiles/test/test.html
    /myfiles/test/test.html/ <-- check for access to directory without 
    /myfiles/test/*              trailing 'SEPERATOR_CHAR'
    /myfiles/test/-
    /myfiles/-
    -

When checking for access to a directory:

  /myfiles/test/testdir/
    /myfiles/test/testdir

The following checks will be performed:

  /myfiles/test/testdir/
    /myfiles/test/*
    /myfiles/test/-
    /myfiles/-
    -

The checks terminate when a permission is encountered that either explicitly allows or explicitly denys the access. If there are no permissions that explicitly allow or deny the access, the access is denied by default.

Parameters:

p - User or Group to test

perm - file path to check

Overrides:

checkPermission in class AclImpl