public class Acl
extends java.lang.Object
AclHandlers
with this class with
Acl(String[])
and/or registerHandler(String)
.
AclHandler implementations must have a no-arg constructor.
AclHandler methods that begin with the prefix "acl" and have a signature
like the following are registered as ACL handler methods that can
be referenced in ACL strings.
public boolean aclXXXX(Object context, String params[]);or
public static boolean aclXXXX(Object context, String params[]);The handlers can then be referred to in ACL strings when
evalAcl(java.lang.Object, java.lang.String)
is called.
ACL strings take the form:
ACL := EXPRESSION [; EXPRESSION; ]+ EXPRESSION := STATEMENT [ OR STATEMENT ]+A semicolon separating expressions implies an AND operation.
An expression uses AclHandlers registered through
Acl(String[])
and/or registerHandler(String)
.
ACL method names are changed to ACL handler names referenceable in
expression using the following translation algorithm:
Method Name | ACL Handler Name |
aclFooBar | foo_bar |
aclTestSomeValue | test_some_value |
aclCheckXML | check_xml |
aclCheckXMLFile | check_xml_file |
aclXMLCheck | xml_check |
Map context = new HashMap(); context.put("thingamajig", "foo"); context.put("doodad", "bar"); context.put("widget", "baz"); ... // we can register a default handler with the constructor that takes // an array of fully-qualified AclHandler implementations Acl acl = new Acl( new String[]{"com.redhat.rhn.security.acl.handlers.DefaultHandler"}); // and later register additional handlers acl.registerHandler("com.redhat.rhn.security.acl.handlers.MyHandler"); // all will return true boolean result = acl.evalAcl(context, "has_thingamajig(foo)"); result = acl.evalAcl(context, "has_doodad(bar)"); result = acl.evalAcl(context, "has_widget(baz)");DefaultHandler:
package com.redhat.rhn.security.acl.handlers; import com.rhn.redhat.security.acl.AclHandler; public class DefaultHandler implements AclHandler { // return true if the context has the specified thingamajig public boolean aclHasThingmajig(Object context, String[] params) { Map map = (Map)context; String thingamajig = (String)map.get("thingamajig"); return thingamajig.equals(params[0]); } }MyHandler:
package com.redhat.rhn.security.acl.handlers; import com.rhn.redhat.security.acl.AclHandler; public class MyHandler implements AclHandler { // return true if the context has the specified doodad public boolean aclHasDooDad(Object context, String[] params) { Map map = (Map)context; String doodad = (String)map.get("doodad"); return doodad.equals(params[0]); } // return true if the context has the specified widget public boolean aclHasWidget(Object context, String[] params) { Map map = (Map)context; String widget = (String)map.get("widget"); return widget.equals(params[0]); } }
Constructor and Description |
---|
Acl()
Constructor for a new Acl instance without any default ACL handlers.
|
Acl(java.lang.String[] defaultHandlerClasses)
Creates a new Acl instance with the specified default ACL handler
classes.
|
Modifier and Type | Method and Description |
---|---|
boolean |
evalAcl(java.lang.Object context,
java.lang.String acl)
Evaluates an ACL string within a given context.
|
java.util.TreeSet |
getAclHandlerNames()
Returns the set of registered ACL handler names.
|
void |
registerHandler(AclHandler aclHandler)
Register an AclHandler.
|
void |
registerHandler(java.lang.Class aclClazz)
Register an AclHandler class.
|
void |
registerHandler(java.lang.String aclClassname)
Register an AclHandler class.
|
public Acl()
public Acl(java.lang.String[] defaultHandlerClasses)
defaultHandlerClasses
- an array of handler classes. Each entry
must be a fully-qualified name of an implementation of
AclHandler
registerHandler(String)
,
registerHandler(Class)
,
registerHandler(AclHandler)
public void registerHandler(java.lang.String aclClassname)
aclClassname
- fully-qualified classname of an AclHandler
implementationregisterHandler(AclHandler)
public void registerHandler(java.lang.Class aclClazz)
aclClazz
- an AclHandler
implementationregisterHandler(AclHandler)
public void registerHandler(AclHandler aclHandler)
public boolean aclXXX(Object, String[])or
public static boolean aclXXX(Object, String[])Methods without the "acl" prefix are ignored. If a method begins with the "acl" prefix but the method signature is invalid, a warning is logged and the method is ignored.
aclHandler
- AclHandlerpublic java.util.TreeSet getAclHandlerNames()
public boolean evalAcl(java.lang.Object context, java.lang.String acl)
context
- context in which the acl string is evaluatedacl
- the ACL string.AclHandler