Acl

java.lang.Object
- com.redhat.rhn.common.security.acl.Acl

public class Acl
extends java.lang.Object

Class for handling ACLs. Register AclHandlers with this class with Acl(String[]) and/or registerHandler(String). AclHandler implementations must have a no-arg constructor. AclHandler methods that begin with the prefix "acl" and have a signature like the following are registered as ACL handler methods that can be referenced in ACL strings.

     public boolean aclXXXX(Object context, String params[]);

     public static boolean aclXXXX(Object context, String params[]);

The handlers can then be referred to in ACL strings when evalAcl(java.lang.Object, java.lang.String) is called.

ACL strings take the form:

  ACL         := EXPRESSION [; EXPRESSION; ]+
  EXPRESSION  := STATEMENT [ OR STATEMENT ]+

A semicolon separating expressions implies an AND operation.

An expression uses AclHandlers registered through Acl(String[]) and/or registerHandler(String). ACL method names are changed to ACL handler names referenceable in expression using the following translation algorithm:

all letters are converted to lower case
words in the method name defined by mixedCase are separated by underscores (Example: aclCheckSomething() is referenced as check_something)
words can have all caps (Example: aclCheckURL() is referenced in an ACL expression as check_url)

More examples:
Method Name	ACL Handler Name
aclFooBar	foo_bar
aclTestSomeValue	test_some_value
aclCheckXML	check_xml
aclCheckXMLFile	check_xml_file
aclXMLCheck	xml_check

The following demonstrates the use of the Acl class:

  Map context = new HashMap();
  context.put("thingamajig", "foo");
  context.put("doodad", "bar");
  context.put("widget", "baz");

  ...

  // we can register a default handler with the constructor that takes
  // an array of fully-qualified AclHandler implementations
  Acl acl = new Acl(
    new String[]{"com.redhat.rhn.security.acl.handlers.DefaultHandler"});

  // and later register additional handlers
  acl.registerHandler("com.redhat.rhn.security.acl.handlers.MyHandler");

  // all will return true
  boolean result = acl.evalAcl(context, "has_thingamajig(foo)");
  result = acl.evalAcl(context, "has_doodad(bar)");
  result = acl.evalAcl(context, "has_widget(baz)");

DefaultHandler:

  package com.redhat.rhn.security.acl.handlers;

  import com.rhn.redhat.security.acl.AclHandler;

  public class DefaultHandler implements AclHandler {
      // return true if the context has the specified thingamajig
      public boolean aclHasThingmajig(Object context, String[] params) {
          Map map = (Map)context;
          String thingamajig = (String)map.get("thingamajig");
          return thingamajig.equals(params[0]);
      }
  }

MyHandler:

  package com.redhat.rhn.security.acl.handlers;

  import com.rhn.redhat.security.acl.AclHandler;

  public class MyHandler implements AclHandler {
      // return true if the context has the specified doodad
      public boolean aclHasDooDad(Object context, String[] params) {
          Map map = (Map)context;
          String doodad = (String)map.get("doodad");
          return doodad.equals(params[0]);
      }
      // return true if the context has the specified widget
      public boolean aclHasWidget(Object context, String[] params) {
          Map map = (Map)context;
          String widget = (String)map.get("widget");
          return widget.equals(params[0]);
      }
  }

Constructor Summary

Constructors
Constructor and Description
`Acl()` Constructor for a new Acl instance without any default ACL handlers.
`Acl(java.lang.String[] defaultHandlerClasses)` Creates a new Acl instance with the specified default ACL handler classes.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`evalAcl(java.lang.Object context, java.lang.String acl)` Evaluates an ACL string within a given context.
`java.util.TreeSet`	`getAclHandlerNames()` Returns the set of registered ACL handler names.
`void`	`registerHandler(AclHandler aclHandler)` Register an AclHandler.
`void`	`registerHandler(java.lang.Class aclClazz)` Register an AclHandler class.
`void`	`registerHandler(java.lang.String aclClassname)` Register an AclHandler class.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - Acl
```
public Acl()
```
    Constructor for a new Acl instance without any default ACL handlers.
  - Acl
```
public Acl(java.lang.String[] defaultHandlerClasses)
```
    Creates a new Acl instance with the specified default ACL handler classes.
    
    Parameters:
    
    defaultHandlerClasses - an array of handler classes. Each entry must be a fully-qualified name of an implementation of AclHandler
    
    See Also:
    
    registerHandler(String), registerHandler(Class), registerHandler(AclHandler)
- Method Detail
  - registerHandler
```
public void registerHandler(java.lang.String aclClassname)
```
    Register an AclHandler class.
    
    Parameters:
    
    aclClassname - fully-qualified classname of an AclHandler implementation
    
    See Also:
    
    registerHandler(AclHandler)
  - registerHandler
```
public void registerHandler(java.lang.Class aclClazz)
```
    Register an AclHandler class.
    
    Parameters:
    
    aclClazz - an AclHandler implementation
    
    See Also:
    
    registerHandler(AclHandler)
  - registerHandler
```
public void registerHandler(AclHandler aclHandler)
```
    Register an AclHandler. All methods with the valid signature will be registered.
```
     public boolean aclXXX(Object, String[])
 
```
    or
```
     public static boolean aclXXX(Object, String[])
 
```
    Methods without the "acl" prefix are ignored. If a method begins with the "acl" prefix but the method signature is invalid, a warning is logged and the method is ignored.
    Parameters:
    
    aclHandler - AclHandler
  - getAclHandlerNames
```
public java.util.TreeSet getAclHandlerNames()
```
    Returns the set of registered ACL handler names.
    
    Returns:
    
    set of handler names usable in an ACL string
  - evalAcl
```
public boolean evalAcl(java.lang.Object context,
                       java.lang.String acl)
```
    Evaluates an ACL string within a given context. See class description for sample usage.
    
    Parameters:
    
    context - context in which the acl string is evaluated
    
    acl - the ACL string.
    
    Returns:
    
    true if the ACL string and given context allow access, false otherwise
    
    See Also:
    
    AclHandler

Class Acl

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

Acl

Acl

Method Detail

registerHandler

registerHandler

registerHandler

getAclHandlerNames

evalAcl