001: /*
002: * Copyright 2001-2006 C:1 Financial Services GmbH
003: *
004: * This software is free software; you can redistribute it and/or
005: * modify it under the terms of the GNU Lesser General Public
006: * License Version 2.1, as published by the Free Software Foundation.
007: *
008: * This software is distributed in the hope that it will be useful,
009: * but WITHOUT ANY WARRANTY; without even the implied warranty of
010: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
011: * Lesser General Public License for more details.
012: *
013: * You should have received a copy of the GNU Lesser General Public
014: * License along with this library; if not, write to the Free Software
015: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA
016: */
017:
018: package de.finix.contelligent.core.security;
019:
020: import java.security.acl.Permission;
021: import java.util.Iterator;
022:
023: import de.finix.contelligent.CallData;
024:
025: /**
026: * This interface is based on the original {@link java.security.acl.AclEntry}
027: * from Sun, the differences are:
028: * <UL>
029: * <LI> each ACL entry has a {@link #getMode mode} assigned because permissions
030: * can be denied or granted.
031: * <LI> the entry can be marked that it was {@link #isInherited inherited} from
032: * a parent ACL. This is necessary because within the Contelligent system
033: * components usually inherit the ACL of their parent. (default is false)
034: * <LI> it uses {@link Iterator iterators} instead of
035: * {@link java.util.Enumeration enumerations}.
036: * <LI> it uses {@link ContelligentPrincipal} instead of
037: * {@link java.security.Principal}.
038: * </UL>
039: *
040: * This is the original description:<BR>
041: * <PR> This is the interface used for representing one entry in an Access
042: * Control List (ACL). <BR>
043: * An ACL can be thought of as a data structure with multiple ACL entry objects.
044: * Each ACL entry object contains a set of permissions associated with a
045: * particular principal. (A principal represents an entity such as an individual
046: * user or a group). Additionally, each ACL entry is specified as being either
047: * positive or negative. If positive, the permissions are to be granted to the
048: * associated principal. If negative, the permissions are to be denied. Each
049: * principal can have at most one positive ACL entry and one negative entry;
050: * that is, multiple positive or negative ACL entries are not allowed for any
051: * principal.
052: * </P>
053: * Note: ACL entries have by default mode 'ALLOW'. An entry becomes another mode
054: * only if the {@link #setMode} method is called on it.
055: */
056: public interface AclEntry extends Cloneable {
057:
058: public interface Mode {
059: String toString();
060:
061: boolean equals(Object o);
062: }
063:
064: /**
065: * Returns the principal for which permissions are granted or denied by this
066: * ACL entry. Returns null if there is no principal set for this entry yet.
067: *
068: * @return the principal associated with this entry.
069: */
070: public ContelligentPrincipal getPrincipal();
071:
072: /**
073: * Checks if the specified permission equals the permission contained in
074: * this entry.
075: *
076: * @param permission
077: * the permission to be checked for.
078: *
079: * @return the Mode the permission is part of the permission set in this
080: * entry, false otherwise.
081: */
082: public boolean checkPermission(Permission permission);
083:
084: public Permission getPermission();
085:
086: /**
087: * Returns a string representation of the contents of this ACL entry.
088: *
089: * @return a string representation of the contents.
090: */
091: public String toString();
092:
093: /**
094: * Compares this acl-entry to the specified object. <BR>
095: * Two acl-entries are considered to be equals if they have the same
096: * {@link #getPrincipal principal} and the same
097: * {@link #getPermission permission}.
098: * <em>Note that the mode is explicitly not required to match for two
099: * acl-entries to be equal!</em>
100: *
101: * @param o
102: * an <code>Object</code> value
103: * @return a <code>boolean</code> value
104: */
105: public boolean equals(Object o);
106:
107: /**
108: * Returns a hashcode for this AclEntry. Rememeber that if two objects are
109: * equal they should have the same hashCode.
110: *
111: * @return a hashcode for this AclEntry.
112: */
113: public int hashCode();
114:
115: /**
116: * Clones this ACL entry.
117: *
118: * @return a clone of this ACL entry.
119: */
120: public Object clone();
121:
122: /**
123: * Describe <code>setMode</code> method here.
124: *
125: * @param mode
126: * a <code>Mode</code> value
127: */
128: public void setMode(Mode mode);
129:
130: /**
131: * Describe <code>getMode</code> method here.
132: *
133: * @return a <code>Mode</code> value
134: */
135: public Mode getMode();
136:
137: /**
138: * Returns true if the ACL entry is inherited from a parent ACL. The default
139: * is false, the current value can be changed using {@link #setIsInherited}.
140: *
141: * @return a <code>boolean</code> value
142: */
143: public boolean isInherited();
144:
145: /**
146: * Sets the value returned by {@link #isInherited}.
147: *
148: * @param isInherited
149: * a <code>boolean</code> value
150: */
151: public void setIsInherited(boolean isInherited);
152:
153: public long getValidFrom();
154:
155: public long getValidTo();
156:
157: public long getPeriod();
158:
159: public long getDuration();
160:
161: public boolean isValid(CallData callData);
162:
163: }
|