/** * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) * with a set of permissions. Each principal can have at most one positive ACL entry * (specifying permissions to be granted to the principal) and one negative ACL entry * (specifying permissions to be denied). If there is already an ACL entry * of the same type (negative or positive) already in the ACL, false is returned. * * @param caller the principal invoking this method. It must be an owner * of this ACL. * @param entry the ACL entry to be added to this ACL. * @return true on success, false if an entry of the same type (positive * or negative) for the same principal is already present in this ACL. * @exception NotOwnerException if the caller principal is not an owner of * this ACL. * @see java.security.Principal */ @Override public boolean addEntry(Principal caller, AclEntry entry) throws NotOwnerException { if (!isOwner(caller)) throw new NotOwnerException(); if (entryList.contains(entry)) return false; /* for (Enumeration e = entryList.elements();e.hasMoreElements();){ AclEntry ent = (AclEntry) e.nextElement(); if (ent.getPrincipal().equals(entry.getPrincipal())) return false; } */ entryList.addElement(entry); return true; }
/** * Constructs the Java Dynamic Management(TM) Access Control List * based on IP addresses. The ACL will take the given owner name. * The current IP address will be the owner of the ACL. * * @param Owner The name of the ACL Owner. * @param aclFileName The name of the ACL File. * * @exception UnknownHostException If the local host is unknown. * @exception IllegalArgumentException If the ACL file doesn't exist. */ public SnmpAcl(String Owner, String aclFileName) throws UnknownHostException, IllegalArgumentException { trapDestList= new Hashtable<InetAddress, Vector<String>>(); informDestList= new Hashtable<InetAddress, Vector<String>>(); // PrincipalImpl() take the current host as entry owner = new PrincipalImpl(); try { acl = new AclImpl(owner,Owner); AclEntry ownEntry = new AclEntryImpl(owner); ownEntry.addPermission(READ); ownEntry.addPermission(WRITE); acl.addEntry(owner,ownEntry); } catch (NotOwnerException ex) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "SnmpAcl(String,String)", "Should never get NotOwnerException as the owner " + "is built in this constructor"); } } if (aclFileName == null) setDefaultFileName(); else setAuthorizedListFile(aclFileName); readAuthorizedListFile(); }
/** * Deletes an owner. If this is the last owner in the ACL, an exception is raised. *<P> * The caller principal must be an owner of the ACL in order to invoke this method. * * @param caller the principal invoking this method. It must be an owner * of the ACL. * @param owner the owner to be removed from the list of owners. * @return true if successful, false if owner is already an owner. * @exception NotOwnerException if the caller principal is not an owner * of the ACL. * @exception LastOwnerException if there is only one owner left, so that * deleteOwner would leave the ACL owner-less. */ public boolean deleteOwner(Principal caller, Principal owner) throws NotOwnerException,LastOwnerException { if (!ownerList.contains(caller)) throw new NotOwnerException(); if (!ownerList.contains(owner)){ return false; } else { if (ownerList.size() == 1) throw new LastOwnerException(); ownerList.removeElement(owner); return true; } }
/** * Requires that the set passed in does not use a fail-fast iterator */ @Override public void mergeAcls(Principal aclOwner, CloudAclEntrySet acls) { // Return the current set if there is only one ACL if (acls.size() > 1) { forEachMergeableCloudAclEntry(acls, c -> { try { // Remove old ACL's, add new ones acls.removeEntry(aclOwner, c.getEntry1()); acls.removeEntry(aclOwner, c.getEntry2()); acls.addEntry(aclOwner, mergeAcl(c)); } catch (NotOwnerException e) { throw new RuntimeException(e); } }); } }
/** * Adds the ACL entry, determining if there are any conflicts and refusing to add to the set if * there were * @param aclEntry * @param force true if you would like to add this ACL and remove any conflicting ACL, false otherwise * @return If <em>force</em> was false then this returns the conflicting ACL entries and this ACL is not added. * if <em>force</em> was true then this returns the conflicting ACL entries which were replaced by this * new ACL entry. * @throws NotOwnerException * @see #findConflictingAcls(CloudAclEntry) */ public Set<CloudAclEntry<?>> addAclEntry(Principal caller, CloudAclEntry<?> aclEntry, boolean force) throws NotOwnerException { checkWriteAccess(caller); Set<CloudAclEntry<?>> conflictingAclEntries = findConflictingAcls(aclEntry); if (force) { // TODO: This could cause a race condition where we clear the conflicts and then add, // whilst another thread could add another conflicting ACL entry. Consider using a R/W lock // for all add/delete operations as for the owners set. if (!conflictingAclEntries.isEmpty()) { aclSet.removeAll(conflictingAclEntries); } aclSet.add(aclEntry); } else if (conflictingAclEntries.isEmpty()) { aclSet.add(aclEntry); } return conflictingAclEntries; }
@Override public boolean addOwner(Principal caller, Principal owner) throws NotOwnerException { ownersLock.readLock().lock(); try { checkWriteAccess(caller); // Upgrade to a write lock ownersLock.readLock().unlock(); ownersLock.writeLock().lock(); boolean returnValue; try { returnValue = owners.add(owner); // Downgrade back to a read lock ownersLock.readLock().lock(); } finally { ownersLock.writeLock().unlock(); } return returnValue; } finally { ownersLock.readLock().unlock(); } }
@Test public void testCreateCloudAclEntrySetWithAUserOwnerWillNotAddTheSameOwnerMoreThanOnce() throws NotOwnerException, LastOwnerException { TestUserImpl user1 = new TestUserImpl("user1"); TestUserImpl user2 = new TestUserImpl("user2"); CloudAclEntrySet cloudAclEntrySet = new CloudAclEntrySet(Sets.newHashSet(user1, user2)); Assert.assertTrue(cloudAclEntrySet.isOwner(user1)); Assert.assertTrue(cloudAclEntrySet.isOwner(user2)); Assert.assertEquals(2, cloudAclEntrySet.getOwners().size()); Assert.assertFalse(cloudAclEntrySet.addOwner(user1, user2)); Assert.assertEquals(2, cloudAclEntrySet.getOwners().size()); TestUserImpl user3 = new TestUserImpl("user3"); Assert.assertTrue(cloudAclEntrySet.addOwner(user1, user3)); Assert.assertTrue(cloudAclEntrySet.isOwner(user1)); Assert.assertTrue(cloudAclEntrySet.isOwner(user2)); Assert.assertTrue(cloudAclEntrySet.isOwner(user3)); Assert.assertEquals(3, cloudAclEntrySet.getOwners().size()); }
@Test public void testAddAclEntryWithTheForceOptionWillForceTheConflictingEntryIntoTheSet() throws NotOwnerException { CloudAclEntrySet aclEntrySet = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, new DefaultCloudAclEntryConflictChecker()); // Now add some entries CloudAclEntry<PublicPrivateCloudPermissionsPrincipal> blobAccessEntry = new CloudAclEntryBuilder<PublicPrivateCloudPermissionsPrincipal>(PublicPrivateCloudPermissionsPrincipal.class) .setPrincipal(new PublicPrivateCloudPermissionsPrincipal(BlobAccess.PRIVATE)) .build(); Assert.assertTrue(aclEntrySet.addEntry(AnonymousUserPrincipal.INSTANCE, blobAccessEntry)); CloudAclEntry<PublicPrivateCloudPermissionsPrincipal> blobAccessEntry2 = new CloudAclEntryBuilder<PublicPrivateCloudPermissionsPrincipal>(PublicPrivateCloudPermissionsPrincipal.class) .setPrincipal(new PublicPrivateCloudPermissionsPrincipal(BlobAccess.PUBLIC_READ)) .build(); // Without the force it should keep the old entry Assert.assertEquals(blobAccessEntry, aclEntrySet.addAclEntry(AnonymousUserPrincipal.INSTANCE, blobAccessEntry2, false).iterator().next()); Assert.assertEquals(blobAccessEntry, aclEntrySet.iterator().next()); // With the force it should replace the old entry Assert.assertEquals(blobAccessEntry, aclEntrySet.addAclEntry(AnonymousUserPrincipal.INSTANCE, blobAccessEntry2, true).iterator().next()); Assert.assertEquals(blobAccessEntry2, aclEntrySet.iterator().next()); Assert.assertEquals(1, aclEntrySet.size()); }
@Test public void testCloneProducesACloneEqualsToTheOriginalSet() throws NotOwnerException { UserPrincipal user1 = new TestUserImpl("user1"); TestGroupImpl group1 = new TestGroupImpl("group1"); CloudAclEntrySet acls = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group1) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertTrue(acls.addAllEntries(AnonymousUserPrincipal.INSTANCE, Arrays.asList(new CloudAclEntry<?>[] {cloudAclEntry1, cloudAclEntry2}))); CloudAclEntrySet clone = acls.clone(); Assert.assertEquals(acls, clone); }
@Test public void testGetAclEntriesUsesClonedEntriesAndDoesNotModifyTheUnderlyingAclEntry() throws NotOwnerException { UserPrincipal user1 = new TestUserImpl("user1"); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.ALLOW) .addPermissions(AclConstants.ALL_DIRECTORY_READ_PERMISSIONS) .build(); CloudAclEntrySet acls = new CloudAclEntrySet(user1, cloudAclEntry1); Set<CloudAclEntry<?>> aclEntries = acls.getAclEntries(); Assert.assertEquals(1, aclEntries.size()); CloudAclEntry<?> cloudAclEntryClone = aclEntries.stream().findFirst().get(); Assert.assertEquals(cloudAclEntry1, cloudAclEntryClone); Assert.assertFalse(cloudAclEntry1 == cloudAclEntryClone); cloudAclEntryClone.setPermissions(AclConstants.ALL_FILE_WRITE_PERMISSIONS); Assert.assertEquals(AclConstants.ALL_FILE_WRITE_PERMISSIONS, cloudAclEntryClone.getPermissions()); Assert.assertNotEquals(AclConstants.ALL_DIRECTORY_READ_PERMISSIONS, cloudAclEntryClone.getPermissions()); Assert.assertEquals(AclConstants.ALL_DIRECTORY_READ_PERMISSIONS, cloudAclEntry1.getPermissions()); Assert.assertNotEquals(AclConstants.ALL_FILE_WRITE_PERMISSIONS, cloudAclEntry1.getPermissions()); }
/** * @tests java.security.acl.NotOwnerException#NotOwnerException() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "NotOwnerException", args = {} ) public void test_Constructor() { // Test for method java.security.acl.NotOwnerException() try { throw new NotOwnerException(); } catch (NotOwnerException e) { assertEquals("NotOwnerException.toString() should have been " + "'java.security.acl.NotOwnerException' but was " + e.toString(), "java.security.acl.NotOwnerException", e .toString()); } }
/** * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) * with a set of permissions. Each principal can have at most one positive ACL entry * (specifying permissions to be granted to the principal) and one negative ACL entry * (specifying permissions to be denied). If there is already an ACL entry * of the same type (negative or positive) already in the ACL, false is returned. * * @param caller the principal invoking this method. It must be an owner * of this ACL. * @param entry the ACL entry to be added to this ACL. * @return true on success, false if an entry of the same type (positive * or negative) for the same principal is already present in this ACL. * @exception NotOwnerException if the caller principal is not an owner of * this ACL. * @see java.security.Principal */ public boolean addEntry(Principal caller, AclEntry entry) throws NotOwnerException { if (!isOwner(caller)) throw new NotOwnerException(); if (entryList.contains(entry)) return false; /* for (Enumeration e = entryList.elements();e.hasMoreElements();){ AclEntry ent = (AclEntry) e.nextElement(); if (ent.getPrincipal().equals(entry.getPrincipal())) return false; } */ entryList.addElement(entry); return true; }
@Override public void requestPrivileges( final Collection<String> requestedPrivileges, boolean askForPassword) throws NotOwnerException, CancellationException { if (SwingUtilities.isEventDispatchThread()) { throw new RuntimeException("requestExecutionPrivileges " + // NOI18N "should never be called in AWT thread"); // NOI18N } if (askForPassword && cancelled) { return; } if (hasPrivileges(requestedPrivileges)) { return; } try { if (cachedPrivilegesRequestor.compute( new RequestPrivilegesTaskParams(this, requestedPrivileges, askForPassword)).booleanValue() == true) { invalidateCache(); } else { throw new NotOwnerException(); } } catch (InterruptedException ex) { Exceptions.printStackTrace(ex); } }
/** * Resets this ACL to the values contained in the configuration file. * * @exception NotOwnerException If the principal attempting the reset is not an owner of this ACL. * @exception UnknownHostException If IP addresses for hosts contained in the ACL file couldn't be found. */ public void rereadTheFile() throws NotOwnerException, UnknownHostException { alwaysAuthorized = false; acl.removeAll(owner); trapDestList.clear(); informDestList.clear(); AclEntry ownEntry = new AclEntryImpl(owner); ownEntry.addPermission(READ); ownEntry.addPermission(WRITE); acl.addEntry(owner,ownEntry); readAuthorizedListFile(); }
