/** * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) * with a set of permissions. Each principal can have at most one positive ACL entry * (specifying permissions to be granted to the principal) and one negative ACL entry * (specifying permissions to be denied). If there is already an ACL entry * of the same type (negative or positive) already in the ACL, false is returned. * * @param caller the principal invoking this method. It must be an owner * of this ACL. * @param entry the ACL entry to be added to this ACL. * @return true on success, false if an entry of the same type (positive * or negative) for the same principal is already present in this ACL. * @exception NotOwnerException if the caller principal is not an owner of * this ACL. * @see java.security.Principal */ @Override public boolean addEntry(Principal caller, AclEntry entry) throws NotOwnerException { if (!isOwner(caller)) throw new NotOwnerException(); if (entryList.contains(entry)) return false; /* for (Enumeration e = entryList.elements();e.hasMoreElements();){ AclEntry ent = (AclEntry) e.nextElement(); if (ent.getPrincipal().equals(entry.getPrincipal())) return false; } */ entryList.addElement(entry); return true; }
/** * Constructs the Java Dynamic Management(TM) Access Control List * based on IP addresses. The ACL will take the given owner name. * The current IP address will be the owner of the ACL. * * @param Owner The name of the ACL Owner. * @param aclFileName The name of the ACL File. * * @exception UnknownHostException If the local host is unknown. * @exception IllegalArgumentException If the ACL file doesn't exist. */ public SnmpAcl(String Owner, String aclFileName) throws UnknownHostException, IllegalArgumentException { trapDestList= new Hashtable<InetAddress, Vector<String>>(); informDestList= new Hashtable<InetAddress, Vector<String>>(); // PrincipalImpl() take the current host as entry owner = new PrincipalImpl(); try { acl = new AclImpl(owner,Owner); AclEntry ownEntry = new AclEntryImpl(owner); ownEntry.addPermission(READ); ownEntry.addPermission(WRITE); acl.addEntry(owner,ownEntry); } catch (NotOwnerException ex) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "SnmpAcl(String,String)", "Should never get NotOwnerException as the owner " + "is built in this constructor"); } } if (aclFileName == null) setDefaultFileName(); else setAuthorizedListFile(aclFileName); readAuthorizedListFile(); }
/** * Returns ann enumeration of community strings. Community strings are returned as String. * @return The enumeration of community strings. */ public Enumeration<String> communities() { HashSet<String> set = new HashSet<String>(); Vector<String> res = new Vector<String>(); for (Enumeration<AclEntry> e = acl.entries() ; e.hasMoreElements() ;) { AclEntryImpl entry = (AclEntryImpl) e.nextElement(); for (Enumeration<String> cs = entry.communities(); cs.hasMoreElements() ;) { set.add(cs.nextElement()); } } String[] objs = set.toArray(new String[0]); for(int i = 0; i < objs.length; i++) res.addElement(objs[i]); return res.elements(); }
/** * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) * with a set of permissions. Each principal can have at most one positive ACL entry * (specifying permissions to be granted to the principal) and one negative ACL entry * (specifying permissions to be denied). If there is already an ACL entry * of the same type (negative or positive) already in the ACL, false is returned. * * @param caller the principal invoking this method. It must be an owner * of this ACL. * @param entry the ACL entry to be added to this ACL. * @return true on success, false if an entry of the same type (positive * or negative) for the same principal is already present in this ACL. * @exception NotOwnerException if the caller principal is not an owner of * this ACL. * @see java.security.Principal */ public boolean addEntry(Principal caller, AclEntry entry) throws NotOwnerException { if (!isOwner(caller)) throw new NotOwnerException(); if (entryList.contains(entry)) return false; /* for (Enumeration e = entryList.elements();e.hasMoreElements();){ AclEntry ent = (AclEntry) e.nextElement(); if (ent.getPrincipal().equals(entry.getPrincipal())) return false; } */ entryList.addElement(entry); return true; }
/** * Resets this ACL to the values contained in the configuration file. * * @exception NotOwnerException If the principal attempting the reset is not an owner of this ACL. * @exception UnknownHostException If IP addresses for hosts contained in the ACL file couldn't be found. */ public void rereadTheFile() throws NotOwnerException, UnknownHostException { alwaysAuthorized = false; acl.removeAll(owner); trapDestList.clear(); informDestList.clear(); AclEntry ownEntry = new AclEntryImpl(owner); ownEntry.addPermission(READ); ownEntry.addPermission(WRITE); acl.addEntry(owner,ownEntry); readAuthorizedListFile(); }
/** * Removes an ACL entry from this ACL. * * @param caller the principal invoking this method. It must be an owner * of this ACL. * @param entry the ACL entry to be removed from this ACL. * @return true on success, false if the entry is not part of this ACL. * @exception NotOwnerException if the caller principal is not an owner * of this Acl. * @see java.security.Principal * @see java.security.acl.AclEntry */ @Override public boolean removeEntry(Principal caller, AclEntry entry) throws NotOwnerException { if (!isOwner(caller)) throw new NotOwnerException(); return (entryList.removeElement(entry)); }
/** * Returns an enumeration for the set of allowed permissions for * the specified principal * (representing an entity such as an individual or a group). * This set of allowed permissions is calculated as follows: * <UL> * <LI>If there is no entry in this Access Control List for the specified * principal, an empty permission set is returned.</LI> * <LI>Otherwise, the principal's group permission sets are determined. * (A principal can belong to one or more groups, where a group is a group * of principals, represented by the Group interface.)</LI> * </UL> * @param user the principal whose permission set is to be returned. * @return the permission set specifying the permissions the principal * is allowed. * @see java.security.Principal */ @Override public Enumeration<Permission> getPermissions(Principal user){ Vector<Permission> empty = new Vector<>(); for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){ AclEntry ent = e.nextElement(); if (ent.getPrincipal().equals(user)) return ent.permissions(); } return empty.elements(); }
/** * Checks whether or not the specified principal has the specified * permission. * If it does, true is returned, otherwise false is returned. * More specifically, this method checks whether the passed permission * is a member of the allowed permission set of the specified principal. * The allowed permission set is determined by the same algorithm as is * used by the getPermissions method. * * @param user the principal, assumed to be a valid authenticated Principal. * @param perm the permission to be checked for. * @return true if the principal has the specified permission, * false otherwise. * @see java.security.Principal * @see java.security.Permission */ @Override public boolean checkPermission(Principal user, java.security.acl.Permission perm) { for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){ AclEntry ent = e.nextElement(); if (ent.getPrincipal().equals(user)) if (ent.checkPermission(perm)) return true; } return false; }
