Examples of ACL

• co.cask.cdap.api.security.ACL
  Represents an entry in the Access Control List.
• com.cloudera.lib.service.ACL
• com.ecyrd.jspwiki.auth.acl.Acl

  Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources. An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set

  This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner" has been eliminated, since JWPWiki pages do not have owners. An additional simplification compared to the standard Java package is that negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no permissions by default, and posesses only those that have been explicitly granted to them. And finally, the getPermissions() and checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.

  @author Andrew Jaquith @since 2.3
• com.emc.atmos.api.Acl
• com.emc.esu.api.Acl
  An Access Control List (ACL) is a collection of Grants that assign privileges to users and/or groups.
• com.github.sardine.model.Acl
  xample.com/acl/users/gstein</D:href> </D:owner>
• com.google.code.com.sun.mail.imap.ACL
  An access control list entry for a particular authentication identifier (user or group). Associates a set of Rights with the identifier. See RFC 2086.

  @author Bill Shannon

• com.google.feedserver.resource.Acl
  ACL bean / resource
• com.googlecode.sardine.model.Acl
  xample.com/acl/users/gstein</D:href> </D:owner>
• com.intridea.io.vfs.operations.Acl
  ACL for S3. Usage samples: Allow everyone to read: acl.allow(Acl.Group.GUEST, Acl.Permission.READ); Allow all authorized users to read and write: Acl.Permission[] rights = {Acl.Permission.READ, Acl.Permission.WRITE}; acl.allow(Acl.Group.AUTHORIZED, rights); Deny all (owner still has access to overwrite ACL): acl.denyAll(); @author Marat Komarov @author Alex Kovalyov
• com.sun.jna.examples.win32.WinNT.ACL
• com.sun.jna.platform.win32.WinNT.ACL
  @author dblock[at]dblock[dot]org
• com.sun.mail.imap.ACL
  An access control list entry for a particular authentication identifier (user or group). Associates a set of Rights with the identifier. See RFC 2086.

  @author Bill Shannon

• de.iritgo.aktera.permissions.security.Acl
• gabriel.acl.Acl
  Access control list for managing permissions. ACLs contain entries which map principals to permissions. @author Stephan J. Schmidt @version $Id: Acl.java,v 1.2 2004/06/24 07:26:21 stephan Exp $
• hudson.security.ACL
  ins-ci.org/display/JENKINS/Making+your+plugin+behave+in+secured+Hudson
• lotus.domino.ACL
• loxia.web.annotation.Acl
• org.acegisecurity.acls.Acl
  Represents an access control list (ACL) for a domain object.

  An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the {@link org.acegisecurity.acls.objectidentity.ObjectIdentity} interface.

  An implementation represents the {@link org.acegisecurity.acls.Permission}list applicable for some or all {@link org.acegisecurity.acls.sid.Sid}instances.

  @author Ben Alex @version $Id: Acl.java 1784 2007-02-24 21:00:24Z luke_t $
• org.apache.chemistry.opencmis.commons.data.Acl
  Access Control List (ACL).
• org.apache.cloudstack.api.ACL
• org.apache.wiki.auth.acl.Acl

  Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources. An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set

  This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner" has been eliminated, since JWPWiki pages do not have owners. An additional simplification compared to the standard Java package is that negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no permissions by default, and posesses only those that have been explicitly granted to them. And finally, the getPermissions() and checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.

  @since 2.3
• org.apache.zookeeper.data.ACL
• org.apache.zookeeper_voltpatches.data.ACL
• org.glite.authz.pap.authz.ACL
  This class represents an Access Control List for the PAP authorization engine. PAP ACLs assign permissions (ie, {@link PAPPermission} objects) to PAP administrators(ie, {@link PAPAdmin} objects). @author andrea
• org.intalio.tempo.workflow.auth.ACL
• org.jboss.security.acl.ACL

  This interface represents an Access Control List (ACL), a data structure used to protect access to resources. It is composed of entries, where each entry is represented by the ALCEntry class and represents the permissions assigned to a given identity.

  When a client attempts to perform an operation on a resource, the ACL associated to the resource is used to verify if the client has enough permissions to perform that operation. In order to do that, the ACLEntry corresponding to the client's identity is retrieved and then the permission set contained in the entry is verified to decide if access should be granted or not.

  @author Stefan Guilhen
• org.jmanage.core.auth.ACL
  Date: Apr 8, 2005 @author Rakesh Kalra
• org.modeshape.web.shared.Acl
  @author kulikov
• org.nuxeo.ecm.core.api.security.ACL
• org.openntf.domino.ACL
  The Interface that represents the access control list (ACL) of an IBM Domino database.
• org.springframework.security.acls.model.Acl
  Represents an access control list (ACL) for a domain object.

  An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the {@link org.springframework.security.acls.model.ObjectIdentity} interface.

  Implementing classes may elect to return instances that represent {@link org.springframework.security.acls.model.Permission} information for eithersome OR all {@link org.springframework.security.acls.model.Sid}instances. Therefore, an instance may NOT necessarily contain ALL Sids for a given domain object.

  @author Ben Alex

Examples of org.apache.cloudstack.api.ACL

                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Internal error executing API command " + cmd.getCommandName().substring(0, cmd.getCommandName().length() - 8));
            }

            //check access on the resource this field points to
            try {
                ACL checkAccess = field.getAnnotation(ACL.class);
                CommandType fieldType = parameterAnnotation.type();

                if (checkAccess != null) {
                    // Verify that caller can perform actions in behalf of vm owner
                    //acumulate all Controlled Entities together.

                    //parse the array of resource types and in case of map check access on key or value or both as specified in @acl
                    //implement external dao for classes that need findByName
                    //for maps, specify access to be checkd on key or value.

                    // find the controlled entity DBid by uuid
                    if (parameterAnnotation.entityType() != null) {
                        Class<?>[] entityList = parameterAnnotation.entityType()[0].getAnnotation(EntityReference.class).value();

                        for (Class entity : entityList) {
                            // Check if the parameter type is a single
                            // Id or list of id's/name's
                            switch (fieldType) {
                            case LIST:
                                CommandType listType = parameterAnnotation.collectionType();
                                switch (listType) {
                                case LONG:
                                case UUID:
                                    List<Long> listParam = (List<Long>) field.get(cmd);
                                    for (Long entityId : listParam) {
                                        Object entityObj = s_instance._entityMgr.findById(entity, entityId);
                                        entitiesToAccess.put(entityObj, checkAccess.accessType());
                                    }
                                    break;
                                    /*
                                     * case STRING: List<String> listParam =
                                     * new ArrayList<String>(); listParam =
                                     * (List)field.get(cmd); for(String
                                     * entityName: listParam){
                                     * ControlledEntity entityObj =
                                     * (ControlledEntity
                                     * )daoClassInstance(entityId);
                                     * entitiesToAccess.add(entityObj); }
                                     * break;
                                     */
                                default:
                                    break;
                                }
                                break;
                            case LONG:
                            case UUID:
                                Object entityObj = s_instance._entityMgr.findById(entity, (Long) field.get(cmd));
                                entitiesToAccess.put(entityObj, checkAccess.accessType());
                                break;
                            default:
                                break;
                            }

Examples of org.apache.wiki.auth.acl.Acl

     *                      {@link AclEntry#getPrincipal()} method returns one of these Principals will be replaced
     * @param newPrincipal  the Principal that should receive the old Principals' permissions
     * @return <code>true</code> if the Acl was actually changed; <code>false</code> otherwise
     */
    protected boolean changeAcl(WikiPage page, Principal[] oldPrincipals, Principal newPrincipal) {
        Acl acl = page.getAcl();
        boolean pageChanged = false;
        if (acl != null) {
            Enumeration<AclEntry> entries = acl.entries();
            Collection<AclEntry> entriesToAdd = new ArrayList<AclEntry>();
            Collection<AclEntry> entriesToRemove = new ArrayList<AclEntry>();
            while (entries.hasMoreElements()) {
                AclEntry entry = entries.nextElement();
                if (ArrayUtils.contains(oldPrincipals, entry.getPrincipal())) {
                    // Create new entry
                    AclEntry newEntry = new AclEntryImpl();
                    newEntry.setPrincipal(newPrincipal);
                    Enumeration<Permission> permissions = entry.permissions();
                    while (permissions.hasMoreElements()) {
                        Permission permission = permissions.nextElement();
                        newEntry.addPermission(permission);
                    }
                    pageChanged = true;
                    entriesToRemove.add(entry);
                    entriesToAdd.add(newEntry);
                }
            }
            for (Iterator<AclEntry> ix = entriesToRemove.iterator(); ix.hasNext(); ) {
                AclEntry entry = ix.next();
                acl.removeEntry(entry);
            }
            for (Iterator<AclEntry> ix = entriesToAdd.iterator(); ix.hasNext(); ) {
                AclEntry entry = ix.next();
                acl.addEntry(entry);
            }
        }
        return pageChanged;
    }

Examples of org.apache.zookeeper.data.ACL

            .retryPolicy(new RetryOneTime(1))
            .build();
        client.start();
        try
        {
            ACL acl = new ACL(ZooDefs.Perms.WRITE, ZooDefs.Ids.AUTH_IDS);
            List<ACL> aclList = Lists.newArrayList(acl);
            client.create().withACL(aclList).forPath("/test", "test".getBytes());
            client.close();

            client = builder

Examples of org.apache.zookeeper.data.ACL

                    }
                }
            };
            client.getConnectionStateListenable().addListener(listener);

            ACL acl = new ACL(ZooDefs.Perms.WRITE, ZooDefs.Ids.AUTH_IDS);
            List<ACL> aclList = Lists.newArrayList(acl);
            client.create().withACL(aclList).forPath("/test", "test".getBytes());

            server.stop();
            Assert.assertTrue(timing.awaitLatch(lostLatch));

Examples of org.apache.zookeeper.data.ACL

  }

  public ZooKeeper initZK() throws Exception{
    ZooKeeper zk = new ZooKeeper(TestConf.host, Constants.SESSION_TIMEOUT, null);
    List<ACL> acls = new ArrayList<ACL>();
    acls.add(new ACL(Perms.ALL, Ids.ANYONE_ID_UNSAFE));
    zk.create("/iserviceTest", "root".getBytes(), acls, CreateMode.PERSISTENT);
    zk.create("/iserviceTest/node1", "node1".getBytes(), acls, CreateMode.PERSISTENT);
    zk.create("/iserviceTest/node2", "node2".getBytes(), acls, CreateMode.PERSISTENT);
    zk.create("/iserviceTest/node1/node3", "node3".getBytes(), acls, CreateMode.PERSISTENT);
    zk.create("/iserviceTest/node1/node4", "node4".getBytes(), acls, CreateMode.PERSISTENT);

Examples of org.apache.zookeeper.data.ACL

  }

  public ZooKeeper initZk() throws Exception{
    ZooKeeper zk = new ZooKeeper(TestConf.host + TestConf.root, Constants.SESSION_TIMEOUT, null);
    List<ACL> acls = new ArrayList<ACL>();
    acls.add(new ACL(Perms.ALL, Ids.ANYONE_ID_UNSAFE));
    zk.create("/iserviceTest", "node1".getBytes(), acls, CreateMode.PERSISTENT);
    zk.create("/iserviceTest/node1", "node1-node1".getBytes(), acls, CreateMode.PERSISTENT);
    zk.create("/iserviceTest/node1/node1", "node1-node1-node1".getBytes(), acls, CreateMode.PERSISTENT);
    return zk;
  }

Examples of org.apache.zookeeper.data.ACL

  }

  public ZooKeeper initZk() throws Exception{
    ZooKeeper zk = new ZooKeeper(TestConf.host + TestConf.root, Constants.SESSION_TIMEOUT, null);
    List<ACL> acls = new ArrayList<ACL>();
    acls.add(new ACL(Perms.ALL, Ids.ANYONE_ID_UNSAFE));
    zk.create("/iserviceTest", "node1".getBytes(), acls, CreateMode.PERSISTENT);
    zk.create("/iserviceTest/node1", "node1-node1".getBytes(), acls, CreateMode.PERSISTENT);
    zk.create("/iserviceTest/node1/node1", "node1-node1-node1".getBytes(), acls, CreateMode.PERSISTENT);
    return zk;
  }

Examples of org.apache.zookeeper.data.ACL

  public void initZk() throws Exception{
    ZooKeeper zk = new ZooKeeper(DemoConf.host + DemoConf.root, Constants.SESSION_TIMEOUT, null);
    List<ACL> acls = new ArrayList<ACL>();
    acls.add(new ACL(Perms.ALL, Ids.ANYONE_ID_UNSAFE));

    if(zk.exists("/IserviceDemoTest", false) == null){
      zk.create("/IserviceDemoTest", "".getBytes(), acls, CreateMode.PERSISTENT);
      zk.create("/IserviceDemoTest/group1", "".getBytes(), acls, CreateMode.PERSISTENT);
      zk.create("/IserviceDemoTest/group2", "".getBytes(), acls, CreateMode.PERSISTENT);

Examples of org.apache.zookeeper.data.ACL

  }

  public void initZk() throws Exception{
    ZooKeeper zk = new ZooKeeper(DemoConf.host + DemoConf.root, Constants.SESSION_TIMEOUT, null);
    List<ACL> acls = new ArrayList<ACL>();
    acls.add(new ACL(Perms.ALL, Ids.ANYONE_ID_UNSAFE));

    if(zk.exists("/IserviceDemoTest", false) == null){
      zk.create("/IserviceDemoTest", "".getBytes(), acls, CreateMode.PERSISTENT);
      zk.create("/IserviceDemoTest/group1", "".getBytes(), acls, CreateMode.PERSISTENT);
      zk.create("/IserviceDemoTest/group2", "".getBytes(), acls, CreateMode.PERSISTENT);

Examples of org.apache.zookeeper.data.ACL

            return false;
        }
        Iterator<ACL> it = acl.iterator();
        LinkedList<ACL> toAdd = null;
        while (it.hasNext()) {
            ACL a = it.next();
            Id id = a.getId();
            if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
                // wide open
            } else if (id.getScheme().equals("auth")) {
                // This is the "auth" id, so we have to expand it to the
                // authenticated ids of the requestor
                it.remove();
                if (toAdd == null) {
                    toAdd = new LinkedList<ACL>();
                }
                boolean authIdValid = false;
                for (Id cid : authInfo) {
                    AuthenticationProvider ap = ProviderRegistry.getProvider(cid.getScheme());
                    if (ap == null) {
                        LOG.error("Missing AuthenticationProvider for "
                                + cid.getScheme());
                    } else if (ap.isAuthenticated()) {
                        authIdValid = true;
                        toAdd.add(new ACL(a.getPerms(), cid));
                    }
                }
                if (!authIdValid) {
                    return false;
                }