Examples of ACL

• co.cask.cdap.api.security.ACL
  Represents an entry in the Access Control List.
• com.cloudera.lib.service.ACL
• com.ecyrd.jspwiki.auth.acl.Acl

  Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources. An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set

  This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner" has been eliminated, since JWPWiki pages do not have owners. An additional simplification compared to the standard Java package is that negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no permissions by default, and posesses only those that have been explicitly granted to them. And finally, the getPermissions() and checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.

  @author Andrew Jaquith @since 2.3
• com.emc.atmos.api.Acl
• com.emc.esu.api.Acl
  An Access Control List (ACL) is a collection of Grants that assign privileges to users and/or groups.
• com.github.sardine.model.Acl
  xample.com/acl/users/gstein</D:href> </D:owner>
• com.google.code.com.sun.mail.imap.ACL
  An access control list entry for a particular authentication identifier (user or group). Associates a set of Rights with the identifier. See RFC 2086.

  @author Bill Shannon

• com.google.feedserver.resource.Acl
  ACL bean / resource
• com.googlecode.sardine.model.Acl
  xample.com/acl/users/gstein</D:href> </D:owner>
• com.intridea.io.vfs.operations.Acl
  ACL for S3. Usage samples: Allow everyone to read: acl.allow(Acl.Group.GUEST, Acl.Permission.READ); Allow all authorized users to read and write: Acl.Permission[] rights = {Acl.Permission.READ, Acl.Permission.WRITE}; acl.allow(Acl.Group.AUTHORIZED, rights); Deny all (owner still has access to overwrite ACL): acl.denyAll(); @author Marat Komarov @author Alex Kovalyov
• com.sun.jna.examples.win32.WinNT.ACL
• com.sun.jna.platform.win32.WinNT.ACL
  @author dblock[at]dblock[dot]org
• com.sun.mail.imap.ACL
  An access control list entry for a particular authentication identifier (user or group). Associates a set of Rights with the identifier. See RFC 2086.

  @author Bill Shannon

• de.iritgo.aktera.permissions.security.Acl
• gabriel.acl.Acl
  Access control list for managing permissions. ACLs contain entries which map principals to permissions. @author Stephan J. Schmidt @version $Id: Acl.java,v 1.2 2004/06/24 07:26:21 stephan Exp $
• hudson.security.ACL
  ins-ci.org/display/JENKINS/Making+your+plugin+behave+in+secured+Hudson
• lotus.domino.ACL
• loxia.web.annotation.Acl
• org.acegisecurity.acls.Acl
  Represents an access control list (ACL) for a domain object.

  An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the {@link org.acegisecurity.acls.objectidentity.ObjectIdentity} interface.

  An implementation represents the {@link org.acegisecurity.acls.Permission}list applicable for some or all {@link org.acegisecurity.acls.sid.Sid}instances.

  @author Ben Alex @version $Id: Acl.java 1784 2007-02-24 21:00:24Z luke_t $
• org.apache.chemistry.opencmis.commons.data.Acl
  Access Control List (ACL).
• org.apache.cloudstack.api.ACL
• org.apache.wiki.auth.acl.Acl

  Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources. An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set

  This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner" has been eliminated, since JWPWiki pages do not have owners. An additional simplification compared to the standard Java package is that negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no permissions by default, and posesses only those that have been explicitly granted to them. And finally, the getPermissions() and checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.

  @since 2.3
• org.apache.zookeeper.data.ACL
• org.apache.zookeeper_voltpatches.data.ACL
• org.glite.authz.pap.authz.ACL
  This class represents an Access Control List for the PAP authorization engine. PAP ACLs assign permissions (ie, {@link PAPPermission} objects) to PAP administrators(ie, {@link PAPAdmin} objects). @author andrea
• org.intalio.tempo.workflow.auth.ACL
• org.jboss.security.acl.ACL

  This interface represents an Access Control List (ACL), a data structure used to protect access to resources. It is composed of entries, where each entry is represented by the ALCEntry class and represents the permissions assigned to a given identity.

  When a client attempts to perform an operation on a resource, the ACL associated to the resource is used to verify if the client has enough permissions to perform that operation. In order to do that, the ACLEntry corresponding to the client's identity is retrieved and then the permission set contained in the entry is verified to decide if access should be granted or not.

  @author Stefan Guilhen
• org.jmanage.core.auth.ACL
  Date: Apr 8, 2005 @author Rakesh Kalra
• org.modeshape.web.shared.Acl
  @author kulikov
• org.nuxeo.ecm.core.api.security.ACL
• org.openntf.domino.ACL
  The Interface that represents the access control list (ACL) of an IBM Domino database.
• org.springframework.security.acls.model.Acl
  Represents an access control list (ACL) for a domain object.

  An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the {@link org.springframework.security.acls.model.ObjectIdentity} interface.

  Implementing classes may elect to return instances that represent {@link org.springframework.security.acls.model.Permission} information for eithersome OR all {@link org.springframework.security.acls.model.Sid}instances. Therefore, an instance may NOT necessarily contain ALL Sids for a given domain object.

  @author Ben Alex

Examples of org.springframework.security.acls.model.Acl

        ObjectIdentity oid = mock(ObjectIdentity.class);
        ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
        when(oidStrategy.getObjectIdentity(anyObject())).thenReturn(oid);
        pe.setObjectIdentityRetrievalStrategy(oidStrategy);
        pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
        Acl acl = mock(Acl.class);

        when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
        when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);

        assertTrue(pe.hasPermission(mock(Authentication.class), new Object(), "READ"));
    }

Examples of org.springframework.security.acls.model.Acl

            logger.debug("Checking permission '" + permission + "' for object '" + oid + "'");
        }

        try {
            // Lookup only ACLs for SIDs we're interested in
            Acl acl = aclService.readAclById(oid, sids);

            if (acl.isGranted(requiredPermission, sids, false)) {
                if (debug) {
                    logger.debug("Access is granted");
                }

                return true;

Examples of org.springframework.security.acls.model.Acl

            ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);

            // Obtain the SIDs applicable to the principal
            List<Sid> sids = sidRetrievalStrategy.getSids(authentication);

            Acl acl;

            try {
                // Lookup only ACLs for SIDs we're interested in
                acl = aclService.readAclById(objectIdentity, sids);
            } catch (NotFoundException nfe) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Voting to deny access - no ACLs apply for this principal");
                }

                return ACCESS_DENIED;
            }

            try {
                if (acl.isGranted(requirePermission, sids, false)) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Voting to grant access");
                    }

                    return ACCESS_GRANTED;

Examples of org.springframework.security.acls.model.Acl

        // Obtain the SIDs applicable to the principal
        List<Sid> sids = sidRetrievalStrategy.getSids(authentication);

        try {
            // Lookup only ACLs for SIDs we're interested in
            Acl acl = aclService.readAclById(objectIdentity, sids);

            return acl.isGranted(requirePermission, sids, false);
        } catch (NotFoundException ignore) {
            return false;
        }
    }

Examples of org.springframework.security.acls.model.Acl

        MutableAcl child = jdbcMutableAclService.createAcl(childOid);
        child.setParent(middleParent);
        jdbcMutableAclService.updateAcl(middleParent);
        jdbcMutableAclService.updateAcl(child);
        // Check the childOid really is a child of middleParentOid
        Acl childAcl = jdbcMutableAclService.readAclById(childOid);

        assertEquals(middleParentOid, childAcl.getParentAcl().getObjectIdentity());

        // Delete the mid-parent and test if the child was deleted, as well
        jdbcMutableAclService.deleteAcl(middleParentOid, true);

        try {
            jdbcMutableAclService.readAclById(middleParentOid);
            fail("It should have thrown NotFoundException");
        }
        catch (NotFoundException expected) {
            assertTrue(true);
        }
        try {
            jdbcMutableAclService.readAclById(childOid);
            fail("It should have thrown NotFoundException");
        }
        catch (NotFoundException expected) {
            assertTrue(true);
        }

        Acl acl = jdbcMutableAclService.readAclById(topParentOid);
        assertNotNull(acl);
        assertEquals(((MutableAcl) acl).getObjectIdentity(), topParentOid);
    }

Examples of org.springframework.security.acls.model.Acl

        // Create the acl_object_identity row
        createObjectIdentity(objectIdentity, sid);

        // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
        Acl acl = readAclById(objectIdentity);
        Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

        return (MutableAcl) acl;
    }

Examples of org.springframework.security.acls.model.Acl

                aclFound = true;
            }

            // Check cache for the present ACL entry
            if (!aclFound) {
                Acl acl = aclCache.getFromCache(oid);

                // Ensure any cached element supports all the requested SIDs
                // (they should always, as our base impl doesn't filter on SID)
                if (acl != null) {
                    if (acl.isSidLoaded(sids)) {
                        result.put(acl.getObjectIdentity(), acl);
                        aclFound = true;
                    } else {
                        throw new IllegalStateException(
                            "Error: SID-filtered element detected when implementation does not perform SID filtering "
                                    + "- have you added something to the cache manually?");

Examples of org.springframework.security.acls.model.Acl

        for (Acl inputAcl : acls.values()) {
            Assert.isInstanceOf(AclImpl.class, inputAcl, "Map should have contained an AclImpl");
            Assert.isInstanceOf(Long.class, ((AclImpl) inputAcl).getId(), "Acl.getId() must be Long");

            Acl result = convert(acls, (Long) ((AclImpl) inputAcl).getId());
            resultMap.put(result.getObjectIdentity(), result);
        }

        return resultMap;
    }

Examples of org.springframework.security.acls.model.Acl

    private AclImpl convert(Map<Serializable, Acl> inputMap, Long currentIdentity) {
        Assert.notEmpty(inputMap, "InputMap required");
        Assert.notNull(currentIdentity, "CurrentIdentity required");

        // Retrieve this Acl from the InputMap
        Acl uncastAcl = inputMap.get(currentIdentity);
        Assert.isInstanceOf(AclImpl.class, uncastAcl, "The inputMap contained a non-AclImpl");

        AclImpl inputAcl = (AclImpl) uncastAcl;

        Acl parent = inputAcl.getParentAcl();

        if ((parent != null) && parent instanceof StubAclParent) {
            // Lookup the parent
            StubAclParent stubAclParent = (StubAclParent) parent;
            parent = convert(inputMap, stubAclParent.getId());

Examples of org.springframework.security.acls.model.Acl

         */
        private void convertCurrentResultIntoObject(Map<Serializable, Acl> acls, ResultSet rs) throws SQLException {
            Long id = new Long(rs.getLong("acl_id"));

            // If we already have an ACL for this ID, just create the ACE
            Acl acl = acls.get(id);

            if (acl == null) {
                // Make an AclImpl and pop it into the Map
                ObjectIdentity objectIdentity = new ObjectIdentityImpl(rs.getString("class"),
                        Long.valueOf(rs.getLong("object_id_identity")));

                Acl parentAcl = null;
                long parentAclId = rs.getLong("parent_object");

                if (parentAclId != 0) {
                    parentAcl = new StubAclParent(Long.valueOf(parentAclId));
                }