Examples of ACL

• co.cask.cdap.api.security.ACL
  Represents an entry in the Access Control List.
• com.cloudera.lib.service.ACL
• com.ecyrd.jspwiki.auth.acl.Acl

  Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources. An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set

  This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner" has been eliminated, since JWPWiki pages do not have owners. An additional simplification compared to the standard Java package is that negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no permissions by default, and posesses only those that have been explicitly granted to them. And finally, the getPermissions() and checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.

  @author Andrew Jaquith @since 2.3
• com.emc.atmos.api.Acl
• com.emc.esu.api.Acl
  An Access Control List (ACL) is a collection of Grants that assign privileges to users and/or groups.
• com.github.sardine.model.Acl
  xample.com/acl/users/gstein</D:href> </D:owner>
• com.google.code.com.sun.mail.imap.ACL
  An access control list entry for a particular authentication identifier (user or group). Associates a set of Rights with the identifier. See RFC 2086.

  @author Bill Shannon

• com.google.feedserver.resource.Acl
  ACL bean / resource
• com.googlecode.sardine.model.Acl
  xample.com/acl/users/gstein</D:href> </D:owner>
• com.intridea.io.vfs.operations.Acl
  ACL for S3. Usage samples: Allow everyone to read: acl.allow(Acl.Group.GUEST, Acl.Permission.READ); Allow all authorized users to read and write: Acl.Permission[] rights = {Acl.Permission.READ, Acl.Permission.WRITE}; acl.allow(Acl.Group.AUTHORIZED, rights); Deny all (owner still has access to overwrite ACL): acl.denyAll(); @author Marat Komarov @author Alex Kovalyov
• com.sun.jna.examples.win32.WinNT.ACL
• com.sun.jna.platform.win32.WinNT.ACL
  @author dblock[at]dblock[dot]org
• com.sun.mail.imap.ACL
  An access control list entry for a particular authentication identifier (user or group). Associates a set of Rights with the identifier. See RFC 2086.

  @author Bill Shannon

• de.iritgo.aktera.permissions.security.Acl
• gabriel.acl.Acl
  Access control list for managing permissions. ACLs contain entries which map principals to permissions. @author Stephan J. Schmidt @version $Id: Acl.java,v 1.2 2004/06/24 07:26:21 stephan Exp $
• hudson.security.ACL
  ins-ci.org/display/JENKINS/Making+your+plugin+behave+in+secured+Hudson
• lotus.domino.ACL
• loxia.web.annotation.Acl
• org.acegisecurity.acls.Acl
  Represents an access control list (ACL) for a domain object.

  An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the {@link org.acegisecurity.acls.objectidentity.ObjectIdentity} interface.

  An implementation represents the {@link org.acegisecurity.acls.Permission}list applicable for some or all {@link org.acegisecurity.acls.sid.Sid}instances.

  @author Ben Alex @version $Id: Acl.java 1784 2007-02-24 21:00:24Z luke_t $
• org.apache.chemistry.opencmis.commons.data.Acl
  Access Control List (ACL).
• org.apache.cloudstack.api.ACL
• org.apache.wiki.auth.acl.Acl

  Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources. An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set

  This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner" has been eliminated, since JWPWiki pages do not have owners. An additional simplification compared to the standard Java package is that negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no permissions by default, and posesses only those that have been explicitly granted to them. And finally, the getPermissions() and checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.

  @since 2.3
• org.apache.zookeeper.data.ACL
• org.apache.zookeeper_voltpatches.data.ACL
• org.glite.authz.pap.authz.ACL
  This class represents an Access Control List for the PAP authorization engine. PAP ACLs assign permissions (ie, {@link PAPPermission} objects) to PAP administrators(ie, {@link PAPAdmin} objects). @author andrea
• org.intalio.tempo.workflow.auth.ACL
• org.jboss.security.acl.ACL

  This interface represents an Access Control List (ACL), a data structure used to protect access to resources. It is composed of entries, where each entry is represented by the ALCEntry class and represents the permissions assigned to a given identity.

  When a client attempts to perform an operation on a resource, the ACL associated to the resource is used to verify if the client has enough permissions to perform that operation. In order to do that, the ACLEntry corresponding to the client's identity is retrieved and then the permission set contained in the entry is verified to decide if access should be granted or not.

  @author Stefan Guilhen
• org.jmanage.core.auth.ACL
  Date: Apr 8, 2005 @author Rakesh Kalra
• org.modeshape.web.shared.Acl
  @author kulikov
• org.nuxeo.ecm.core.api.security.ACL
• org.openntf.domino.ACL
  The Interface that represents the access control list (ACL) of an IBM Domino database.
• org.springframework.security.acls.model.Acl
  Represents an access control list (ACL) for a domain object.

  An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the {@link org.springframework.security.acls.model.ObjectIdentity} interface.

  Implementing classes may elect to return instances that represent {@link org.springframework.security.acls.model.Permission} information for eithersome OR all {@link org.springframework.security.acls.model.Sid}instances. Therefore, an instance may NOT necessarily contain ALL Sids for a given domain object.

  @author Ben Alex

Examples of org.springframework.security.acls.model.Acl

        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
                new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
                new SimpleGrantedAuthority("ROLE_GENERAL"));

        Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());

        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);

        // Create another authorization strategy
        AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(
                new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"),
                new SimpleGrantedAuthority("ROLE_THREE"));
        Acl acl2 = new AclImpl(identity, new Long(1), aclAuthorizationStrategy2, new ConsoleAuditLogger());
        // Check access in case the principal has no authorization rights
        try {
            aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL);
            fail("It should have thrown NotFoundException");
        }

Examples of org.springframework.security.acls.model.Acl

        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100);
        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
                new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
                new SimpleGrantedAuthority("ROLE_GENERAL"));

        Acl acl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger(), null, null,
                false, new PrincipalSid(auth));
        try {
            aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
        }
        catch (AccessDeniedException notExpected) {

Examples of org.springframework.security.acls.model.Acl

        List<ObjectIdentity> childOids = Arrays.asList(childOid);

        strategy.setBatchSize(6);
        Map<ObjectIdentity, Acl> foundAcls = strategy.readAclsById(childOids, sids);

        Acl foundChildAcl = foundAcls.get(childOid);
        Assert.assertNotNull(foundChildAcl);
        Assert.assertTrue(foundChildAcl.isGranted(checkPermission, sids, false));

        // Search for object identities has to be done in the following order: last element have to be one which
        // is already in cache and the element before it must not be stored in cache
        List<ObjectIdentity> allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid);
        try {
            foundAcls = strategy.readAclsById(allOids, sids);
            Assert.assertTrue(true);
        } catch (NotFoundException notExpected) {
            Assert.fail("It shouldn't have thrown NotFoundException");
        }

        Acl foundParent2Acl = foundAcls.get(parent2Oid);
        Assert.assertNotNull(foundParent2Acl);
        Assert.assertTrue(foundParent2Acl.isGranted(checkPermission, sids, false));
    }

Examples of org.springframework.security.acls.model.Acl

        }
    }

    @Test
    public void testAccessControlEntryImplGetters() {
        Acl mockAcl = mock(Acl.class);
        Sid sid = new PrincipalSid("johndoe");

        // Create a sample entry
        AccessControlEntry ace = new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid, BasePermission.ADMINISTRATION,
                true, true, true);