Examples of ACLProvider

• org.apache.curator.framework.api.ACLProvider
• org.apache.jackrabbit.core.security.authorization.acl.ACLProvider
  The ACLProvider generates access control policies out of the items stored in the workspace applying the following rules:

  • A Node is considered access controlled if an ACL has been explicitely assigned to it by adding the mixin type rep:AccessControllable and adding child node of type rep:acl that forms the acl.
  • a Property is considered 'access controlled' if its parent Node is.
  • An ACL is never assigned to a Property item.
  • A Node that is not access controlled may inherit the ACL. The ACL is inherited from the closest access controlled ancestor.
  • It may be possible that a given Node has no effective ACL, in which case some a default policy is returned that grants READ privilege to any principal and denies all other privileges.
  • an item is considered an ACL item if it is used to define an ACL. ACL items inherit the ACL from node they defined the ACL for.

  @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider for additional information.
• org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider
  CombinedProvider...
• org.jboss.security.acl.ACLProvider

  An ACLProvider is responsible for the management of the ACLs associated to the resources being protected. Implementations of this interface will tipically interact with some sort of repository, where the ACLs are stored.

  @author Stefan Guilhen

Examples of org.jboss.security.acl.ACLProvider

   {
      Set<T> entitlements = new HashSet<T>();
      int length = modules.size();
      for (int i = 0; i < length; i++)
      {
         ACLProvider module = modules.get(i);
         try
         {
            Set<T> er = module.getEntitlements(clazz, resource, identity);
            if (er == null)
               throw new AuthorizationException("module " + module.getClass().getName()
                     + " generated null entitlements.");
            entitlements.addAll(er);
         }
         catch (Exception ae)
         {

Examples of org.jboss.security.acl.ACLProvider

      boolean encounteredRequiredError = false;
      int overallDecision = DENY;

      for (int i = 0; i < super.modules.size(); i++)
      {
         ACLProvider module = super.modules.get(i);
         ControlFlag flag = super.controlFlags.get(i);
         int decision = DENY;
         try
         {
            decision = module.isAccessGranted(resource, identity, permission) ? PERMIT : DENY;
            if (trace)
               log.trace("ACL module " + module.getClass().getName() + (decision == PERMIT ? " granted " : " denied ")
                     + "access to resource " + resource);
            // if decision is PERMIT and module is SUFFICIENT, the overall result is PERMIT.
            if (decision == PERMIT)
            {
               overallDecision = PERMIT;

Examples of org.jboss.security.acl.ACLProvider

   private void invokeTeardown() throws AuthorizationException
   {
      int length = modules.size();
      for (int i = 0; i < length; i++)
      {
         ACLProvider module = modules.get(i);
         boolean bool = module.tearDown();
         if (!bool)
            throw new AuthorizationException("TearDown on module failed:" + module.getClass());
      }
      modules.clear();
   }

Examples of org.jboss.security.acl.ACLProvider

    * @throws Exception if an error occurs while running the test.
    */
   public void testACLProvider() throws Exception
   {
      // create the RoleBasedACLProvider instance.
      ACLProvider provider = new RoleBasedACLProviderImpl();
      provider.setPersistenceStrategy(this.strategy);

      // as john has role 2, he should be able to update resource 0.
      assertTrue(provider.isAccessGranted(this.resources[0], this.identity, BasicACLPermission.UPDATE));
      // none of john's roles has DELETE permission, so he should not be able to delete resource 0.
      assertFalse(provider.isAccessGranted(this.resources[0], this.identity, BasicACLPermission.DELETE));

      // now create a new identity for john that has no roles. The role-based provider should now use the
      // identity name (default impl) when checking for permissions.
      Identity identity = IdentityFactory.createIdentity("john");
      assertTrue(provider.isAccessGranted(this.resources[1], identity, new CompositeACLPermission(BasicACLPermission
            .values())));
      // access should be denied to resource 0, as that one has an ACL based on the roles.
      assertFalse(provider.isAccessGranted(this.resources[0], identity, BasicACLPermission.READ));
   }