001 /* 002 Licensed to the Apache Software Foundation (ASF) under one 003 or more contributor license agreements. See the NOTICE file 004 distributed with this work for additional information 005 regarding copyright ownership. The ASF licenses this file 006 to you under the Apache License, Version 2.0 (the 007 "License"); you may not use this file except in compliance 008 with the License. You may obtain a copy of the License at 009 010 http://www.apache.org/licenses/LICENSE-2.0 011 012 Unless required by applicable law or agreed to in writing, 013 software distributed under the License is distributed on an 014 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 KIND, either express or implied. See the License for the 016 specific language governing permissions and limitations 017 under the License. 018 */ 019 package org.apache.wiki.auth.acl; 020 021 import java.security.Permission; 022 import java.security.Principal; 023 import java.util.Enumeration; 024 025 /** 026 * <p> 027 * Defines an access control list (ACL) for wiki pages. An Access Control List 028 * is a data structure used to guard access to resources. An ACL can be thought 029 * of as a data structure with multiple ACL entries. Each ACL entry, of 030 * interface type AclEntry, contains a set of positive permissions associated 031 * with a particular principal. (A principal represents an entity such as an 032 * individual user or a group). The ACL Entries in each ACL observe the 033 * following rules: 034 * </p> 035 * <ul> 036 * <li>Each principal can have at most one ACL entry; that is, multiple ACL 037 * entries are not allowed for any principal. Each entry specifies the set of 038 * permissions that are to be granted</li> 039 * <li>If there is no entry for a particular principal, then the principal is 040 * considered to have a null (empty) permission set</li> 041 * </ul> 042 * <p> 043 * This interface is a highly stripped-down derivation of the 044 * java.security.acl.Acl interface. In particular, the notion of an Acl "owner" 045 * has been eliminated, since JWPWiki pages do not have owners. An additional 046 * simplification compared to the standard Java package is that negative 047 * permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" 048 * security stance: principals are granted no permissions by default, and 049 * posesses only those that have been explicitly granted to them. And finally, 050 * the getPermissions() and checkPermission() methods have been eliminated due 051 * to the complexities associated with resolving Role principal membership. 052 * </p> 053 * @since 2.3 054 */ 055 public interface Acl 056 { 057 /** 058 * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an 059 * individual or a group) with a set of permissions. Each principal can have 060 * at most one positive ACL entry, specifying permissions to be granted to 061 * the principal. If there is already an ACL entry already in the ACL, false 062 * is returned. 063 * @param entry - the ACL entry to be added to this ACL 064 * @return true on success, false if an entry of the same type (positive or 065 * negative) for the same principal is already present in this ACL 066 */ 067 boolean addEntry( AclEntry entry ); 068 069 /** 070 * Returns an enumeration of the entries in this ACL. Each element in the 071 * enumeration is of type AclEntry. 072 * @return an enumeration of the entries in this ACL. 073 */ 074 Enumeration< AclEntry > entries(); 075 076 /** 077 * Returns <code>true</code>, if this Acl is empty. 078 * @return the result 079 * @since 2.4.68 080 */ 081 boolean isEmpty(); 082 083 /** 084 * Returns all Principal objects assigned a given Permission in the access 085 * control list. The Princiapls returned are those that have been granted 086 * either the supplied permission, or a permission implied by the supplied 087 * permission. Principals are not "expanded" if they are a role or group. 088 * @param permission the permission to search for 089 * @return an array of Principals posessing the permission 090 */ 091 Principal[] findPrincipals( Permission permission ); 092 093 /** 094 * Returns an AclEntry for a supplied Principal, or <code>null</code> if 095 * the Principal does not have a matching AclEntry. 096 * @param principal the principal to search for 097 * @return the AclEntry associated with the principal, or <code>null</code> 098 */ 099 AclEntry getEntry( Principal principal ); 100 101 /** 102 * Removes an ACL entry from this ACL. 103 * @param entry the ACL entry to be removed from this ACL 104 * @return true on success, false if the entry is not part of this ACL 105 */ 106 boolean removeEntry( AclEntry entry ); 107 108 /** 109 * Returns a string representation of the contents of this Acl. 110 * @return the string representation 111 */ 112 String toString(); 113 114 }