Project JXTA

net.jxta.impl.access.simpleACL
Class SimpleACLAccessService

java.lang.Object
  extended bynet.jxta.impl.access.simpleACL.SimpleACLAccessService
All Implemented Interfaces:
AccessService, Module, Service

public class SimpleACLAccessService
extends Object
implements AccessService

Implements the AccessService using a simple ACL scheme.

The ACL table is read from the group advertisement. Each perm entry of the Access Service parameters in the group adv is assumed to be a permission in the following format:

    <operation> ":" ( <identity> )* ( "," <identity> )*
 

A sample ACL table extracted from a PeerGroupAdvertisement:

 ...
 <Svc>
   <MCID>urn:jxta:uuid-DEADBEEFDEAFBABAFEEDBABE0000001005</MCID>
   <Parm>
     <perm>&lt;&lt;DEFAULT>>:nobody,permit</perm>
     <perm>everyone:&lt;&lt;ALL>></perm>
     <perm>permit:nobody,permit,allow</perm>
     <perm>deny:notpermit,notallow</perm>
   </Parm>
 </Svc>
 ...
 

If <<ALL>> is provided as an identity then the operation is permitted for all valid credentials.

if <<DEFAULT>> is provided as an operation then the provided identities will be allowed for all operations which are not recognized.

This implementation makes no effort to ensure that the permission table has not been altered. It is not appropriate for use in security sensitive deployments unless the integrity of the group advertisement is ensured.

See Also:
AccessService

Nested Class Summary
 
Nested classes inherited from class net.jxta.access.AccessService
AccessService.AccessResult
 
Field Summary
(package private)  Map ACLs
          The ACLs we are supporting.
(package private)  PeerGroup group
           
(package private)  ModuleImplAdvertisement implAdvertisement
           
static ModuleSpecID simpleACLAccessSpecID
          Well known access specification identifier: the simple ACL access service
 
Fields inherited from interface net.jxta.platform.Module
START_AGAIN_PROGRESS, START_AGAIN_STALLED, START_OK
 
Constructor Summary
SimpleACLAccessService()
          The default constructor
 
Method Summary
 AccessService.AccessResult doAccessCheck(PrivilegedOperation op, Credential cred)
          
 Advertisement getImplAdvertisement()
          
 Service getInterface()
          
(package private)  PeerGroup getPeerGroup()
          {@inheritDoc}
 void init(PeerGroup group, ID assignedID, Advertisement implAdv)
          
 PrivilegedOperation newPrivilegedOperation(Element source)
          
 PrivilegedOperation newPrivilegedOperation(Object subject, Credential offerer)
          
 int startApp(String[] args)
          
 void stopApp()
          
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

simpleACLAccessSpecID

public static final ModuleSpecID simpleACLAccessSpecID
Well known access specification identifier: the simple ACL access service


group

PeerGroup group

implAdvertisement

ModuleImplAdvertisement implAdvertisement

ACLs

Map ACLs
The ACLs we are supporting.

Constructor Detail

SimpleACLAccessService

public SimpleACLAccessService()
The default constructor

Method Detail

init

public void init(PeerGroup group,
                 ID assignedID,
                 Advertisement implAdv)
          throws PeerGroupException

Specified by:
init in interface Module
Throws:
PeerGroupException

startApp

public int startApp(String[] args)

Specified by:
startApp in interface Module

stopApp

public void stopApp()

Specified by:
stopApp in interface Module

getImplAdvertisement

public Advertisement getImplAdvertisement()

Specified by:
getImplAdvertisement in interface Service

getInterface

public Service getInterface()

Specified by:
getInterface in interface Service

doAccessCheck

public AccessService.AccessResult doAccessCheck(PrivilegedOperation op,
                                                Credential cred)

Specified by:
doAccessCheck in interface AccessService

newPrivilegedOperation

public PrivilegedOperation newPrivilegedOperation(Object subject,
                                                  Credential offerer)

Specified by:
newPrivilegedOperation in interface AccessService

newPrivilegedOperation

public PrivilegedOperation newPrivilegedOperation(Element source)

Specified by:
newPrivilegedOperation in interface AccessService

getPeerGroup

PeerGroup getPeerGroup()
{@inheritDoc}


JXTA J2SE