Re: help: new to java security

Roland Schemers (Roland.Schemers@Eng)
Wed, 16 Apr 1997 12:00:49 -0700 (PDT)

Date: Wed, 16 Apr 1997 12:00:49 -0700 (PDT)
From: Roland Schemers <Roland.Schemers@Eng>
Subject: Re: help: new to java security
To: java-security@web2.javasoft.com, guo@osf.org

> Date: Wed, 16 Apr 1997 10:39:00 -0400
> From: guo <guo@osf.org>
> MIME-Version: 1.0
> To: java-security@web2.javasoft.com
> CC: guo@opengroup.org
> Subject: help: new to java security
> Content-Transfer-Encoding: 7bit
>
> I cut and paste the Example in "Security in JDK 1.1 Access Control
> Abstractions", and try to compile it. I get error
>
>

There were about 3 or 4 errors in the example you had:

1. it didn't have a method, so I wrapped everything in a main
2. I had to import a few more things
3. I made main throw an exception because one of the acl routines
can throw an exception
4. there is no Group.setMember method, I changed it addMember.

I think that was about it. Can you tell me where you got the example
from so I can check it?

thanks, roland

import java.security.Principal;
import java.security.acl.*;
import sun.security.acl.*;
import java.util.Enumeration;

public class example {

public static void main(String argv[])
throws Exception
{

Principal p1 = new PrincipalImpl("user1");
Principal p2 = new PrincipalImpl("user2");
Principal owner = new PrincipalImpl("owner");

Permission read = new PermissionImpl("READ");
Permission write = new PermissionImpl("WRITE");

Group g = new GroupImpl("group1");
g.addMember(p1);
g.addMember(p2);

//
// create a new acl with the name "exampleAcl"
//
Acl acl = new AclImpl(owner, "exampleAcl");

//
// Allow group all permissions
//
AclEntry entry1 = new AclEntryImpl(g);
entry1.addPermission(read);
entry1.addPermission(write);
acl.addEntry(owner, entry1);

//
// Take away WRITE permissions for
// user1. All others in groups still have
// WRITE privileges.
//
AclEntry entry2 = new AclEntryImpl(p1);
entry2.addPermission(write);
entry2.setNegativePermissions();
acl.addEntry(owner, entry2);

//
// This enumeration is an enumeration of
// Permission interfaces. It should return
// only "READ" permission.
Enumeration e1 = acl.getPermissions(p1);

//
// This enumeration should have "READ" and"WRITE"
// permissions.
Enumeration e2 = acl.getPermissions(p2);

// This should return false.
boolean b1 = acl.checkPermission(p1, write);

// This should all return true;
boolean b2 = acl.checkPermission(p1, read);
boolean b3 = acl.checkPermission(p2, read);
boolean b4 = acl.checkPermission(p2, write);
}
}