Re: ETA for java.security.acl?

Satish Dharmaraj (satishd@doppio)
Thu, 27 Feb 1997 17:10:07 -0800

Date: Thu, 27 Feb 1997 17:10:07 -0800
From: satishd@doppio (Satish Dharmaraj)
Message-Id: <199702280110.RAA19045@nine.eng.sun.com>
To: guthery@austin.sar.slb.com, mrm@Eng
Subject: Re: ETA for java.security.acl?

As Marianne rightly points out, the java server ships with an implementation
of the ACL interfaces that will be supported. The implementation resides in
the JDK as unsupported in the package sun.security.acl.
They all have Impl classes (like PrincipalImpl, AclImpl etc ..) that conform
to the interface specified in java.security.acl. This might be moved up to be
supported APIs if we think its required in future JDK releases. But the server
product ships with the APIs that are in the implementation.

Marianne's points about the ACL being there but not being enforced is ofcourse
valid.

Thanks
Satish Dharmaraj

> From mrm@doppio Thu Feb 27 16:34:00 1997
> Date: Thu, 27 Feb 1997 16:31:58 -0800
> From: Marianne Mueller <mrm@Eng>
> To: guthery@austin.sar.slb.com
> CC: java-security@java.eng.sun.com
> Subject: Re: ETA for java.security.acl?
>
> Sorry if we're confusing the issue!
>
> The java.security.acl interface is implemented by the classes in
> sun.security.acl, but note that the sun.* hierarchy isn't documented
> or supported (and it's subject to change.)
>
> The Java Server project is using the acl implementation as part of the
> web server. (See http://java.sun.com/products/java-server for more
> info.) However, the ACL package itself doesn't enforce the ACLs; the
> web server took on the job of enforcing the semantics of the acls.
> The acl classes were useful to the server folks in that they provided
> the objects for access control, but, the server enforces all the the
> access semantics.
>
> In other words, the enforcement of the acls isn't in the
> sun.security.acl package.
>
> If your application uses those acls, then you'll need to enforce the
> access semantics.
>
> Going forward ...
>
> We are working on the infrastructure for defining rights in the JDK.
> The infrastructure defines a way to specify the permission associated
> with a protected resource, and it enforces the permission. You can
> also define your own type (or category) of permission, and supply a
> method for enforcing access. We hope this infrastructure in the JDK
> will be useful and easy to use for access control.
>
> Marianne
>
>
>
>
>