Re: ETA for java.security.acl?

Marianne Mueller (mrm@eng.sun.com)
Thu, 27 Feb 1997 16:31:58 -0800

Date: Thu, 27 Feb 1997 16:31:58 -0800
Message-Id: <199702280031.QAA04945@puffin.eng.sun.com>
From: Marianne Mueller <mrm@eng.sun.com>
To: guthery@austin.sar.slb.com
Subject: Re: ETA for java.security.acl?

Sorry if we're confusing the issue!

The java.security.acl interface is implemented by the classes in
sun.security.acl, but note that the sun.* hierarchy isn't documented
or supported (and it's subject to change.)

The Java Server project is using the acl implementation as part of the
web server. (See http://java.sun.com/products/java-server for more
info.) However, the ACL package itself doesn't enforce the ACLs; the
web server took on the job of enforcing the semantics of the acls.
The acl classes were useful to the server folks in that they provided
the objects for access control, but, the server enforces all the the
access semantics.

In other words, the enforcement of the acls isn't in the
sun.security.acl package.

If your application uses those acls, then you'll need to enforce the
access semantics.

Going forward ...

We are working on the infrastructure for defining rights in the JDK.
The infrastructure defines a way to specify the permission associated
with a protected resource, and it enforces the permission. You can
also define your own type (or category) of permission, and supply a
method for enforcing access. We hope this infrastructure in the JDK
will be useful and easy to use for access control.

Marianne