Date: Wed, 15 Apr 1998 16:26:04 -0700
From: yau@mail.intertopUSA.com (Da-Wei Yau)
To: java-security@web2.javasoft.com
Subject: Access Control Lists
This is a multi-part message in MIME format.
--------------DCFA5244F8818D5F5B2A8E18
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
In the doc page
http://java.sun.com/products/jdk/1.1/docs/guide/security/Acl.html,
should the "Resulting Permissions" in the last two rows in the "Example
permission calculations" be "B+C-A" and "B-A" instead of "B+C" and "B"?
Because the individual permissions can override group permissions.
Thanks
Dawei Yau
Software Engineer
Intertop Corp.
12950 Saratoga Ave. Suite A
Saratoga, CA 95070
TEL: (408) 873-2400 ext 236
FAX: (408) 873-2428
E-mail: yau@intertopUSA.com
--------------DCFA5244F8818D5F5B2A8E18
Content-Type: text/html; charset=us-ascii; name="Acl.html"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="Acl.html"
Content-Base: "http://java.sun.com/products/jdk/1.1/d
ocs/guide/security/Acl.html"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
An Access Control List (ACL) is a data structure that guards access to resources. The java.security.acl package provides the interface to such a data structure and the sun.security.acl package provides a default implementation of the interfaces specified in the java.security.acl package.
Note: This API is not used internally for JDK system security. Also, it will undergo substantial revision and extension in the next release to provide full access control support. This document describes the current (JDK 1.1 and JDK 1.1.1) interfaces.
An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). Additionally, each ACL entry is specified as being either positive or negative. If positive, the permissions are to be granted to the associated principal. If negative, the permissions are to be denied.
An access control list is independent of the authentication scheme used to verify the validity of the principal. It is also independent of the encryption scheme used to transmit the data across the network. The ACL is consulted after the authentication phase. After the principal is verified to be an authenticated user in the system, the principal might access resources. For each such resource, the principal might or might not be granted access depending on the permissions that are granted to the principal in the ACL that guards the resource. The ACL itself is independent of the resource that it guards. The ACL can be consulted to find the list of permissions a particular principal has or to find out whether or not a principal is granted a particular permission.
An ACL is an object that implements the java.security.acl.Acl interface. Each Acl is a list of AclEntry objects. Each AclEntry associates a Principal or a Group object to a list of Permission objects. (Note: Group is a subclass of Principal.) Each AclEntry can also be designated as a positive entry or a negative entry. A positive entry grants the list of permissions in the entry to the principal or group and a negative entry denies the list of permissions to the principal or group.
When calculating the net permissions a principal is granted, the following rules are used.
Assume that a principal P belongs to groups G1 and G2. The table below shows 5 columns using some examples of permissions given to G1, G2 and P. The resulting permissions granted to P are shown in the last column.
Group G1 Permissions | Group G2 Permissions | Union (G1, G2) perms | Individual Permissions | Resulting Permissions | ||
---|---|---|---|---|---|---|
Positive | A | B | A+B | C | A+B+C | |
Negative | null set | null set | null set | null set | ||
Positive | A | B | B | C | B+C | |
Negative | -C | -A | -C | null set | ||
Positive | A | B | A+B | C | B+C | |
Negative | null set | null set | null set | -A | ||
Positive | A | C | A | B | B | |
Negative | -C | -B | -B | -A |
/* Note: This sample program is meant just as an example * of the types of things that can be done with an * implementation of the java.security.acl interfaces. * This example uses the implementation supplied by the * sun.security.acl package. Please note that sun.* classes * are unsupported and subject to change. */ import java.security.Principal; import java.security.acl.*; import sun.security.acl.*; import java.util.Enumeration; public class AclEx { public static void main(String argv[]) throws Exception { Principal p1 = new PrincipalImpl("user1"); Principal p2 = new PrincipalImpl("user2"); Principal owner = new PrincipalImpl("owner"); Permission read = new PermissionImpl("READ"); Permission write = new PermissionImpl("WRITE"); System.out.println("Creating a new group with two members: user1 and user2"); Group g = new GroupImpl("group1"); g.addMember(p1); g.addMember(p2); // // create a new acl with the name "exampleAcl" // System.out.println("Creating a new Acl named 'exampleAcl'"); Acl acl = new AclImpl(owner, "exampleAcl"); // // Allow group all permissions // System.out.println("Creating a new Acl Entry in exampleAcl for the group, "); System.out.println(" with read & write permissions"); AclEntry entry1 = new AclEntryImpl(g); entry1.addPermission(read); entry1.addPermission(write); acl.addEntry(owner, entry1); // // Take away WRITE permissions for // user1. All others in groups still have // WRITE privileges. // System.out.println("Creating a new Acl Entry in exampleAcl for user1"); System.out.println(" without write permission"); AclEntry entry2 = new AclEntryImpl(p1); entry2.addPermission(write); entry2.setNegativePermissions(); acl.addEntry(owner, entry2); // // This enumeration is an enumeration of // Permission interfaces. It should return // only "READ" permission. Enumeration e1 = acl.getPermissions(p1); System.out.println("Permissions for user1 are:"); while (e1.hasMoreElements()) { System.out.println(" " + e1.nextElement()); }; // // This enumeration should have "READ" and"WRITE" // permissions. Enumeration e2 = acl.getPermissions(p2); System.out.println("Permissions for user2 are:"); while (e2.hasMoreElements()) { System.out.println(" " + e2.nextElement()); }; // This should return false. boolean b1 = acl.checkPermission(p1, write); System.out.println("user1 has write permission: " + b1); // This should all return true; boolean b2 = acl.checkPermission(p1, read); boolean b3 = acl.checkPermission(p2, read); boolean b4 = acl.checkPermission(p2, write); System.out.println("user1 has read permission: " + b2); System.out.println("user2 has read permission: " + b3); System.out.println("user2 has write permission: " + b4); } }
--------------DCFA5244F8818D5F5B2A8E18--