Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.entityfs.ac.uem
Class UnixEntityModeAccessController

java.lang.Object
  extended by org.entityfs.AbstractAccessController
      extended by org.entityfs.ac.uem.UnixEntityModeAccessController
All Implemented Interfaces:
AccessController
public class UnixEntityModeAccessController
extends AbstractAccessController

This is an AccessController that uses the UID, GID and UnixEntityMode of an entity's EntityAttributes to decide if an UidGidSubject has access to it. This requires that the file system supports some kind of EntityAttributes capability with attributes that are UidGidAttributes and UnixEntityModeAttributes. (Both MetadataNtfsAttributesCapabilityProvider and MetadataUnixAttributesCapabilityProvider do this.)

Since an entity's attributes is a property of its parent directory, this access controller, if the file system where it is used is locking, requires locks on the entity's parent directory to be able to perform access control verifications. A consequence of this is that the regular utility classes, such as Entities or Directories won't work for file systems where this access controller is used because they don't acquire the required locks. Instead, clients must use entity methods directly. How this is done is documented in the AccessController interface and in the programmer's guide.

The root directory of a file system does not have any entity attributes. Permissions for the root directory are set manually through different setter methods on this object.

Since:
1.0
Author:
Karl Gustafsson
See Also:
AccessController
In_jar:
entityfs-entity_attributes

Constructor Summary
UnixEntityModeAccessController()
           
 
Method Summary
 Collection<? extends LockCommand> getLockCommandsForAccessControl(Entity ent)
          Get the collection of lock commands that have to be executed in order to get all required locks for performing an access control on the supplied entity.
 int getRootDirectoryGid()
          Get the owner GID of the root directory.
 UnixEntityMode getRootDirectoryMode()
          Get the permission mode for the root directory.
 int getRootDirectoryUid()
          Get the owner UID of the root directory.
 boolean hasPermission(Permission p)
          Does the current Subject have the permission? It is up to the access controller implementation to know how to find the current subject.
 boolean isAuthorizedWhenNoSubjectSet()
          If no Subject is set on a thread, is it authorized for all entities? If not, it is not authorized for any entity at all.
 boolean isEnabled()
          Check if the AccessController is enabled.
 UnixEntityModeAccessController setAuthorizedWhenNoSubjectSet(boolean b)
          If no Subject is set on a thread, should it be authorized for all entities? If not, the thread is not authorized for any entity at all.
 UnixEntityModeAccessController setRootDirectoryGid(int gid)
          Set the owner GID of the root directory.
 UnixEntityModeAccessController setRootDirectoryMode(UnixEntityMode m)
          Set the permission mode for the root directory.
 UnixEntityModeAccessController setRootDirectoryUid(int uid)
          Set the owner UID of the root directory.
 
Methods inherited from class org.entityfs.AbstractAccessController
checkPermission, getSubject, setSubject
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UnixEntityModeAccessController

public UnixEntityModeAccessController()
Method Detail

setAuthorizedWhenNoSubjectSet

public UnixEntityModeAccessController setAuthorizedWhenNoSubjectSet(boolean b)
If no Subject is set on a thread, should it be authorized for all entities? If not, the thread is not authorized for any entity at all.

The default value is false.

Parameters:
b - Should Subject-less threads be authorized for all entities?
Returns:
this.

isAuthorizedWhenNoSubjectSet

public boolean isAuthorizedWhenNoSubjectSet()
If no Subject is set on a thread, is it authorized for all entities? If not, it is not authorized for any entity at all.

Returns:
true if a Subject-less thread is authorized for all entities.

setRootDirectoryUid

public UnixEntityModeAccessController setRootDirectoryUid(int uid)
                                                   throws IllegalArgumentException
Set the owner UID of the root directory. Default is UID 0.

Parameters:
uid - The new owner UID of the root directory.
Returns:
this
Throws:
IllegalArgumentException - If the UID is less than zero.

getRootDirectoryUid

public int getRootDirectoryUid()
Get the owner UID of the root directory.

Returns:
The owner UID of the root directory.

setRootDirectoryGid

public UnixEntityModeAccessController setRootDirectoryGid(int gid)
                                                   throws IllegalArgumentException
Set the owner GID of the root directory. Default is GID 0.

Parameters:
gid - The new owner GID of the root directory.
Returns:
this
Throws:
IllegalArgumentException - If the GID is less than zero.

getRootDirectoryGid

public int getRootDirectoryGid()
Get the owner GID of the root directory.

Returns:
The owner GID of the root directory.

setRootDirectoryMode

public UnixEntityModeAccessController setRootDirectoryMode(UnixEntityMode m)
Set the permission mode for the root directory. Default is 0775 (owner and group has full access, others read and execute permissions).

Parameters:
m - The new permissions for the root directory.
Returns:
this

getRootDirectoryMode

public UnixEntityMode getRootDirectoryMode()
Get the permission mode for the root directory.

Returns:
The root directory's permission mode.

isEnabled

public boolean isEnabled()
Description copied from interface: AccessController
Check if the AccessController is enabled. A disabled access controller grants all access requests.

Returns:
true if this access controller is enabled.

hasPermission

public boolean hasPermission(Permission p)
Description copied from interface: AccessController
Does the current Subject have the permission? It is up to the access controller implementation to know how to find the current subject. Most implementations will use some kind of ThreadLocal to store the subject.

The AccessController.checkPermission(Permission) method performs the same checks as this method, but throws an AccessDeniedException if the subject does not have the requested permission.

Parameters:
p - The permission. When EntityFS methods are calling this method, this is always an EntityPermission.
Returns:
true if the subject has the permission, false if not.
See Also:
AccessController.checkPermission(Permission)

getLockCommandsForAccessControl

public Collection<? extends LockCommand> getLockCommandsForAccessControl(Entity ent)
Description copied from interface: AccessController
Get the collection of lock commands that have to be executed in order to get all required locks for performing an access control on the supplied entity.

Specified by:
getLockCommandsForAccessControl in interface AccessController
Overrides:
getLockCommandsForAccessControl in class AbstractAccessController
Parameters:
ent - The entity to perform access controls on. The entity must be in the file system that owns this AccessController.
Returns:
A command for locking the entity's parent, unless the entity is the root directory, in which case null is returned.
See Also:
AccessController.checkPermission(Permission)
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD