|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
public interface AccessController
An AccessController is used by a file system if access controlling is
enabled to verify that a Subject is authorized to get a
Permission that it wants. This role of this class is similar to JAAS'
AccessController class.
If the file system is locking, some access controller implementations may
need locks for entities that normally are not involved in an operation. The
client can query the access controller for necessary LockCommand:s by
calling the getLockCommandsForAccessControl(Entity) method. See the
access controller implementation documentations for details.
| Method Summary | |
|---|---|
void |
checkPermission(Permission p)
Verify that the current Subject is authorized for the permission. |
Collection<? extends LockCommand> |
getLockCommandsForAccessControl(Entity ent)
Get the collection of lock commands that have to be executed in order to get all required locks for performing an access control on the supplied entity. |
Subject |
getSubject()
Get the Subject for the current thread. |
boolean |
hasPermission(Permission p)
Does the current Subject have the permission? It is up to the
access controller implementation to know how to find the current subject. |
boolean |
isEnabled()
Check if the AccessController is enabled. |
void |
setSubject(Subject s)
Set the subject for the current thread. |
| Method Detail |
|---|
boolean hasPermission(Permission p)
throws UnsupportedCapabilityException
Subject have the permission? It is up to the
access controller implementation to know how to find the current subject.
Most implementations will use some kind of ThreadLocal to store
the subject.
The checkPermission(Permission) method performs the same checks
as this method, but throws an AccessDeniedException if the
subject does not have the requested permission.
p - The permission. When EntityFS methods are calling this method,
this is always an EntityPermission.
true if the subject has the permission, false if
not.
UnsupportedCapabilityException - If some capability necessary for
the authorization control is missing.checkPermission(Permission)
void checkPermission(Permission p)
throws AccessDeniedException,
UnsupportedCapabilityException
Subject is authorized for the permission.
The hasPermission(Permission) method performs the same checks as
this method, but returns false instead of throwing an exception
if the subject does not have the requested permission.
p - The permission. When EntityFS methods are calling this method,
this is always an EntityPermission.
AccessDeniedException - If the current subject is not authorized
for the permission.
UnsupportedCapabilityException - If some capability necessary for
the authorization control is missing.hasPermission(Permission),
getLockCommandsForAccessControl(Entity)boolean isEnabled()
AccessController is enabled. A disabled access
controller grants all access requests.
true if this access controller is enabled.Subject getSubject()
Subject for the current thread.
Subject, or null if the current thread does
not have a Subject set.void setSubject(Subject s)
Subject.doAs(java.security.PrivilegedAction) or
Subject.doAs(java.security.PrivilegedExceptionAction) methods
instead.
s - The new subject for the current thread. May be null.Collection<? extends LockCommand> getLockCommandsForAccessControl(Entity ent)
ent - The entity to perform access controls on. The entity must be
in the file system that owns this AccessController.
null.checkPermission(Permission)
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||