|
JXTA | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.jxta.impl.access.simpleACL.SimpleACLAccessService
public class SimpleACLAccessService
Implements the AccessService
using a simple ACL
scheme.
perm
entry of the Access Service parameters in the group adv is
assumed to be a permission in the following format:
<operation> ":" ( <identity> )* ( "," <identity> )*A sample ACL table extracted from a PeerGroupAdvertisement:
... <Svc> <MCID>urn:jxta:uuid-DEADBEEFDEAFBABAFEEDBABE0000001005</MCID> <Parm> <perm><<DEFAULT>>:nobody,permit</perm> <perm>everyone:<<ALL>></perm> <perm>permit:nobody,permit,allow</perm> <perm>deny:notpermit,notallow</perm> </Parm> </Svc> ...If
<<ALL>>
is provided as an identity then the
operation is permitted for all valid credentials.
if <<DEFAULT>>
is provided as an operation then the
provided identities will be allowed for all operations which are not
recognized.
This implementation makes no effort to ensure that the
permission table has not been altered. It is not appropriate for use
in security sensitive deployments unless the integrity of the group
advertisement is ensured.
AccessService
Nested Class Summary |
---|
Nested classes/interfaces inherited from interface net.jxta.access.AccessService |
---|
AccessService.AccessResult |
Field Summary | |
---|---|
(package private) PeerGroup |
group
The peer group we are working for. |
(package private) ModuleImplAdvertisement |
implAdvertisement
Implementation advertisement for this instance. |
static ModuleSpecID |
simpleACLAccessSpecID
Well known access specification identifier: the simple ACL access service |
Fields inherited from interface net.jxta.platform.Module |
---|
START_AGAIN_PROGRESS, START_AGAIN_STALLED, START_DISABLED, START_OK |
Constructor Summary | |
---|---|
SimpleACLAccessService()
The default constructor |
Method Summary | |
---|---|
AccessService.AccessResult |
doAccessCheck(PrivilegedOperation op,
Credential cred)
Determine if a privileged operation is permitted for a given identity. |
ModuleImplAdvertisement |
getImplAdvertisement()
Returns the advertisement for this service. |
SimpleACLAccessService |
getInterface()
Service objects are not manipulated directly to protect usage of the service. |
(package private) PeerGroup |
getPeerGroup()
|
void |
init(PeerGroup group,
ID assignedID,
Advertisement implAdv)
Initialize the module, passing it its peer group and advertisement. |
PrivilegedOperation |
newPrivilegedOperation(Element source)
Read a privileged operation from a portion of a structured document. |
PrivilegedOperation |
newPrivilegedOperation(Object subject,
Credential offerer)
Create a new privileged operation with the specified subject. |
int |
startApp(String[] args)
Complete any remaining initialization of the module. |
void |
stopApp()
Stop a module. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final ModuleSpecID simpleACLAccessSpecID
PeerGroup group
ModuleImplAdvertisement implAdvertisement
Constructor Detail |
---|
public SimpleACLAccessService()
Method Detail |
---|
public void init(PeerGroup group, ID assignedID, Advertisement implAdv) throws PeerGroupException
init
in interface Module
group
- The PeerGroup from which this Module can obtain services.
If this module is a Service, this is also the PeerGroup of which this
module is a service.assignedID
- Identity of Module within group.
modules can use it as a the root of their namespace to create
names that are unique within the group but predictable by the
same module on another peer. This is normally the ModuleClassID
which is also the name under which the module is known by other
modules. For a group it is the PeerGroupID itself.
The parameters of a service, in the Peer configuration, are indexed
by the assignedID of that service, and a Service must publish its
run-time parameters in the Peer Advertisement under its assigned ID.implAdv
- The implementation advertisement for this
Module. It is permissible to pass null if no implementation
advertisement is available. This may happen if the
implementation was selected by explicit class name rather than
by following an implementation advertisement. Modules are not
required to support that style of loading, but if they do, then
their documentation should mention it.
PeerGroupException
- This module failed to initialize.public int startApp(String[] args)
startApp()
is completed. That is
also the opportunity to supply arbitrary arguments (mostly to
applications).
If this module is a PeerGroup
service, it may be invoked
several times depending on its return value.
startApp
in interface Module
args
- An array of Strings forming the parameters for this
Module.
Module.START_OK
, Module.START_AGAIN_PROGRESS
,
Module.START_AGAIN_STALLED
, which indicates partial or complete
success, or any other value (negative values are
recommended for future compatibility), which indicates failure.public void stopApp()
init()
completes and should not assume that startApp()
has been
called or completed.
The Module cannot be forced to comply, but in the future
we might be able to deny it access to anything after some timeout.
stopApp
in interface Module
public ModuleImplAdvertisement getImplAdvertisement()
getImplAdvertisement
in interface Service
ModuleImplAdvertisement
.public SimpleACLAccessService getInterface()
getInterface
in interface Service
public AccessService.AccessResult doAccessCheck(PrivilegedOperation op, Credential cred)
doAccessCheck
in interface AccessService
op
- The operation which is being requested or null
.
null
signifies that the operation is unimportant though the
credential must be valid.cred
- The identity which is requesting or null
. A
null
value indicates that no credential is available.
public PrivilegedOperation newPrivilegedOperation(Object subject, Credential offerer)
newPrivilegedOperation
in interface AccessService
subject
- The subject of the operation. This usually identifies
what operation is being requested.offerer
- The identity which is offering the operation.
Credential
public PrivilegedOperation newPrivilegedOperation(Element source)
newPrivilegedOperation
in interface AccessService
source
- The root of the document portion containing the serialized
representation of the privileged operation.
PeerGroup getPeerGroup()
|
JXSE | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |