/*
 * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package java.security.acl;

import java.util.Enumeration;
import java.security.Principal;

This is the interface used for representing one entry in an Access Control List (ACL).

An ACL can be thought of as a data structure with multiple ACL entry objects. Each ACL entry object contains a set of permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). Additionally, each ACL entry is specified as being either positive or negative. If positive, the permissions are to be granted to the associated principal. If negative, the permissions are to be denied. Each principal can have at most one positive ACL entry and one negative entry; that is, multiple positive or negative ACL entries are not allowed for any principal. Note: ACL entries are by default positive. An entry becomes a negative entry only if the setNegativePermissions method is called on it.

Author: Satish Dharmaraj
See Also:
/** * This is the interface used for representing one entry in an Access * Control List (ACL).<p> * * An ACL can be thought of as a data structure with multiple ACL entry * objects. Each ACL entry object contains a set of permissions associated * with a particular principal. (A principal represents an entity such as * an individual user or a group). Additionally, each ACL entry is specified * as being either positive or negative. If positive, the permissions are * to be granted to the associated principal. If negative, the permissions * are to be denied. Each principal can have at most one positive ACL entry * and one negative entry; that is, multiple positive or negative ACL * entries are not allowed for any principal. * * Note: ACL entries are by default positive. An entry becomes a * negative entry only if the * {@link #setNegativePermissions() setNegativePermissions} * method is called on it. * * @see java.security.acl.Acl * * @author Satish Dharmaraj */
public interface AclEntry extends Cloneable {
Specifies the principal for which permissions are granted or denied by this ACL entry. If a principal was already set for this ACL entry, false is returned, otherwise true is returned.
Params:
  • user – the principal to be set for this entry.
See Also:
Returns:true if the principal is set, false if there was already a principal set for this entry.
/** * Specifies the principal for which permissions are granted or denied * by this ACL entry. If a principal was already set for this ACL entry, * false is returned, otherwise true is returned. * * @param user the principal to be set for this entry. * * @return true if the principal is set, false if there was * already a principal set for this entry. * * @see #getPrincipal */
public boolean setPrincipal(Principal user);
Returns the principal for which permissions are granted or denied by this ACL entry. Returns null if there is no principal set for this entry yet.
See Also:
Returns:the principal associated with this entry.
/** * Returns the principal for which permissions are granted or denied by * this ACL entry. Returns null if there is no principal set for this * entry yet. * * @return the principal associated with this entry. * * @see #setPrincipal */
public Principal getPrincipal();
Sets this ACL entry to be a negative one. That is, the associated principal (e.g., a user or a group) will be denied the permission set specified in the entry. Note: ACL entries are by default positive. An entry becomes a negative entry only if this setNegativePermissions method is called on it.
/** * Sets this ACL entry to be a negative one. That is, the associated * principal (e.g., a user or a group) will be denied the permission set * specified in the entry. * * Note: ACL entries are by default positive. An entry becomes a * negative entry only if this {@code setNegativePermissions} * method is called on it. */
public void setNegativePermissions();
Returns true if this is a negative ACL entry (one denying the associated principal the set of permissions in the entry), false otherwise.
Returns:true if this is a negative ACL entry, false if it's not.
/** * Returns true if this is a negative ACL entry (one denying the * associated principal the set of permissions in the entry), false * otherwise. * * @return true if this is a negative ACL entry, false if it's not. */
public boolean isNegative();
Adds the specified permission to this ACL entry. Note: An entry can have multiple permissions.
Params:
  • permission – the permission to be associated with the principal in this entry.
Returns:true if the permission was added, false if the permission was already part of this entry's permission set.
/** * Adds the specified permission to this ACL entry. Note: An entry can * have multiple permissions. * * @param permission the permission to be associated with * the principal in this entry. * * @return true if the permission was added, false if the * permission was already part of this entry's permission set. */
public boolean addPermission(Permission permission);
Removes the specified permission from this ACL entry.
Params:
  • permission – the permission to be removed from this entry.
Returns:true if the permission is removed, false if the permission was not part of this entry's permission set.
/** * Removes the specified permission from this ACL entry. * * @param permission the permission to be removed from this entry. * * @return true if the permission is removed, false if the * permission was not part of this entry's permission set. */
public boolean removePermission(Permission permission);
Checks if the specified permission is part of the permission set in this entry.
Params:
  • permission – the permission to be checked for.
Returns:true if the permission is part of the permission set in this entry, false otherwise.
/** * Checks if the specified permission is part of the * permission set in this entry. * * @param permission the permission to be checked for. * * @return true if the permission is part of the * permission set in this entry, false otherwise. */
public boolean checkPermission(Permission permission);
Returns an enumeration of the permissions in this ACL entry.
Returns:an enumeration of the permissions in this ACL entry.
/** * Returns an enumeration of the permissions in this ACL entry. * * @return an enumeration of the permissions in this ACL entry. */
public Enumeration<Permission> permissions();
Returns a string representation of the contents of this ACL entry.
Returns:a string representation of the contents.
/** * Returns a string representation of the contents of this ACL entry. * * @return a string representation of the contents. */
public String toString();
Clones this ACL entry.
Returns:a clone of this ACL entry.
/** * Clones this ACL entry. * * @return a clone of this ACL entry. */
public Object clone(); }