Package com.illumon.iris.db.v2.permissions

Class BaseACLPermission

java.lang.Object

java.security.Permission

java.security.BasicPermission

com.illumon.iris.db.v2.permissions.BaseACLPermission

All Implemented Interfaces:

Serializable, Guard

Direct Known Subclasses:

FileACLPermission

public abstract class BaseACLPermission
extends BasicPermission

A base class implementing central logic for any ACL-based permissions. We don't want to create a generic 'ACLPermission' that can wrap around ANY other type of permission because that would mean that anyone with permission to edit ACLs could edit any permission types at all, including replacing the security policy entirely. Instead, we want to specifically enable whatever ACL-based permission types we need - ACL-based filesystem permissions, socket permissions, network permissions, etc.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor	Description
BaseACLPermission(String name, String actions)	Create a BaseACLPermission that will look up any non-table filters with the specified key.

Method Summary

Modifier and Type	Method	Description
protected abstract boolean	filterImpliesPermission(SelectFilter filter, Permission permission)	Given a filter and a permission, determine whether that filter implies the specified permission under the rules of an implementing class.
boolean	implies(Permission permission)	Checks if the specified permission's actions are "implied by" this object's actions.
protected abstract boolean	permissionIsRelevant(Permission permission)	Given a permission, immediately indicate whether this permission can possibly imply that type at all.

Methods inherited from class java.security.BasicPermission

equals, getActions, hashCode, newPermissionCollection

Methods inherited from class java.security.Permission

checkGuard, getName, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

BaseACLPermission

public BaseACLPermission(@NotNull String name, @Nullable String actions)

Create a BaseACLPermission that will look up any non-table filters with the specified key.

Parameters:

name - The key to look up.

actions - Ignored.

Method Details

implies

public boolean implies(Permission permission)

Checks if the specified permission's actions are "implied by" this object's actions.

This must be implemented by subclasses of Permission, as they are the only ones that can impose semantics on a Permission object.

The implies method is used by the AccessController to determine whether or not a requested permission is implied by another permission that is known to be valid in the current execution context.

Overrides:

implies in class BasicPermission

Parameters:

permission - the permission to check against.

Returns:

true if the specified permission is implied by this object, false if not.

permissionIsRelevant

protected abstract boolean permissionIsRelevant(Permission permission)

Given a permission, immediately indicate whether this permission can possibly imply that type at all.

Parameters:

permission - The Permission being requested

Returns:

True if the Permission is the type that can be implied by an implementing class, false otherwise.

filterImpliesPermission

protected abstract boolean filterImpliesPermission(SelectFilter filter, Permission permission)

Given a filter and a permission, determine whether that filter implies the specified permission under the rules of an implementing class.

Parameters:

filter - The SelectFilter that may be of this type

permission - The Permission being requested

Returns:

True if the filter is a FileACLFilter that grants the requested access type to the requested Permission.