|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object | +--ajanta.security.netacl.NetAcl
This class provides the Access Control List for determining whether user has permission to connect to a particular IP address. The permission policy is as follows: 1. Check if the particular IP address has an entry in the NetAcl hashtable 2. If there is no entry, allow connect permission. 3. If there is an entry, check if it has permissions for the given user and return these permissions 4. If the IP address entry had no entry for the given user, disallow connect permission. The .netacl file has the following structure: userURN permission hostname port1 port2
ajanta.security.acl| Field Summary | |
protected java.security.acl.Permission |
accept
|
protected java.security.acl.Permission |
connect
|
protected java.security.acl.Permission |
listen
|
protected java.util.Vector |
NegativePerms
|
protected java.util.Hashtable |
netAclTable
HashTable to maintain ACL entries |
protected java.security.Principal |
owner
Owner of the acl entries |
protected ajanta.naming.URN |
ownerURN
Owner URN of the acl entries |
protected java.util.Vector |
PositivePerms
|
protected java.lang.String |
rootPath
path to the root directory where .acl file can be obtained |
| Constructor Summary | |
NetAcl(java.lang.String root)
|
|
| Method Summary | |
void |
addPermission(ajanta.naming.URN userURN,
java.lang.String fileName,
java.lang.String perm)
|
boolean |
checkAcceptPermission(java.lang.String user,
java.lang.String remoteHost,
int port)
|
boolean |
checkConnectPermission(java.lang.String user,
java.lang.String remoteHost,
int port)
|
boolean |
checkListenPermission(java.lang.String user,
int port)
|
protected void |
createAclEntry(java.lang.String line)
|
void |
deletePermission(ajanta.naming.URN userURN,
java.lang.String fileName,
java.lang.String perm)
|
protected void |
initAclTable()
It reads .netacl file under the server directory and initializes the NetAcltable An entry in the .netacl file can be -- urn:ans:plato.cs.umn.edu/pathak connect plato.cs.umn.edu 7000 -- i.e.: user1-URN permission hostname port1 port2 |
static void |
main(java.lang.String[] argv)
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
protected ajanta.naming.URN ownerURN
protected java.lang.String rootPath
protected java.security.Principal owner
protected java.security.acl.Permission connect
protected java.security.acl.Permission listen
protected java.security.acl.Permission accept
protected java.util.Hashtable netAclTable
protected java.util.Vector PositivePerms
protected java.util.Vector NegativePerms
| Constructor Detail |
public NetAcl(java.lang.String root)
root - path to the root directory where .acl file can be obtained| Method Detail |
protected void initAclTable()
protected void createAclEntry(java.lang.String line)
public boolean checkConnectPermission(java.lang.String user,
java.lang.String remoteHost,
int port)
public boolean checkListenPermission(java.lang.String user,
int port)
public boolean checkAcceptPermission(java.lang.String user,
java.lang.String remoteHost,
int port)
public void deletePermission(ajanta.naming.URN userURN,
java.lang.String fileName,
java.lang.String perm)
public void addPermission(ajanta.naming.URN userURN,
java.lang.String fileName,
java.lang.String perm)
public static void main(java.lang.String[] argv)
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||