Examples of AccessControlList

• com.amazon.s3.AccessControlList
  AccessControlList bean class
• com.amazonaws.services.s3.model.AccessControlList

  Represents an Amazon S3 Access Control List (ACL), including the ACL's set of grantees and the permissions assigned to each grantee.

  Each bucket and object in Amazon S3 has an ACL that defines its access control policy. When a request is made, Amazon S3 authenticates the request using its standard authentication procedure and then checks the ACL to verify the sender was granted access to the bucket or object. If the sender is approved, the request proceeds. Otherwise, Amazon S3 returns an error.

  An ACL contains a list of grants. Each grant consists of one grantee and one permission. ACLs only grant permissions; they do not deny them.

  For convenience, some commonly used ACLs are defined in {@link CannedAccessControlList}.

  Note: Bucket and object ACLs are completely independent; an object does not inherit an ACL from its bucket. For example, if you create a bucket and grant write access to another user, you will not be able to access the user's objects unless the user explicitly grants access. This also applies if you grant anonymous write access to a bucket. Only the user "anonymous" will be able to access objects the user created unless permission is explicitly granted to the bucket owner.

  Important: Do not grant the anonymous group write access to buckets, as you will have no control over the objects others can store and their associated charges. For more information, see {@link Grantee} and {@link Permissions}.

  @see CannedAccessControlList
• javax.jcr.security.AccessControlList
• org.apache.hadoop.security.SecurityUtil.AccessControlList
• org.apache.hadoop.security.authorize.AccessControlList
  Class representing a configured access control list.
• org.apache.jackrabbit.api.jsr283.security.AccessControlList
  The AccessControlList is an AccessControlPolicy representing a list of {@link AccessControlEntry access control entries}. It is mutable before being {@link AccessControlManager#setPolicy(String,AccessControlPolicy) set}to the AccessControlManager and consequently defines methods to read and mutate the list i.e. to get, add or remove individual entries. @since JCR 2.0
• org.apache.turbine.util.security.AccessControlList
  This interface describes a control class that makes it easy to find out if a particular User has a given Permission. It also determines if a User has a a particular Role. @author John D. McNally @author Brett McLaughlin @author Greg Ritter @author Rafal Krzewski @author Marco Knüttel @author Henning P. Schmiedehausen @version $Id: AccessControlList.java 264152 2005-08-29 14:50:22Z henning $
• org.exoplatform.services.jcr.access.AccessControlList
  Created by The eXo Platform SAS.
  Access Control List. @author Gennady Azarenkov @version $Id: AccessControlList.java 14556 2008-05-21 15:22:15Z pnedonosko $
• org.jclouds.s3.domain.AccessControlList
  onwebservices.com/AmazonS3/2006-03-01/RESTAccessPolicy.html"/>
• org.jets3t.service.acl.AccessControlList
  Represents an Amazon S3 Access Control List (ACL), including the ACL's set of grantees and the permissions assigned to each grantee.

  @author James Murty

Examples of com.amazon.s3.AccessControlList

    CanonicalUser owner = new CanonicalUser();
    owner.setID(enginePolicy.getOwner().getID());
    owner.setDisplayName(enginePolicy.getOwner().getDisplayName());
    policy.setOwner(owner);

    AccessControlList acl = new AccessControlList();
    acl.setGrant(toGrants(enginePolicy.getGrants()));
    policy.setAccessControlList(acl);
    return policy;
  }

Examples of com.amazonaws.services.s3.model.AccessControlList

        if (cannedAcl != null) {
            CannedAccessControlList objectAcl = CannedAccessControlList.valueOf(cannedAcl);
            initRequest.setCannedACL(objectAcl);
        }

        AccessControlList acl = exchange.getIn().getHeader(S3Constants.ACL, AccessControlList.class);
        if (acl != null) {
            // note: if cannedacl and acl are both specified the last one will be used. refer to
            // PutObjectRequest#setAccessControlList for more details
            initRequest.setAccessControlList(acl);
        }

Examples of com.amazonaws.services.s3.model.AccessControlList

        if (cannedAcl != null) {
            CannedAccessControlList objectAcl = CannedAccessControlList.valueOf(cannedAcl);
            putObjectRequest.setCannedAcl(objectAcl);
        }

        AccessControlList acl = exchange.getIn().getHeader(S3Constants.ACL, AccessControlList.class);
        if (acl != null) {
            // note: if cannedacl and acl are both specified the last one will be used. refer to
            // PutObjectRequest#setAccessControlList for more details
            putObjectRequest.setAccessControlList(acl);
        }

Examples of javax.jcr.security.AccessControlList

      Set<String> newGrantedPrivilegeNames = disaggregateToPrivilegeNames(accessControlManager, grantedPrivilegeNames, specifiedPrivilegeNames);
      Set<String> newDeniedPrivilegeNames = disaggregateToPrivilegeNames(accessControlManager, deniedPrivilegeNames, specifiedPrivilegeNames);
      disaggregateToPrivilegeNames(accessControlManager, removedPrivilegeNames, specifiedPrivilegeNames);

      // Get or create the ACL for the node.
      AccessControlList acl = null;
      AccessControlPolicy[] policies = accessControlManager.getPolicies(resourcePath);
      for (AccessControlPolicy policy : policies) {
        if (policy instanceof AccessControlList) {
          acl = (AccessControlList) policy;
          break;
        }
      }
      if (acl == null) {
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(resourcePath);
        while (applicablePolicies.hasNext()) {
          AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
          if (policy instanceof AccessControlList) {
            acl = (AccessControlList) policy;
            break;
          }
        }
      }
      if (acl == null) {
        throw new RepositoryException("Could not obtain ACL for resource " + resourcePath);
      }
      // Used only for logging.
      Set<Privilege> oldGrants = null;
      Set<Privilege> oldDenies = null;
      if (log.isDebugEnabled()) {
        oldGrants = new HashSet<Privilege>();
        oldDenies = new HashSet<Privilege>();
      }

      // Combine all existing ACEs for the target principal.
      AccessControlEntry[] accessControlEntries = acl.getAccessControlEntries();
      for (int i=0; i < accessControlEntries.length; i++) {
        AccessControlEntry ace = accessControlEntries[i];
        if (principal.equals(ace.getPrincipal())) {
          if (log.isDebugEnabled()) {
            log.debug("Found Existing ACE for principal {} on resource {}", new Object[] {principal.getName(), resourcePath});
          }
          if (order == null || order.length() == 0) {
            //order not specified, so keep track of the original ACE position.
            order = String.valueOf(i);
          }

          boolean isAllow = isAllow(ace);
          Privilege[] privileges = ace.getPrivileges();
          if (log.isDebugEnabled()) {
            if (isAllow) {
              oldGrants.addAll(Arrays.asList(privileges));
            } else {
              oldDenies.addAll(Arrays.asList(privileges));
            }
          }
          for (Privilege privilege : privileges) {
            Set<String> maintainedPrivileges = disaggregateToPrivilegeNames(privilege);
            // If there is any overlap with the newly specified privileges, then
            // break the existing privilege down; otherwise, maintain as is.
            if (!maintainedPrivileges.removeAll(specifiedPrivilegeNames)) {
              // No conflicts, so preserve the original.
              maintainedPrivileges.clear();
              maintainedPrivileges.add(privilege.getName());
            }
            if (!maintainedPrivileges.isEmpty()) {
              if (isAllow) {
                newGrantedPrivilegeNames.addAll(maintainedPrivileges);
              } else {
                newDeniedPrivilegeNames.addAll(maintainedPrivileges);
              }
            }
          }
          // Remove the old ACE.
          acl.removeAccessControlEntry(ace);
        }
      }

      //add a fresh ACE with the granted privileges
      List<Privilege> grantedPrivilegeList = new ArrayList<Privilege>();
      for (String name : newGrantedPrivilegeNames) {
        Privilege privilege = accessControlManager.privilegeFromName(name);
        grantedPrivilegeList.add(privilege);
      }
      if (grantedPrivilegeList.size() > 0) {
        acl.addAccessControlEntry(principal, grantedPrivilegeList.toArray(new Privilege[grantedPrivilegeList.size()]));
      }

       //add a fresh ACE with the denied privileges
       List<Privilege> deniedPrivilegeList = new ArrayList<Privilege>();
       for (String name : newDeniedPrivilegeNames) {

Examples of javax.jcr.security.AccessControlList

      Set<String> pidSet = new HashSet<String>();
      pidSet.addAll(Arrays.asList(principalNamesToDelete));

      try {
        AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(jcrSession);
        AccessControlList updatedAcl = getAccessControlList(accessControlManager, resourcePath, false);

        //keep track of the existing Aces for the target principal
        AccessControlEntry[] accessControlEntries = updatedAcl.getAccessControlEntries();
        List<AccessControlEntry> oldAces = new ArrayList<AccessControlEntry>();
        for (AccessControlEntry ace : accessControlEntries) {
          if (pidSet.contains(ace.getPrincipal().getName())) {
            oldAces.add(ace);
          }
        }

        //remove the old aces
        if (!oldAces.isEmpty()) {
          for (AccessControlEntry ace : oldAces) {
            updatedAcl.removeAccessControlEntry(ace);
          }
        }

        //apply the changed policy
        accessControlManager.setPolicy(resourcePath, updatedAcl);

Examples of org.apache.hadoop.security.SecurityUtil.AccessControlList

      if (job.getJobConf().getUser().equals(ugi.getUserName())) {
        return true;
      }
    }

    AccessControlList acl = aclsMap.get(toFullPropertyName(queueName, oper.getAclName()));
    if (acl == null) {
      return false;
    }

    // Check the ACL list
    boolean allowed = acl.allAllowed();
    if (!allowed) {
      // Check the allowed users list
      if (acl.getUsers().contains(ugi.getUserName())) {
        allowed = true;
      } else {
        // Check the allowed groups list
        Set<String> allowedGroups = acl.getGroups();
        for (String group : ugi.getGroupNames()) {
          if (allowedGroups.contains(group)) {
            allowed = true;
            break;
          }

Examples of org.apache.hadoop.security.authorize.AccessControlList

   * @return AccessControlList instance
   */
  public static AccessControlList getAdminAcls(Configuration conf,
      String configKey) {
    try {
      AccessControlList adminAcl =
        new AccessControlList(conf.get(configKey, " "));
      adminAcl.addUser(UserGroupInformation.getCurrentUser().
                       getShortUserName());
      return adminAcl;
    } catch (Exception ex) {
      throw new RuntimeException(ex);
    }

Examples of org.apache.hadoop.security.authorize.AccessControlList

      if (values.containsKey(Keys.SUBMIT_TIME)) {// job submission
        // construct the job ACLs
        String viewJobACL = values.get(Keys.VIEW_JOB);
        String modifyJobACL = values.get(Keys.MODIFY_JOB);
        if (viewJobACL != null) {
          jobACLs.put(JobACL.VIEW_JOB, new AccessControlList(viewJobACL));
        }
        if (modifyJobACL != null) {
          jobACLs.put(JobACL.MODIFY_JOB, new AccessControlList(modifyJobACL));
        }
        // get the job queue name
        queueName = values.get(Keys.JOB_QUEUE);
      }
      super.handle(values);

Examples of org.apache.hadoop.security.authorize.AccessControlList

    if (LOG.isDebugEnabled()) {
      LOG.debug("checking access for : " + toFullPropertyName(queueName,
                                            qACL.getAclName()));
    }

    AccessControlList acl = aclsMap.get(toFullPropertyName(
        queueName, qACL.getAclName()));
    if (acl == null) {
      return false;
    }

    // Check if user is part of the ACL
    return acl.isUserAllowed(ugi);
  }

Examples of org.apache.hadoop.security.authorize.AccessControlList

      new HashMap<String, AccessControlList>();
    for (String queue : queueNames) {
      for (QueueACL qACL : QueueACL.values()) {
        String key = toFullPropertyName(queue, qACL.getAclName());
        String aclString = conf.get(key, " ");// default is empty list of users
        aclsMap.put(key, new AccessControlList(aclString));
      }
    }
    return aclsMap;
  }