public class NetResource extends AbstractResource
There are three access modes:
Rights objects for this resource are made of one bitfield with 4 bits. First three bits correspond to the listed access modes above. The last bit is for explicit denial of access. When printed, they are shown as RWXN.
There is a predefined "system" group of methods, containing the following method names:
These names can be used in ACLs. The server's account should provide ACLs that allow the server's process have RWX rights for the "system" group. On the other hand, application related accounts never need any access to system:authenticate and system:terminate. They need RX access to system:route to be able to perform remote calls. system:shutdown may be given RX or N access.
Non-system API access control is completely up to the admin.
Modifier and Type | Field and Description |
---|---|
(package private) static int |
NET_EXECUTE_ACCESS
EXECUTE access mode for net resource
|
(package private) static int |
NET_READ_ACCESS
READ access mode for net resource
|
(package private) static int |
NET_WRITE_ACCESS
WRITE access mode for net resource
|
objectPointer, resourceIndex, sm
Constructor and Description |
---|
NetResource()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
(package private) boolean |
checkExecuteAccess(java.lang.String group,
java.lang.String api)
Checks EXECUTE access rights of the current subject with regards to the
given instance of the "net" abstract resource.
|
(package private) boolean |
checkReadAccess(java.lang.String group,
java.lang.String api)
Checks READ access rights of the current subject with regards to the
given instance of the "net" abstract resource.
|
private int |
checkSingle(NetRights rights,
int mode)
Implements a worker that performs access rights check on a single
instance of the NetRights object.
|
(package private) boolean |
checkWriteAccess(java.lang.String group,
java.lang.String api)
Checks WRITE access rights of the current subject with regards to the
given instance of the "net" abstract resource.
|
Description[] |
describeRights()
Returns an array of descriptions, one object per the plugin's access
rights item.
|
Rights |
getRightsInstance(java.lang.Object[] rights)
Instantiates a plugin's class that implements the Rights interface,
using the array of objects representing a set of access rights fields.
|
java.lang.String |
getTypeName()
Returns the plugin resource type name as a string.
|
boolean |
isInstanceNameValid(java.lang.String resource)
Checks whether a given string is a valid resource name
for this resource type.
|
boolean |
isRightsSetValid(java.lang.Object[] rights)
Checks whether a given array of objects representing a set of access
rights fields is acceptable.
|
private boolean |
netAccessWorker(java.lang.String group,
java.lang.String api,
int mode)
Implements generalized access rights check worker.
|
associate, attach, disassociate, getEnclosingScope, getLibrary, getLink, getPermissions, init, refresh, registeredAs, toString
static final int NET_READ_ACCESS
static final int NET_WRITE_ACCESS
static final int NET_EXECUTE_ACCESS
public java.lang.String getTypeName()
public Description[] describeRights()
This plugin uses one field of type BitField with three bits: read, write end execute.
Description
s, one per each plugin's access
rights item.public Rights getRightsInstance(java.lang.Object[] rights)
rights
- an array of objects of proper types representing items in a set
of access rightspublic boolean isInstanceNameValid(java.lang.String resource)
Valid names contain no slashes and 0 or 1 colon.
resource
- string naming a resourcetrue
if the name is syntactically correctpublic boolean isRightsSetValid(java.lang.Object[] rights)
This method returns true
only if:
rights
- an array of objects of proper types representing items in a set
of access rightstrue
if the array is acceptable for an instance
of access rightsboolean checkReadAccess(java.lang.String group, java.lang.String api)
group
- group nameapi
- method name within the grouptrue
if access is allowed.boolean checkWriteAccess(java.lang.String group, java.lang.String api)
group
- group nameapi
- method name within the grouptrue
if access is allowed.boolean checkExecuteAccess(java.lang.String group, java.lang.String api)
group
- group nameapi
- method name within the grouptrue
if access is allowed.private boolean netAccessWorker(java.lang.String group, java.lang.String api, int mode)
group
- group nameapi
- method name within the groupmode
- an integer value encoding the access mode specific to this
resourcetrue
if access is allowed.private int checkSingle(NetRights rights, int mode)
rights
- instance of NetRights to checkmode
- an integer value encoding the access mode specific to this
resource