| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <title>Acl</title> |
| <link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style"> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="Acl"; |
| } |
| //--> |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar_top"> |
| <!-- --> |
| </a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../com/google/enterprise/adaptor/AbstractAdaptor.html" title="class in com.google.enterprise.adaptor"><span class="strong">PREV CLASS</span></a></li> |
| <li><a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor"><span class="strong">NEXT CLASS</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?com/google/enterprise/adaptor/Acl.html" target="_top">FRAMES</a></li> |
| <li><a href="Acl.html" target="_top">NO FRAMES</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>SUMMARY: </li> |
| <li><a href="#nested_class_summary">NESTED</a> | </li> |
| <li><a href="#field_summary">FIELD</a> | </li> |
| <li>CONSTR | </li> |
| <li><a href="#method_summary">METHOD</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>DETAIL: </li> |
| <li><a href="#field_detail">FIELD</a> | </li> |
| <li>CONSTR | </li> |
| <li><a href="#method_detail">METHOD</a></li> |
| </ul> |
| </div> |
| <a name="skip-navbar_top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <p class="subTitle">com.google.enterprise.adaptor</p> |
| <h2 title="Class Acl" class="title">Class Acl</h2> |
| </div> |
| <div class="contentContainer"> |
| <ul class="inheritance"> |
| <li><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li> |
| <li> |
| <ul class="inheritance"> |
| <li>com.google.enterprise.adaptor.Acl</li> |
| </ul> |
| </li> |
| </ul> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <hr> |
| <br> |
| <pre>public class <strong>Acl</strong> |
| extends <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></pre> |
| <div class="block">Immutable access control list. For description of the semantics of the |
| various fields, see <a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><code>isAuthorizedLocal</code></a> and |
| <a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)"><code>isAuthorized</code></a>. Users and groups must not be <code>null</code>, <code>""</code>, or have surrounding whitespace. These values are |
| disallowed to prevent confusion since <code>null</code> doesn't make sense, <code>""</code> would be ignored by the GSA, and surrounding whitespace is automatically |
| trimmed by the GSA.</div> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ======== NESTED CLASS SUMMARY ======== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="nested_class_summary"> |
| <!-- --> |
| </a> |
| <h3>Nested Class Summary</h3> |
| <table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Nested Class Summary table, listing nested classes, and an explanation"> |
| <caption><span>Nested Classes</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Class and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>static interface </code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor">Acl.BatchRetriever</a></strong></code> |
| <div class="block">Batch retrieval of ACLs for efficent processing of many authz checks at |
| once.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>static class </code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.Builder.html" title="class in com.google.enterprise.adaptor">Acl.Builder</a></strong></code> |
| <div class="block">Mutable ACL for creating instances of <a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor"><code>Acl</code></a>.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>static class </code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor">Acl.InheritanceType</a></strong></code> |
| <div class="block">The rule for combining a parent's authz response with its child's.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| <!-- =========== FIELD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="field_summary"> |
| <!-- --> |
| </a> |
| <h3>Field Summary</h3> |
| <table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Field Summary table, listing fields, and an explanation"> |
| <caption><span>Fields</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Field and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>static <a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</a></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#EMPTY">EMPTY</a></strong></code> |
| <div class="block">Empty convenience instance with all defaults used.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method_summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation"> |
| <caption><span>Methods</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Method and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#equals(java.lang.Object)">equals</a></strong>(<a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> o)</code> |
| <div class="block">Equality is determined if all the permit/deny sets are equal and the |
| inheritance is equal.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/Principal.html" title="class in com.google.enterprise.adaptor">Principal</a>></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getDenies()">getDenies</a></strong>()</code> |
| <div class="block">Returns immutable set of denied users and groups;</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</a>></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getDenyGroups()">getDenyGroups</a></strong>()</code> |
| <div class="block">Returns immutable set of denied groups.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</a>></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getDenyUsers()">getDenyUsers</a></strong>()</code> |
| <div class="block">Returns immutable set of denied users.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code><a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor">Acl.InheritanceType</a></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritanceType()">getInheritanceType</a></strong>()</code> |
| <div class="block">Returns the inheritance type used to combine authz decisions of these ACLs |
| with its <em>child</em>.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code><a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritFrom()">getInheritFrom</a></strong>()</code> |
| <div class="block">Returns <code>DocId</code> these ACLs are inherited from.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritFromFragment()">getInheritFromFragment</a></strong>()</code> |
| <div class="block">Returns fragment, if there is one, that specifies which of the parent's |
| ACLs is to to be inhertied from.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</a>></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getPermitGroups()">getPermitGroups</a></strong>()</code> |
| <div class="block">Returns immutable set of permitted groups.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/Principal.html" title="class in com.google.enterprise.adaptor">Principal</a>></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getPermits()">getPermits</a></strong>()</code> |
| <div class="block">Returns immutable set of permitted users and groups.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</a>></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getPermitUsers()">getPermitUsers</a></strong>()</code> |
| <div class="block">Returns immutable set of permitted users.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>int</code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#hashCode()">hashCode</a></strong>()</code> |
| <div class="block">Returns a hash code for this object that agrees with <code>equals</code>.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>static <a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)">isAuthorized</a></strong>(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a> userIdentity, |
| <a href="http://download.oracle.com/javase/6/docs/api/java/util/List.html?is-external=true" title="class or interface in java.util">List</a><<a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</a>> aclChain)</code> |
| <div class="block">Determine if the provided <code>userIdentity</code> belonging to <code>groups</code> is authorized for the provided <code>aclChain</code>.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>static <a href="http://download.oracle.com/javase/6/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a><<a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a>,<a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a>></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedBatch(com.google.enterprise.adaptor.AuthnIdentity, java.util.Collection, com.google.enterprise.adaptor.Acl.BatchRetriever)">isAuthorizedBatch</a></strong>(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a> userIdentity, |
| <a href="http://download.oracle.com/javase/6/docs/api/java/util/Collection.html?is-external=true" title="class or interface in java.util">Collection</a><<a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a>> ids, |
| <a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor">Acl.BatchRetriever</a> retriever)</code> |
| <div class="block">Check authz for many DocIds at once.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code><a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)">isAuthorizedLocal</a></strong>(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a> userIdentity)</code> |
| <div class="block">Determine if the provided <code>userIdentifier</code> belonging to <code>groups</code> is authorized, ignoring inheritance.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isEverythingCaseInsensitive()">isEverythingCaseInsensitive</a></strong>()</code> |
| <div class="block">Says whether letter casing doesn't matter during authorization.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isEverythingCaseSensitive()">isEverythingCaseSensitive</a></strong>()</code> |
| <div class="block">Says whether letter casing differentiates names during authorization.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#toString()">toString</a></strong>()</code> |
| <div class="block">Generates a string useful for debugging that contains users and groups |
| along with inheritance information.</div> |
| </td> |
| </tr> |
| </table> |
| <ul class="blockList"> |
| <li class="blockList"><a name="methods_inherited_from_class_java.lang.Object"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class java.lang.<a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3> |
| <code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang">clone</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang">finalize</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang">getClass</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang">notify</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang">notifyAll</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang">wait</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang">wait</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait(long, int)" title="class or interface in java.lang">wait</a></code></li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ============ FIELD DETAIL =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="field_detail"> |
| <!-- --> |
| </a> |
| <h3>Field Detail</h3> |
| <a name="EMPTY"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>EMPTY</h4> |
| <pre>public static final <a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</a> EMPTY</pre> |
| <div class="block">Empty convenience instance with all defaults used.</div> |
| <dl><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/google/enterprise/adaptor/Acl.Builder.html#Acl.Builder()"><code>Acl.Builder.Acl.Builder()</code></a></dd></dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <!-- ============ METHOD DETAIL ========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method_detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a name="getPermitGroups()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getPermitGroups</h4> |
| <pre>public <a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</a>> getPermitGroups()</pre> |
| <div class="block">Returns immutable set of permitted groups.</div> |
| </li> |
| </ul> |
| <a name="getDenyGroups()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getDenyGroups</h4> |
| <pre>public <a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</a>> getDenyGroups()</pre> |
| <div class="block">Returns immutable set of denied groups.</div> |
| </li> |
| </ul> |
| <a name="getPermitUsers()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getPermitUsers</h4> |
| <pre>public <a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</a>> getPermitUsers()</pre> |
| <div class="block">Returns immutable set of permitted users.</div> |
| </li> |
| </ul> |
| <a name="getDenyUsers()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getDenyUsers</h4> |
| <pre>public <a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</a>> getDenyUsers()</pre> |
| <div class="block">Returns immutable set of denied users.</div> |
| </li> |
| </ul> |
| <a name="getPermits()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getPermits</h4> |
| <pre>public <a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/Principal.html" title="class in com.google.enterprise.adaptor">Principal</a>> getPermits()</pre> |
| <div class="block">Returns immutable set of permitted users and groups.</div> |
| </li> |
| </ul> |
| <a name="getDenies()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getDenies</h4> |
| <pre>public <a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="../../../../com/google/enterprise/adaptor/Principal.html" title="class in com.google.enterprise.adaptor">Principal</a>> getDenies()</pre> |
| <div class="block">Returns immutable set of denied users and groups;</div> |
| </li> |
| </ul> |
| <a name="getInheritFrom()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getInheritFrom</h4> |
| <pre>public <a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a> getInheritFrom()</pre> |
| <div class="block">Returns <code>DocId</code> these ACLs are inherited from. This is also known as |
| the "parent's" ACLs. Note that the parent's <code>InheritanceType</code> |
| determines how to combine results with this ACL.</div> |
| <dl><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritanceType()"><code>getInheritanceType()</code></a></dd></dl> |
| </li> |
| </ul> |
| <a name="getInheritFromFragment()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getInheritFromFragment</h4> |
| <pre>public <a href="http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> getInheritFromFragment()</pre> |
| <div class="block">Returns fragment, if there is one, that specifies which of the parent's |
| ACLs is to to be inhertied from.</div> |
| <dl><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritanceType()"><code>getInheritanceType()</code></a></dd></dl> |
| </li> |
| </ul> |
| <a name="getInheritanceType()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getInheritanceType</h4> |
| <pre>public <a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor">Acl.InheritanceType</a> getInheritanceType()</pre> |
| <div class="block">Returns the inheritance type used to combine authz decisions of these ACLs |
| with its <em>child</em>. The inheritance type applies to the interaction |
| between this ACL and any <em>children</em> it has.</div> |
| <dl><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritFrom()"><code>getInheritFrom()</code></a></dd></dl> |
| </li> |
| </ul> |
| <a name="isEverythingCaseSensitive()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>isEverythingCaseSensitive</h4> |
| <pre>public boolean isEverythingCaseSensitive()</pre> |
| <div class="block">Says whether letter casing differentiates names during authorization.</div> |
| </li> |
| </ul> |
| <a name="isEverythingCaseInsensitive()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>isEverythingCaseInsensitive</h4> |
| <pre>public boolean isEverythingCaseInsensitive()</pre> |
| <div class="block">Says whether letter casing doesn't matter during authorization.</div> |
| </li> |
| </ul> |
| <a name="isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>isAuthorizedLocal</h4> |
| <pre>public <a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a> isAuthorizedLocal(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a> userIdentity)</pre> |
| <div class="block">Determine if the provided <code>userIdentifier</code> belonging to <code>groups</code> is authorized, ignoring inheritance. Deny trumps permit, |
| independent of how specific the rule is. So if a user is in permitUsers and |
| one of the user's groups is in denyGroups, that user will be denied. If a |
| user and his groups are unspecified in the ACL, then the response is |
| indeterminate.</div> |
| </li> |
| </ul> |
| <a name="isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>isAuthorized</h4> |
| <pre>public static <a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a> isAuthorized(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a> userIdentity, |
| <a href="http://download.oracle.com/javase/6/docs/api/java/util/List.html?is-external=true" title="class or interface in java.util">List</a><<a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</a>> aclChain)</pre> |
| <div class="block">Determine if the provided <code>userIdentity</code> belonging to <code>groups</code> is authorized for the provided <code>aclChain</code>. The chain should |
| be in order of root to leaf; that means that the particular file or folder |
| you are checking for authz will be at the end of the chain. |
| |
| <p>If you have an ACL and wish to determine if a user is authorized, you |
| should manually generate an aclChain by recursively retrieving the ACLs of |
| the <code>inheritFrom</code> <a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor"><code>DocId</code></a>. The ACL you started with should be |
| at the end of the chain. Alternatively, you can use <a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedBatch(com.google.enterprise.adaptor.AuthnIdentity, java.util.Collection, com.google.enterprise.adaptor.Acl.BatchRetriever)"><code>isAuthorizedBatch()</code></a>. |
| |
| <p>If the entire chain has empty permit/deny sets, then the result is |
| <a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html#INDETERMINATE"><code>AuthzStatus.INDETERMINATE</code></a>. |
| |
| <p>The result of the entire chain is the non-local decision of the root. |
| The non-local decision of any entry in the chain is the local decision of |
| that entry (as calculated with <a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><code>isAuthorizedLocal()</code></a>) combined with the non-local decision of the next |
| entry in the chain via the <code>InheritanceType</code> of the original entry. |
| To repeat, the non-local decision of an entry is that entry's local |
| decision combined using its <code>InheritanceType</code> with its child's |
| non-local decision (which is recursive). Thus, if the root's inheritance |
| type is <a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html#PARENT_OVERRIDES"><code>Acl.InheritanceType.PARENT_OVERRIDES</code></a> and its local decision is |
| <a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html#DENY"><code>AuthzStatus.DENY</code></a>, then independent of any decendant's local |
| decision, the decision of the chain will be <code>DENY</code>. |
| |
| <p>It should also be noted that the leaf's inheritance type does not matter |
| and is ignored. |
| |
| <p>It is very important to note that a completely empty ACL (one that has |
| all defaults) is equivalent to having no ACLs. The GSA considers content |
| from the Adaptor as public unless it provides an ACL. Thus, empty ACLs |
| cause a document to become public and the GSA does not use ACLs when |
| considering public documents (and all results are PERMIT). However, for |
| non-Adaptor situations, you can get a document to be private and have no |
| ACLs. In these situations the ACLs are checked, but the result is |
| INDETERMINATE and different authz checks must be made.</div> |
| <dl><dt><span class="strong">Parameters:</span></dt><dd><code>userIdentity</code> - identity containing the user's username and all the |
| groups the user belongs to</dd><dd><code>aclChain</code> - ordered list of ACLs from root to leaf</dd> |
| <dt><span class="strong">Throws:</span></dt> |
| <dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang">IllegalArgumentException</a></code> - if the chain is empty, the first element |
| of the chain's <code>getInheritFrom() != null</code>, or if any element but |
| the first has <code>getInheritFrom() == null</code>.</dd><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><code>isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)</code></a>, |
| <a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor"><code>Acl.InheritanceType</code></a></dd></dl> |
| </li> |
| </ul> |
| <a name="isAuthorizedBatch(com.google.enterprise.adaptor.AuthnIdentity, java.util.Collection, com.google.enterprise.adaptor.Acl.BatchRetriever)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>isAuthorizedBatch</h4> |
| <pre>public static <a href="http://download.oracle.com/javase/6/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a><<a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a>,<a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a>> isAuthorizedBatch(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a> userIdentity, |
| <a href="http://download.oracle.com/javase/6/docs/api/java/util/Collection.html?is-external=true" title="class or interface in java.util">Collection</a><<a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a>> ids, |
| <a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor">Acl.BatchRetriever</a> retriever) |
| throws <a href="http://download.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre> |
| <div class="block">Check authz for many DocIds at once. This will only fetch ACL information |
| for a DocId once, even when considering inheritFrom. It will then create |
| the appropriate chains and call <a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)"><code>isAuthorized()</code></a>. |
| |
| <p>If there is an inheritance cycle, an ACL for a DocId in <code>ids</code> was |
| not returned by <code>retriever</code> when requested, or an inherited ACL was |
| not returned by <code>retriever</code> when requested, its response will be |
| <a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html#INDETERMINATE"><code>AuthzStatus.INDETERMINATE</code></a> for that DocId.</div> |
| <dl><dt><span class="strong">Parameters:</span></dt><dd><code>userIdentity</code> - identity containing the user's username and all the |
| groups the user belongs to</dd><dd><code>ids</code> - collection of DocIds that need authz performed</dd><dd><code>retriever</code> - object to use to obtain an ACL for a given DocId</dd> |
| <dt><span class="strong">Throws:</span></dt> |
| <dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></code> - if the retriever throws an IOException</dd></dl> |
| </li> |
| </ul> |
| <a name="equals(java.lang.Object)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>equals</h4> |
| <pre>public boolean equals(<a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> o)</pre> |
| <div class="block">Equality is determined if all the permit/deny sets are equal and the |
| inheritance is equal.</div> |
| <dl> |
| <dt><strong>Overrides:</strong></dt> |
| <dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang">equals</a></code> in class <code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></code></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="hashCode()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>hashCode</h4> |
| <pre>public int hashCode()</pre> |
| <div class="block">Returns a hash code for this object that agrees with <code>equals</code>.</div> |
| <dl> |
| <dt><strong>Overrides:</strong></dt> |
| <dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang">hashCode</a></code> in class <code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></code></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="toString()"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>toString</h4> |
| <pre>public <a href="http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> toString()</pre> |
| <div class="block">Generates a string useful for debugging that contains users and groups |
| along with inheritance information.</div> |
| <dl> |
| <dt><strong>Overrides:</strong></dt> |
| <dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#toString()" title="class or interface in java.lang">toString</a></code> in class <code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></code></dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar_bottom"> |
| <!-- --> |
| </a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../com/google/enterprise/adaptor/AbstractAdaptor.html" title="class in com.google.enterprise.adaptor"><span class="strong">PREV CLASS</span></a></li> |
| <li><a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor"><span class="strong">NEXT CLASS</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?com/google/enterprise/adaptor/Acl.html" target="_top">FRAMES</a></li> |
| <li><a href="Acl.html" target="_top">NO FRAMES</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>SUMMARY: </li> |
| <li><a href="#nested_class_summary">NESTED</a> | </li> |
| <li><a href="#field_summary">FIELD</a> | </li> |
| <li>CONSTR | </li> |
| <li><a href="#method_summary">METHOD</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>DETAIL: </li> |
| <li><a href="#field_detail">FIELD</a> | </li> |
| <li>CONSTR | </li> |
| <li><a href="#method_detail">METHOD</a></li> |
| </ul> |
| </div> |
| <a name="skip-navbar_bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| </body> |
| </html> |