Google Git
Sign in
code / plexi / hourly / eb84f4fe3db74ca86c39476db52447eaf2691fac / . / javadoc / com / google / enterprise / adaptor / Acl.html
blob: 8fe43e95fbc665ffbe33f5c673b049ba43d3b940 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--NewPage-->
<HTML>
<HEAD>
<TITLE>
Acl
</TITLE>
<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../stylesheet.css" TITLE="Style">
<SCRIPT type="text/javascript">
function windowTitle()
{
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="Acl";
}
}
</SCRIPT>
<NOSCRIPT>
</NOSCRIPT>
</HEAD>
<BODY BGCOLOR="white" onload="windowTitle();">
<HR>
<!-- ========= START OF TOP NAVBAR ======= -->
<A NAME="navbar_top"><!-- --></A>
<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
<TR>
<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
<A NAME="navbar_top_firstrow"><!-- --></A>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
<TR ALIGN="center" VALIGN="top">
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
</TR>
</TABLE>
</TD>
<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
</EM>
</TD>
</TR>
<TR>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
&nbsp;<A HREF="../../../../com/google/enterprise/adaptor/AbstractDocumentTransform.html" title="class in com.google.enterprise.adaptor"><B>PREV CLASS</B></A>&nbsp;
&nbsp;<A HREF="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor"><B>NEXT CLASS</B></A></FONT></TD>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
<A HREF="../../../../index.html?com/google/enterprise/adaptor/Acl.html" target="_top"><B>FRAMES</B></A> &nbsp;
&nbsp;<A HREF="Acl.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
&nbsp;<SCRIPT type="text/javascript">
<!--
if(window==top) {
document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>');
}
//-->
</SCRIPT>
<NOSCRIPT>
<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>
</NOSCRIPT>
</FONT></TD>
</TR>
<TR>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
SUMMARY:&nbsp;<A HREF="#nested_class_summary">NESTED</A>&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
</TR>
</TABLE>
<A NAME="skip-navbar_top"></A>
<!-- ========= END OF TOP NAVBAR ========= -->
<HR>
<!-- ======== START OF CLASS DATA ======== -->
<H2>
<FONT SIZE="-1">
com.google.enterprise.adaptor</FONT>
<BR>
Class Acl</H2>
<PRE>
<A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</A>
<IMG SRC="../../../../resources/inherit.gif" ALT="extended by "><B>com.google.enterprise.adaptor.Acl</B>
</PRE>
<HR>
<DL>
<DT><PRE>public class <B>Acl</B><DT>extends <A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A></DL>
</PRE>
<P>
Immutable access control list. For description of the semantics of the
various fields, see <A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><CODE>isAuthorizedLocal</CODE></A> and
<A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)"><CODE>isAuthorized</CODE></A>. Users and groups must not be <code>null</code>, <code>""</code>, or have surrounding whitespace. These values are
disallowed to prevent confusion since <code>null</code> doesn't make sense, <code>""</code> would be ignored by the GSA, and surrounding whitespace is automatically
trimmed by the GSA.
<P>
<P>
<HR>
<P>
<!-- ======== NESTED CLASS SUMMARY ======== -->
<A NAME="nested_class_summary"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
<B>Nested Class Summary</B></FONT></TH>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;interface</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor">Acl.BatchRetriever</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Batch retrieval of ACLs for efficent processing of many authz checks at
once.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;class</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.Builder.html" title="class in com.google.enterprise.adaptor">Acl.Builder</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Mutable ACL for creating instances of <A HREF="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor"><CODE>Acl</CODE></A>.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;class</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor">Acl.InheritanceType</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The rule for combining a parent's authz response with its child's.</TD>
</TR>
</TABLE>
&nbsp;<!-- =========== FIELD SUMMARY =========== -->
<A NAME="field_summary"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
<B>Field Summary</B></FONT></TH>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;<A HREF="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#EMPTY">EMPTY</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Empty convenience instance with all defaults used.</TD>
</TR>
</TABLE>
&nbsp;
<!-- ========== METHOD SUMMARY =========== -->
<A NAME="method_summary"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
<B>Method Summary</B></FONT></TH>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;boolean</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#equals(java.lang.Object)">equals</A></B>(<A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A>&nbsp;o)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Equality is determined if all the permit/deny sets are equal and the
inheritance is equal.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;<A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</A>&gt;</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#getDenyGroups()">getDenyGroups</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns immutable set of denied groups.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;<A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</A>&gt;</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#getDenyUsers()">getDenyUsers</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns immutable set of denied users.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;<A HREF="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor">Acl.InheritanceType</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#getInheritanceType()">getInheritanceType</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the inheritance type used to combine authz decisions of these ACLs
with its <em>child</em>.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;<A HREF="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#getInheritFrom()">getInheritFrom</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns <code>DocId</code> these ACLs are inherited from.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;<A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</A>&gt;</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#getPermitGroups()">getPermitGroups</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns immutable set of permitted groups.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;<A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</A>&gt;</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#getPermitUsers()">getPermitUsers</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns immutable set of permitted users.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;int</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#hashCode()">hashCode</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns a hash code for this object that agrees with <code>equals</code>.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;<A HREF="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)">isAuthorized</A></B>(<A HREF="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</A>&nbsp;userIdentity,
<A HREF="http://download.oracle.com/javase/6/docs/api/java/util/List.html?is-external=true" title="class or interface in java.util">List</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</A>&gt;&nbsp;aclChain)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Determine if the provided <code>userIdentity</code> belonging to <code>groups</code> is authorized for the provided <code>aclChain</code>.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;<A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</A>,<A HREF="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</A>&gt;</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedBatch(com.google.enterprise.adaptor.AuthnIdentity, java.util.Collection, com.google.enterprise.adaptor.Acl.BatchRetriever)">isAuthorizedBatch</A></B>(<A HREF="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</A>&nbsp;userIdentity,
<A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Collection.html?is-external=true" title="class or interface in java.util">Collection</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</A>&gt;&nbsp;ids,
<A HREF="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor">Acl.BatchRetriever</A>&nbsp;retriever)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Check authz for many DocIds at once.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;<A HREF="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)">isAuthorizedLocal</A></B>(<A HREF="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</A>&nbsp;userIdentity)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Determine if the provided <code>userIdentifier</code> belonging to <code>groups</code> is authorized, ignoring inheritance.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;boolean</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isEverythingCaseInsensitive()">isEverythingCaseInsensitive</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Says whether letter casing doesn't matter during authorization.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;boolean</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isEverythingCaseSensitive()">isEverythingCaseSensitive</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Says whether letter casing differentiates names during authorization.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;<A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#toString()">toString</A></B>()</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Generates a string useful for debugging that contains users and groups
along with inheritance information.</TD>
</TR>
</TABLE>
&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
<TH ALIGN="left"><B>Methods inherited from class java.lang.<A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A></B></TH>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD><CODE><A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang">clone</A>, <A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang">finalize</A>, <A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang">getClass</A>, <A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang">notify</A>, <A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang">notifyAll</A>, <A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang">wait</A>, <A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang">wait</A>, <A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait(long, int)" title="class or interface in java.lang">wait</A></CODE></TD>
</TR>
</TABLE>
&nbsp;
<P>
<!-- ============ FIELD DETAIL =========== -->
<A NAME="field_detail"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2">
<B>Field Detail</B></FONT></TH>
</TR>
</TABLE>
<A NAME="EMPTY"><!-- --></A><H3>
EMPTY</H3>
<PRE>
public static final <A HREF="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</A> <B>EMPTY</B></PRE>
<DL>
<DD>Empty convenience instance with all defaults used.
<P>
<DL>
<DT><B>See Also:</B><DD><A HREF="../../../../com/google/enterprise/adaptor/Acl.Builder.html#Acl.Builder()"><CODE>Acl.Builder.Acl.Builder()</CODE></A></DL>
</DL>
<!-- ============ METHOD DETAIL ========== -->
<A NAME="method_detail"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2">
<B>Method Detail</B></FONT></TH>
</TR>
</TABLE>
<A NAME="getPermitGroups()"><!-- --></A><H3>
getPermitGroups</H3>
<PRE>
public <A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</A>&gt; <B>getPermitGroups</B>()</PRE>
<DL>
<DD>Returns immutable set of permitted groups.
<P>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="getDenyGroups()"><!-- --></A><H3>
getDenyGroups</H3>
<PRE>
public <A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</A>&gt; <B>getDenyGroups</B>()</PRE>
<DL>
<DD>Returns immutable set of denied groups.
<P>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="getPermitUsers()"><!-- --></A><H3>
getPermitUsers</H3>
<PRE>
public <A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</A>&gt; <B>getPermitUsers</B>()</PRE>
<DL>
<DD>Returns immutable set of permitted users.
<P>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="getDenyUsers()"><!-- --></A><H3>
getDenyUsers</H3>
<PRE>
public <A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</A>&gt; <B>getDenyUsers</B>()</PRE>
<DL>
<DD>Returns immutable set of denied users.
<P>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="getInheritFrom()"><!-- --></A><H3>
getInheritFrom</H3>
<PRE>
public <A HREF="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</A> <B>getInheritFrom</B>()</PRE>
<DL>
<DD>Returns <code>DocId</code> these ACLs are inherited from. This is also known as
the "parent's" ACLs. Note that the parent's <code>InheritanceType</code>
determines how to combine results with this ACL.
<P>
<DD><DL>
<DT><B>See Also:</B><DD><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#getInheritanceType()"><CODE>getInheritanceType()</CODE></A></DL>
</DD>
</DL>
<HR>
<A NAME="getInheritanceType()"><!-- --></A><H3>
getInheritanceType</H3>
<PRE>
public <A HREF="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor">Acl.InheritanceType</A> <B>getInheritanceType</B>()</PRE>
<DL>
<DD>Returns the inheritance type used to combine authz decisions of these ACLs
with its <em>child</em>. The inheritance type applies to the interaction
between this ACL and any <em>children</em> it has.
<P>
<DD><DL>
<DT><B>See Also:</B><DD><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#getInheritFrom()"><CODE>getInheritFrom()</CODE></A></DL>
</DD>
</DL>
<HR>
<A NAME="isEverythingCaseSensitive()"><!-- --></A><H3>
isEverythingCaseSensitive</H3>
<PRE>
public boolean <B>isEverythingCaseSensitive</B>()</PRE>
<DL>
<DD>Says whether letter casing differentiates names during authorization.
<P>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="isEverythingCaseInsensitive()"><!-- --></A><H3>
isEverythingCaseInsensitive</H3>
<PRE>
public boolean <B>isEverythingCaseInsensitive</B>()</PRE>
<DL>
<DD>Says whether letter casing doesn't matter during authorization.
<P>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><!-- --></A><H3>
isAuthorizedLocal</H3>
<PRE>
public <A HREF="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</A> <B>isAuthorizedLocal</B>(<A HREF="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</A>&nbsp;userIdentity)</PRE>
<DL>
<DD>Determine if the provided <code>userIdentifier</code> belonging to <code>groups</code> is authorized, ignoring inheritance. Deny trumps permit,
independent of how specific the rule is. So if a user is in permitUsers and
one of the user's groups is in denyGroups, that user will be denied. If a
user and his groups are unspecified in the ACL, then the response is
indeterminate.
<P>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)"><!-- --></A><H3>
isAuthorized</H3>
<PRE>
public static <A HREF="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</A> <B>isAuthorized</B>(<A HREF="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</A>&nbsp;userIdentity,
<A HREF="http://download.oracle.com/javase/6/docs/api/java/util/List.html?is-external=true" title="class or interface in java.util">List</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</A>&gt;&nbsp;aclChain)</PRE>
<DL>
<DD>Determine if the provided <code>userIdentity</code> belonging to <code>groups</code> is authorized for the provided <code>aclChain</code>. The chain should
be in order of root to leaf; that means that the particular file or folder
you are checking for authz will be at the end of the chain.
<p>If you have an ACL and wish to determine if a user is authorized, you
should manually generate an aclChain by recursively retrieving the ACLs of
the <code>inheritFrom</code> <A HREF="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor"><CODE>DocId</CODE></A>. The ACL you started with should be
at the end of the chain. Alternatively, you can use <A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedBatch(com.google.enterprise.adaptor.AuthnIdentity, java.util.Collection, com.google.enterprise.adaptor.Acl.BatchRetriever)"><CODE>isAuthorizedBatch()</CODE></A>.
<p>If the entire chain has empty permit/deny sets, then the result is
<A HREF="../../../../com/google/enterprise/adaptor/AuthzStatus.html#INDETERMINATE"><CODE>AuthzStatus.INDETERMINATE</CODE></A>.
<p>The result of the entire chain is the non-local decision of the root.
The non-local decision of any entry in the chain is the local decision of
that entry (as calculated with <A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><CODE>isAuthorizedLocal()</CODE></A>) combined with the non-local decision of the next
entry in the chain via the <code>InheritanceType</code> of the original entry.
To repeat, the non-local decision of an entry is that entry's local
decision combined using its <code>InheritanceType</code> with its child's
non-local decision (which is recursive). Thus, if the root's inheritance
type is <A HREF="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html#PARENT_OVERRIDES"><CODE>Acl.InheritanceType.PARENT_OVERRIDES</CODE></A> and its local decision is
<A HREF="../../../../com/google/enterprise/adaptor/AuthzStatus.html#DENY"><CODE>AuthzStatus.DENY</CODE></A>, then independent of any decendant's local
decision, the decision of the chain will be <code>DENY</code>.
<p>It should also be noted that the leaf's inheritance type does not matter
and is ignored.
<p>It is very important to note that a completely empty ACL (one that has
all defaults) is equivalent to having no ACLs. The GSA considers content
from the Adaptor as public unless it provides an ACL. Thus, empty ACLs
cause a document to become public and the GSA does not use ACLs when
considering public documents (and all results are PERMIT). However, for
non-Adaptor situations, you can get a document to be private and have no
ACLs. In these situations the ACLs are checked, but the result is
INDETERMINATE and different authz checks must be made.
<P>
<DD><DL>
<DT><B>Parameters:</B><DD><CODE>userIdentity</CODE> - identity containing the user's username and all the
groups the user belongs to<DD><CODE>aclChain</CODE> - ordered list of ACLs from root to leaf
<DT><B>Throws:</B>
<DD><CODE><A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang">IllegalArgumentException</A></CODE> - if the chain is empty, the first element
of the chain's <code>getInheritFrom() != null</code>, or if any element but
the first has <code>getInheritFrom() == null</code>.<DT><B>See Also:</B><DD><A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><CODE>isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)</CODE></A>,
<A HREF="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor"><CODE>Acl.InheritanceType</CODE></A></DL>
</DD>
</DL>
<HR>
<A NAME="isAuthorizedBatch(com.google.enterprise.adaptor.AuthnIdentity, java.util.Collection, com.google.enterprise.adaptor.Acl.BatchRetriever)"><!-- --></A><H3>
isAuthorizedBatch</H3>
<PRE>
public static <A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</A>,<A HREF="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</A>&gt; <B>isAuthorizedBatch</B>(<A HREF="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</A>&nbsp;userIdentity,
<A HREF="http://download.oracle.com/javase/6/docs/api/java/util/Collection.html?is-external=true" title="class or interface in java.util">Collection</A>&lt;<A HREF="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</A>&gt;&nbsp;ids,
<A HREF="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor">Acl.BatchRetriever</A>&nbsp;retriever)
throws <A HREF="http://download.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</A></PRE>
<DL>
<DD>Check authz for many DocIds at once. This will only fetch ACL information
for a DocId once, even when considering inheritFrom. It will then create
the appropriate chains and call <A HREF="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)"><CODE>isAuthorized()</CODE></A>.
<p>If there is an inheritance cycle, an ACL for a DocId in <code>ids</code> was
not returned by <code>retriever</code> when requested, or an inherited ACL was
not returned by <code>retriever</code> when requested, its response will be
<A HREF="../../../../com/google/enterprise/adaptor/AuthzStatus.html#INDETERMINATE"><CODE>AuthzStatus.INDETERMINATE</CODE></A> for that DocId.
<P>
<DD><DL>
<DT><B>Parameters:</B><DD><CODE>userIdentity</CODE> - identity containing the user's username and all the
groups the user belongs to<DD><CODE>ids</CODE> - collection of DocIds that need authz performed<DD><CODE>retriever</CODE> - object to use to obtain an ACL for a given DocId
<DT><B>Throws:</B>
<DD><CODE><A HREF="http://download.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</A></CODE> - if the retriever throws an IOException</DL>
</DD>
</DL>
<HR>
<A NAME="equals(java.lang.Object)"><!-- --></A><H3>
equals</H3>
<PRE>
public boolean <B>equals</B>(<A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A>&nbsp;o)</PRE>
<DL>
<DD>Equality is determined if all the permit/deny sets are equal and the
inheritance is equal.
<P>
<DD><DL>
<DT><B>Overrides:</B><DD><CODE><A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang">equals</A></CODE> in class <CODE><A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A></CODE></DL>
</DD>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="hashCode()"><!-- --></A><H3>
hashCode</H3>
<PRE>
public int <B>hashCode</B>()</PRE>
<DL>
<DD>Returns a hash code for this object that agrees with <code>equals</code>.
<P>
<DD><DL>
<DT><B>Overrides:</B><DD><CODE><A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang">hashCode</A></CODE> in class <CODE><A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A></CODE></DL>
</DD>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="toString()"><!-- --></A><H3>
toString</H3>
<PRE>
public <A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A> <B>toString</B>()</PRE>
<DL>
<DD>Generates a string useful for debugging that contains users and groups
along with inheritance information.
<P>
<DD><DL>
<DT><B>Overrides:</B><DD><CODE><A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#toString()" title="class or interface in java.lang">toString</A></CODE> in class <CODE><A HREF="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A></CODE></DL>
</DD>
<DD><DL>
</DL>
</DD>
</DL>
<!-- ========= END OF CLASS DATA ========= -->
<HR>
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<A NAME="navbar_bottom"><!-- --></A>
<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
<TR>
<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
<A NAME="navbar_bottom_firstrow"><!-- --></A>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
<TR ALIGN="center" VALIGN="top">
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
</TR>
</TABLE>
</TD>
<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
</EM>
</TD>
</TR>
<TR>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
&nbsp;<A HREF="../../../../com/google/enterprise/adaptor/AbstractDocumentTransform.html" title="class in com.google.enterprise.adaptor"><B>PREV CLASS</B></A>&nbsp;
&nbsp;<A HREF="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor"><B>NEXT CLASS</B></A></FONT></TD>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
<A HREF="../../../../index.html?com/google/enterprise/adaptor/Acl.html" target="_top"><B>FRAMES</B></A> &nbsp;
&nbsp;<A HREF="Acl.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
&nbsp;<SCRIPT type="text/javascript">
<!--
if(window==top) {
document.writeln('<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>');
}
//-->
</SCRIPT>
<NOSCRIPT>
<A HREF="../../../../allclasses-noframe.html"><B>All Classes</B></A>
</NOSCRIPT>
</FONT></TD>
</TR>
<TR>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
SUMMARY:&nbsp;<A HREF="#nested_class_summary">NESTED</A>&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
</TR>
</TABLE>
<A NAME="skip-navbar_bottom"></A>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
<HR>
</BODY>
</HTML>