next up previous
Next: Performance Up: Authorization Previous: Access Control Lists

Rule-Based Access Control Policy


Subclasses of PermissionGranter use a set of rules to implement the checkPermission() method appropriately. The UnixStylePermissionGranter, for example, recursively checks all parent directories for Execute permission before checking the actual file for the requested permission. It also maps Permissions to their equivalent UNIX mode bits counterparts. It performs several translations, such as mapping List to Read, and Delete to Write on the file's parent directory.

Since JNFS runs on top of a native file system, it adapts ACLs to the native file system's conception of file permissions. Since Java does not provide a platform-independent mechanism for generating ACLs from the information provided by operating system, the UnixNativePermissionGranter class provides this information by making native calls to stat(), getpwuid(), and getgrgid(). Similarly, in order to convert ACLs to UNIX permission bits, it makes native calls to chmod() and chown(). An NTNativePermissionGranter class would make calls to the Win32 equivalents to these functions.

Michael John Radwin
Thu May 8 10:49:26 EDT 1997