下面列出了怎么用java.nio.file.attribute.AclEntryType的API类实例代码及写法,或者点击链接到github查看源代码。
private static void makeFileNonReadable(String file) throws IOException {
Path filePath = Paths.get(file);
Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews();
if (supportedAttr.contains("posix")) {
Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----"));
} else if (supportedAttr.contains("acl")) {
UserPrincipal fileOwner = Files.getOwner(filePath);
AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class);
AclEntry entry = AclEntry.newBuilder()
.setType(AclEntryType.DENY)
.setPrincipal(fileOwner)
.setPermissions(AclEntryPermission.READ_DATA)
.build();
List<AclEntry> acl = view.getAcl();
acl.add(0, entry);
view.setAcl(acl);
}
}
private void addExecPermission(final Path helm) throws IOException {
Set<String> fileAttributeView = FileSystems.getDefault().supportedFileAttributeViews();
if (fileAttributeView.contains("posix")) {
final Set<PosixFilePermission> permissions;
try {
permissions = Files.getPosixFilePermissions(helm);
} catch (UnsupportedOperationException e) {
getLog().debug("Exec file permission is not set", e);
return;
}
permissions.add(PosixFilePermission.OWNER_EXECUTE);
Files.setPosixFilePermissions(helm, permissions);
} else if (fileAttributeView.contains("acl")) {
String username = System.getProperty("user.name");
UserPrincipal userPrincipal = FileSystems.getDefault().getUserPrincipalLookupService().lookupPrincipalByName(username);
AclEntry aclEntry = AclEntry.newBuilder().setPermissions(AclEntryPermission.EXECUTE).setType(AclEntryType.ALLOW).setPrincipal(userPrincipal).build();
AclFileAttributeView acl = Files.getFileAttributeView(helm, AclFileAttributeView.class, LinkOption.NOFOLLOW_LINKS);
List<AclEntry> aclEntries = acl.getAcl();
aclEntries.add(aclEntry);
acl.setAcl(aclEntries);
}
}
public static void fixSshKeyOnWindows(Path file) {
AclFileAttributeView fileAttributeView = Files
.getFileAttributeView(file, AclFileAttributeView.class);
if (fileAttributeView == null) return;
try {
UserPrincipal userPrincipal = fileAttributeView.getOwner();
AclEntry aclEntry = AclEntry.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(userPrincipal)
.setPermissions(ACL_ENTRY_PERMISSIONS)
.build();
fileAttributeView.setAcl(Collections.singletonList(aclEntry));
} catch (IOException | UnsupportedOperationException e) {
throw new IllegalStateException("Error updating file permission for \"" + file + "\"", e);
}
}
private AclEntry createConfigurationAccessACLEntry(UserPrincipal user) {
AclEntry entry = AclEntry
.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(user)
.setPermissions(
AclEntryPermission.WRITE_NAMED_ATTRS,
AclEntryPermission.WRITE_DATA,
AclEntryPermission.WRITE_ATTRIBUTES,
AclEntryPermission.READ_ATTRIBUTES,
AclEntryPermission.APPEND_DATA,
AclEntryPermission.READ_DATA,
AclEntryPermission.READ_NAMED_ATTRS,
AclEntryPermission.READ_ACL,
AclEntryPermission.SYNCHRONIZE,
AclEntryPermission.DELETE)
.setFlags(AclEntryFlag.FILE_INHERIT)
.build();
return entry;
}
void fixSshKeyOnWindows(File key) throws GitException {
if (launcher.isUnix()) return;
Path file = Paths.get(key.toURI());
AclFileAttributeView fileAttributeView = Files.getFileAttributeView(file, AclFileAttributeView.class);
if (fileAttributeView == null) return;
try {
UserPrincipal userPrincipal = fileAttributeView.getOwner();
AclEntry aclEntry = AclEntry.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(userPrincipal)
.setPermissions(ACL_ENTRY_PERMISSIONS)
.build();
fileAttributeView.setAcl(Collections.singletonList(aclEntry));
} catch (IOException | UnsupportedOperationException e) {
throw new GitException("Error updating file permission for \"" + key.getAbsolutePath() + "\"", e);
}
}
public static void setReadOnlyPerms(Path path, boolean executable) throws IOException {
FileStore fileStore = Files.getFileStore(path);
if (fileStore.supportsFileAttributeView("posix")) {
if (executable) {
Files.setPosixFilePermissions(path, readOnlyExecPerms);
} else {
Files.setPosixFilePermissions(path, readOnlyPerms);
}
} else if (fileStore.supportsFileAttributeView("acl")) {
// windows, we hope
UserPrincipal authenticatedUsers =
path.getFileSystem()
.getUserPrincipalLookupService()
.lookupPrincipalByName("Authenticated Users");
AclEntry denyWriteEntry =
AclEntry.newBuilder()
.setType(AclEntryType.DENY)
.setPrincipal(authenticatedUsers)
.setPermissions(AclEntryPermission.APPEND_DATA, AclEntryPermission.WRITE_DATA)
.build();
AclEntry execEntry =
AclEntry.newBuilder()
.setType(executable ? AclEntryType.ALLOW : AclEntryType.DENY)
.setPrincipal(authenticatedUsers)
.setPermissions(AclEntryPermission.EXECUTE)
.build();
AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
List<AclEntry> acl = view.getAcl();
acl.add(0, execEntry);
acl.add(0, denyWriteEntry);
view.setAcl(acl);
} else {
throw new UnsupportedOperationException("no recognized attribute view");
}
}
private static void makeWritable(Path dir, boolean writable) throws IOException {
FileStore fileStore = Files.getFileStore(dir);
if (fileStore.supportsFileAttributeView("posix")) {
if (writable) {
Files.setPosixFilePermissions(dir, writablePerms);
} else {
Files.setPosixFilePermissions(dir, nonWritablePerms);
}
} else if (fileStore.supportsFileAttributeView("acl")) {
// windows, we hope
UserPrincipal authenticatedUsers =
dir.getFileSystem()
.getUserPrincipalLookupService()
.lookupPrincipalByName("Authenticated Users");
AclEntry entry =
AclEntry.newBuilder()
.setType(writable ? AclEntryType.ALLOW : AclEntryType.DENY)
.setPrincipal(authenticatedUsers)
.setPermissions(
AclEntryPermission.DELETE,
AclEntryPermission.DELETE_CHILD,
AclEntryPermission.ADD_FILE,
AclEntryPermission.ADD_SUBDIRECTORY)
.build();
AclFileAttributeView view = Files.getFileAttributeView(dir, AclFileAttributeView.class);
List<AclEntry> acl = view.getAcl();
acl.add(0, entry);
view.setAcl(acl);
} else {
throw new UnsupportedOperationException("no recognized attribute view");
}
}
@Test
public void test_windows_file_permission_is_set_correctly() throws Exception {
fixSshKeyOnWindows(file);
assertEquals(1, fileAttributeView.getAcl().size());
AclEntry aclEntry = fileAttributeView.getAcl().get(0);
assertTrue(aclEntry.flags().isEmpty());
assertEquals(ACL_ENTRY_PERMISSIONS, aclEntry.permissions());
assertEquals(userPrincipal, aclEntry.principal());
assertEquals(AclEntryType.ALLOW, aclEntry.type());
}
@Test
public void test_windows_file_permission_is_set_correctly() throws Exception {
cliGit.fixSshKeyOnWindows(file);
assertEquals(1, fileAttributeView.getAcl().size());
AclEntry aclEntry = fileAttributeView.getAcl().get(0);
assertTrue(aclEntry.flags().isEmpty());
assertEquals(CliGitAPIImpl.ACL_ENTRY_PERMISSIONS, aclEntry.permissions());
assertEquals(userPrincipal, aclEntry.principal());
assertEquals(AclEntryType.ALLOW, aclEntry.type());
}
/**
* Sample for mapping permissions from a source repository to Cloud Search
* ACLs. In this example, NFS file system ACls are used as the source
* permissions.
*
* @return Acl
* @throws IOException if unable to read file permissions
*/
// [START cloud_search_nfs_acl]
static Acl mapNfsAclToCloudSearchAcl(Path pathToFile) throws IOException {
// Id of the identity source for external user/group IDs. Shown here,
// but may be omitted in the SDK as it is automatically applied
// based on the `api.identitySourceId` configuration parameter.
String identitySourceId = "abcdef12345";
// Retrieve the file system ACLs
AclFileAttributeView aclView = Files.getFileAttributeView(
pathToFile,
AclFileAttributeView.class,
LinkOption.NOFOLLOW_LINKS);
if (aclView == null) {
// Can't read, return empty ACl
return new Acl.Builder().build();
}
// Owner, for search quality and owner: filters
// Note that for principals the name is not the primary
// email address in Cloud Directory, but the local ID defined
// by the OS. Users and groups must be referred to by their
// external ID and mapped via an identity source. The SDK
// will automatically prepend the identity source prefix based on
// the `api.identitySourceId` configuration parameter.
List<Principal> owners = Collections.singletonList(
Acl.getUserPrincipal(aclView.getOwner().getName(), identitySourceId)
);
// Principals allowed to access item
List<Principal> allowedReaders = new ArrayList<>();
// Principals denied access to item
List<Principal> deniedReaders = new ArrayList<>();
for(AclEntry entry: aclView.getAcl()) {
UserPrincipal fsPrincipal = entry.principal();
Principal cloudSearchPrincipal = fsPrincipal instanceof GroupPrincipal ?
Acl.getGroupPrincipal(fsPrincipal.getName(), identitySourceId) :
Acl.getUserPrincipal(fsPrincipal.getName(), identitySourceId);
if (entry.type() == AclEntryType.ALLOW) {
allowedReaders.add(cloudSearchPrincipal);
} else if (entry.type() == AclEntryType.DENY) {
deniedReaders.add(cloudSearchPrincipal);
}
}
// Build the Cloud Search ACL. Note that inheritance of permissions
// from parents is omitted. See `setInheritFrom()` and `setInheritanceType()`
// methods on the builder if required by your implementation.
return new Acl.Builder()
.setReaders(allowedReaders)
.setDeniedReaders(deniedReaders)
.setOwners(owners)
.build();
}
private void checkFilePermissions(String fileLocation, File file) throws IOException
{
if(isPosixFileSystem(file))
{
Set<PosixFilePermission> permissions = Files.getPosixFilePermissions(file.toPath());
if (permissions.contains(PosixFilePermission.GROUP_READ)
|| permissions.contains(PosixFilePermission.OTHERS_READ)
|| permissions.contains(PosixFilePermission.GROUP_WRITE)
|| permissions.contains(PosixFilePermission.OTHERS_WRITE)) {
throw new IllegalArgumentException("Key file '"
+ fileLocation
+ "' has incorrect permissions. Only the owner "
+ "should be able to read or write this file.");
}
}
else if(isAclFileSystem(file))
{
AclFileAttributeView attributeView = Files.getFileAttributeView(file.toPath(), AclFileAttributeView.class);
ArrayList<AclEntry> acls = new ArrayList<>(attributeView.getAcl());
ListIterator<AclEntry> iter = acls.listIterator();
UserPrincipal owner = Files.getOwner(file.toPath());
while(iter.hasNext())
{
AclEntry acl = iter.next();
if(acl.type() == AclEntryType.ALLOW)
{
Set<AclEntryPermission> originalPermissions = acl.permissions();
Set<AclEntryPermission> updatedPermissions = EnumSet.copyOf(originalPermissions);
if (updatedPermissions.removeAll(EnumSet.of(AclEntryPermission.APPEND_DATA,
AclEntryPermission.EXECUTE,
AclEntryPermission.WRITE_ACL,
AclEntryPermission.WRITE_DATA,
AclEntryPermission.WRITE_OWNER))) {
throw new IllegalArgumentException("Key file '"
+ fileLocation
+ "' has incorrect permissions. The file should not be modifiable by any user.");
}
if (!owner.equals(acl.principal()) && updatedPermissions.removeAll(EnumSet.of(AclEntryPermission.READ_DATA))) {
throw new IllegalArgumentException("Key file '"
+ fileLocation
+ "' has incorrect permissions. Only the owner should be able to read from the file.");
}
}
}
}
else
{
throw new IllegalArgumentException(ILLEGAL_ARG_EXCEPTION);
}
}
private static void setPermissionsToOwnerOnlyWindows(File file) throws IOException {
Path path = Paths.get(file.getAbsolutePath());
FileOwnerAttributeView fileAttributeView =
Files.getFileAttributeView(path, FileOwnerAttributeView.class);
UserPrincipal owner = fileAttributeView.getOwner();
// get view
AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
// All available entries
Set<AclEntryPermission> permissions =
ImmutableSet.of(
AclEntryPermission.APPEND_DATA,
AclEntryPermission.DELETE,
AclEntryPermission.DELETE_CHILD,
AclEntryPermission.READ_ACL,
AclEntryPermission.READ_ATTRIBUTES,
AclEntryPermission.READ_DATA,
AclEntryPermission.READ_NAMED_ATTRS,
AclEntryPermission.SYNCHRONIZE,
AclEntryPermission.WRITE_ACL,
AclEntryPermission.WRITE_ATTRIBUTES,
AclEntryPermission.WRITE_DATA,
AclEntryPermission.WRITE_NAMED_ATTRS,
AclEntryPermission.WRITE_OWNER);
// create ACL to give owner everything
AclEntry entry =
AclEntry.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(owner)
.setPermissions(permissions)
.build();
// Overwrite the ACL with only this permission
try {
view.setAcl(ImmutableList.of(entry));
} catch (SecurityException ex) {
throw new IOException("Unable to set permissions for " + file, ex);
}
}