下面列出了java.nio.file.attribute.FileAttributeView#java.nio.file.attribute.AclFileAttributeView 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private static void makeFileNonReadable(String file) throws IOException {
Path filePath = Paths.get(file);
Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews();
if (supportedAttr.contains("posix")) {
Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----"));
} else if (supportedAttr.contains("acl")) {
UserPrincipal fileOwner = Files.getOwner(filePath);
AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class);
AclEntry entry = AclEntry.newBuilder()
.setType(AclEntryType.DENY)
.setPrincipal(fileOwner)
.setPermissions(AclEntryPermission.READ_DATA)
.build();
List<AclEntry> acl = view.getAcl();
acl.add(0, entry);
view.setAcl(acl);
}
}
private void addExecPermission(final Path helm) throws IOException {
Set<String> fileAttributeView = FileSystems.getDefault().supportedFileAttributeViews();
if (fileAttributeView.contains("posix")) {
final Set<PosixFilePermission> permissions;
try {
permissions = Files.getPosixFilePermissions(helm);
} catch (UnsupportedOperationException e) {
getLog().debug("Exec file permission is not set", e);
return;
}
permissions.add(PosixFilePermission.OWNER_EXECUTE);
Files.setPosixFilePermissions(helm, permissions);
} else if (fileAttributeView.contains("acl")) {
String username = System.getProperty("user.name");
UserPrincipal userPrincipal = FileSystems.getDefault().getUserPrincipalLookupService().lookupPrincipalByName(username);
AclEntry aclEntry = AclEntry.newBuilder().setPermissions(AclEntryPermission.EXECUTE).setType(AclEntryType.ALLOW).setPrincipal(userPrincipal).build();
AclFileAttributeView acl = Files.getFileAttributeView(helm, AclFileAttributeView.class, LinkOption.NOFOLLOW_LINKS);
List<AclEntry> aclEntries = acl.getAcl();
aclEntries.add(aclEntry);
acl.setAcl(aclEntries);
}
}
public static void fixSshKeyOnWindows(Path file) {
AclFileAttributeView fileAttributeView = Files
.getFileAttributeView(file, AclFileAttributeView.class);
if (fileAttributeView == null) return;
try {
UserPrincipal userPrincipal = fileAttributeView.getOwner();
AclEntry aclEntry = AclEntry.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(userPrincipal)
.setPermissions(ACL_ENTRY_PERMISSIONS)
.build();
fileAttributeView.setAcl(Collections.singletonList(aclEntry));
} catch (IOException | UnsupportedOperationException e) {
throw new IllegalStateException("Error updating file permission for \"" + file + "\"", e);
}
}
/**
* Test: File and FileStore attributes
*/
@Test
public void testFileStoreAttributes() throws URISyntaxException, IOException {
URI uri = clusterUri.resolve("/tmp/testFileStore");
Path path = Paths.get(uri);
if (Files.exists(path))
Files.delete(path);
assertFalse(Files.exists(path));
Files.createFile(path);
assertTrue(Files.exists(path));
FileStore store1 = Files.getFileStore(path);
assertNotNull(store1);
assertTrue(store1.supportsFileAttributeView("basic"));
assertTrue(store1.supportsFileAttributeView(BasicFileAttributeView.class));
assertTrue(store1.supportsFileAttributeView("posix") == store1
.supportsFileAttributeView(PosixFileAttributeView.class));
assertTrue(store1.supportsFileAttributeView("dos") == store1
.supportsFileAttributeView(DosFileAttributeView.class));
assertTrue(store1.supportsFileAttributeView("acl") == store1
.supportsFileAttributeView(AclFileAttributeView.class));
assertTrue(store1.supportsFileAttributeView("user") == store1
.supportsFileAttributeView(UserDefinedFileAttributeView.class));
}
private static List<FileAttribute<List<AclEntry>>> getAclAttributes(Path file) throws IOException {
if (Files.exists(file) && supportsFileOwnerAttributeView(file, AclFileAttributeView.class)) {
AclFileAttributeView aclView = Files.getFileAttributeView(file, AclFileAttributeView.class);
if (aclView != null) {
final List<AclEntry> entries = aclView.getAcl();
return Collections.singletonList(new FileAttribute<List<AclEntry>>() {
@Override
public List<AclEntry> value() {
return entries;
}
@Override
public String name() {
return "acl:acl";
}
});
}
}
return Collections.emptyList();
}
@Test
public void testView() throws IOException {
AclFileAttributeView view =
provider.view(
fileLookup(),
ImmutableMap.<String, FileAttributeView>of(
"owner", new OwnerAttributeProvider().view(fileLookup(), NO_INHERITED_VIEWS)));
assertNotNull(view);
assertThat(view.name()).isEqualTo("acl");
assertThat(view.getAcl()).isEqualTo(defaultAcl);
view.setAcl(ImmutableList.<AclEntry>of());
view.setOwner(FOO);
assertThat(view.getAcl()).isEqualTo(ImmutableList.<AclEntry>of());
assertThat(view.getOwner()).isEqualTo(FOO);
assertThat(file.getAttribute("acl", "acl")).isEqualTo(ImmutableList.<AclEntry>of());
}
void fixSshKeyOnWindows(File key) throws GitException {
if (launcher.isUnix()) return;
Path file = Paths.get(key.toURI());
AclFileAttributeView fileAttributeView = Files.getFileAttributeView(file, AclFileAttributeView.class);
if (fileAttributeView == null) return;
try {
UserPrincipal userPrincipal = fileAttributeView.getOwner();
AclEntry aclEntry = AclEntry.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(userPrincipal)
.setPermissions(ACL_ENTRY_PERMISSIONS)
.build();
fileAttributeView.setAcl(Collections.singletonList(aclEntry));
} catch (IOException | UnsupportedOperationException e) {
throw new GitException("Error updating file permission for \"" + key.getAbsolutePath() + "\"", e);
}
}
public static void setReadOnlyPerms(Path path, boolean executable) throws IOException {
FileStore fileStore = Files.getFileStore(path);
if (fileStore.supportsFileAttributeView("posix")) {
if (executable) {
Files.setPosixFilePermissions(path, readOnlyExecPerms);
} else {
Files.setPosixFilePermissions(path, readOnlyPerms);
}
} else if (fileStore.supportsFileAttributeView("acl")) {
// windows, we hope
UserPrincipal authenticatedUsers =
path.getFileSystem()
.getUserPrincipalLookupService()
.lookupPrincipalByName("Authenticated Users");
AclEntry denyWriteEntry =
AclEntry.newBuilder()
.setType(AclEntryType.DENY)
.setPrincipal(authenticatedUsers)
.setPermissions(AclEntryPermission.APPEND_DATA, AclEntryPermission.WRITE_DATA)
.build();
AclEntry execEntry =
AclEntry.newBuilder()
.setType(executable ? AclEntryType.ALLOW : AclEntryType.DENY)
.setPrincipal(authenticatedUsers)
.setPermissions(AclEntryPermission.EXECUTE)
.build();
AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
List<AclEntry> acl = view.getAcl();
acl.add(0, execEntry);
acl.add(0, denyWriteEntry);
view.setAcl(acl);
} else {
throw new UnsupportedOperationException("no recognized attribute view");
}
}
private static void makeWritable(Path dir, boolean writable) throws IOException {
FileStore fileStore = Files.getFileStore(dir);
if (fileStore.supportsFileAttributeView("posix")) {
if (writable) {
Files.setPosixFilePermissions(dir, writablePerms);
} else {
Files.setPosixFilePermissions(dir, nonWritablePerms);
}
} else if (fileStore.supportsFileAttributeView("acl")) {
// windows, we hope
UserPrincipal authenticatedUsers =
dir.getFileSystem()
.getUserPrincipalLookupService()
.lookupPrincipalByName("Authenticated Users");
AclEntry entry =
AclEntry.newBuilder()
.setType(writable ? AclEntryType.ALLOW : AclEntryType.DENY)
.setPrincipal(authenticatedUsers)
.setPermissions(
AclEntryPermission.DELETE,
AclEntryPermission.DELETE_CHILD,
AclEntryPermission.ADD_FILE,
AclEntryPermission.ADD_SUBDIRECTORY)
.build();
AclFileAttributeView view = Files.getFileAttributeView(dir, AclFileAttributeView.class);
List<AclEntry> acl = view.getAcl();
acl.add(0, entry);
view.setAcl(acl);
} else {
throw new UnsupportedOperationException("no recognized attribute view");
}
}
private void makeKeyFileReadOnly(File file) throws IOException
{
if(isPosixFileSystem(file))
{
Files.setPosixFilePermissions(file.toPath(), EnumSet.of(PosixFilePermission.OWNER_READ));
}
else if(isAclFileSystem(file))
{
AclFileAttributeView attributeView = Files.getFileAttributeView(file.toPath(), AclFileAttributeView.class);
ArrayList<AclEntry> acls = new ArrayList<>(attributeView.getAcl());
ListIterator<AclEntry> iter = acls.listIterator();
file.setReadOnly();
while(iter.hasNext())
{
AclEntry acl = iter.next();
Set<AclEntryPermission> originalPermissions = acl.permissions();
Set<AclEntryPermission> updatedPermissions = EnumSet.copyOf(originalPermissions);
if(updatedPermissions.removeAll(EnumSet.of(AclEntryPermission.APPEND_DATA,
AclEntryPermission.DELETE,
AclEntryPermission.EXECUTE,
AclEntryPermission.WRITE_ACL,
AclEntryPermission.WRITE_DATA,
AclEntryPermission.WRITE_ATTRIBUTES,
AclEntryPermission.WRITE_NAMED_ATTRS,
AclEntryPermission.WRITE_OWNER)))
{
AclEntry.Builder builder = AclEntry.newBuilder(acl);
builder.setPermissions(updatedPermissions);
iter.set(builder.build());
}
}
attributeView.setAcl(acls);
}
else
{
throw new IllegalArgumentException(ILLEGAL_ARG_EXCEPTION);
}
}
@Before
public void beforeEach() throws Exception {
assumeTrue(isWindows());
file = Files.createTempFile("permission-test-", "");
fileAttributeView = Files.getFileAttributeView(file, AclFileAttributeView.class);
assertNotNull(fileAttributeView);
userPrincipal = fileAttributeView.getOwner();
assertNotNull(userPrincipal);
}
@Before
public void beforeEach() throws Exception {
assumeTrue(isWindows());
cliGit = new CliGitAPIImpl("git", new File("."), null, null);
file = cliGit.createTempFile("permission", ".suff");
Path path = Paths.get(file.toURI());
fileAttributeView = Files.getFileAttributeView(path, AclFileAttributeView.class);
assertNotNull(fileAttributeView);
userPrincipal = fileAttributeView.getOwner();
assertNotNull(userPrincipal);
}
/**
* Sample for mapping permissions from a source repository to Cloud Search
* ACLs. In this example, NFS file system ACls are used as the source
* permissions.
*
* @return Acl
* @throws IOException if unable to read file permissions
*/
// [START cloud_search_nfs_acl]
static Acl mapNfsAclToCloudSearchAcl(Path pathToFile) throws IOException {
// Id of the identity source for external user/group IDs. Shown here,
// but may be omitted in the SDK as it is automatically applied
// based on the `api.identitySourceId` configuration parameter.
String identitySourceId = "abcdef12345";
// Retrieve the file system ACLs
AclFileAttributeView aclView = Files.getFileAttributeView(
pathToFile,
AclFileAttributeView.class,
LinkOption.NOFOLLOW_LINKS);
if (aclView == null) {
// Can't read, return empty ACl
return new Acl.Builder().build();
}
// Owner, for search quality and owner: filters
// Note that for principals the name is not the primary
// email address in Cloud Directory, but the local ID defined
// by the OS. Users and groups must be referred to by their
// external ID and mapped via an identity source. The SDK
// will automatically prepend the identity source prefix based on
// the `api.identitySourceId` configuration parameter.
List<Principal> owners = Collections.singletonList(
Acl.getUserPrincipal(aclView.getOwner().getName(), identitySourceId)
);
// Principals allowed to access item
List<Principal> allowedReaders = new ArrayList<>();
// Principals denied access to item
List<Principal> deniedReaders = new ArrayList<>();
for(AclEntry entry: aclView.getAcl()) {
UserPrincipal fsPrincipal = entry.principal();
Principal cloudSearchPrincipal = fsPrincipal instanceof GroupPrincipal ?
Acl.getGroupPrincipal(fsPrincipal.getName(), identitySourceId) :
Acl.getUserPrincipal(fsPrincipal.getName(), identitySourceId);
if (entry.type() == AclEntryType.ALLOW) {
allowedReaders.add(cloudSearchPrincipal);
} else if (entry.type() == AclEntryType.DENY) {
deniedReaders.add(cloudSearchPrincipal);
}
}
// Build the Cloud Search ACL. Note that inheritance of permissions
// from parents is omitted. See `setInheritFrom()` and `setInheritanceType()`
// methods on the builder if required by your implementation.
return new Acl.Builder()
.setReaders(allowedReaders)
.setDeniedReaders(deniedReaders)
.setOwners(owners)
.build();
}
private void checkFilePermissions(String fileLocation, File file) throws IOException
{
if(isPosixFileSystem(file))
{
Set<PosixFilePermission> permissions = Files.getPosixFilePermissions(file.toPath());
if (permissions.contains(PosixFilePermission.GROUP_READ)
|| permissions.contains(PosixFilePermission.OTHERS_READ)
|| permissions.contains(PosixFilePermission.GROUP_WRITE)
|| permissions.contains(PosixFilePermission.OTHERS_WRITE)) {
throw new IllegalArgumentException("Key file '"
+ fileLocation
+ "' has incorrect permissions. Only the owner "
+ "should be able to read or write this file.");
}
}
else if(isAclFileSystem(file))
{
AclFileAttributeView attributeView = Files.getFileAttributeView(file.toPath(), AclFileAttributeView.class);
ArrayList<AclEntry> acls = new ArrayList<>(attributeView.getAcl());
ListIterator<AclEntry> iter = acls.listIterator();
UserPrincipal owner = Files.getOwner(file.toPath());
while(iter.hasNext())
{
AclEntry acl = iter.next();
if(acl.type() == AclEntryType.ALLOW)
{
Set<AclEntryPermission> originalPermissions = acl.permissions();
Set<AclEntryPermission> updatedPermissions = EnumSet.copyOf(originalPermissions);
if (updatedPermissions.removeAll(EnumSet.of(AclEntryPermission.APPEND_DATA,
AclEntryPermission.EXECUTE,
AclEntryPermission.WRITE_ACL,
AclEntryPermission.WRITE_DATA,
AclEntryPermission.WRITE_OWNER))) {
throw new IllegalArgumentException("Key file '"
+ fileLocation
+ "' has incorrect permissions. The file should not be modifiable by any user.");
}
if (!owner.equals(acl.principal()) && updatedPermissions.removeAll(EnumSet.of(AclEntryPermission.READ_DATA))) {
throw new IllegalArgumentException("Key file '"
+ fileLocation
+ "' has incorrect permissions. Only the owner should be able to read from the file.");
}
}
}
}
else
{
throw new IllegalArgumentException(ILLEGAL_ARG_EXCEPTION);
}
}
private boolean isAclFileSystem(File file) throws IOException
{
return Files.getFileAttributeView(file.toPath(), AclFileAttributeView.class) != null;
}
private static void setPermissionsToOwnerOnlyWindows(File file) throws IOException {
Path path = Paths.get(file.getAbsolutePath());
FileOwnerAttributeView fileAttributeView =
Files.getFileAttributeView(path, FileOwnerAttributeView.class);
UserPrincipal owner = fileAttributeView.getOwner();
// get view
AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
// All available entries
Set<AclEntryPermission> permissions =
ImmutableSet.of(
AclEntryPermission.APPEND_DATA,
AclEntryPermission.DELETE,
AclEntryPermission.DELETE_CHILD,
AclEntryPermission.READ_ACL,
AclEntryPermission.READ_ATTRIBUTES,
AclEntryPermission.READ_DATA,
AclEntryPermission.READ_NAMED_ATTRS,
AclEntryPermission.SYNCHRONIZE,
AclEntryPermission.WRITE_ACL,
AclEntryPermission.WRITE_ATTRIBUTES,
AclEntryPermission.WRITE_DATA,
AclEntryPermission.WRITE_NAMED_ATTRS,
AclEntryPermission.WRITE_OWNER);
// create ACL to give owner everything
AclEntry entry =
AclEntry.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(owner)
.setPermissions(permissions)
.build();
// Overwrite the ACL with only this permission
try {
view.setAcl(ImmutableList.of(entry));
} catch (SecurityException ex) {
throw new IOException("Unable to set permissions for " + file, ex);
}
}
@Override
public void testCopy() throws Exception {
super.testCopy();
CloverURI source;
CloverURI target;
CopyResult result;
source = relativeURI("W.TMP");
if (manager.exists(source)) { // case insensitive file system
target = relativeURI("w.tmp");
result = manager.copy(source, target);
assertFalse(result.success());
assertTrue(manager.exists(source));
}
{
// CLO-4658:
source = relativeURI("unreadable.tmp");
target = relativeURI("unreadable_destination/");
manager.create(source);
manager.create(target);
File file = new File(source.getAbsoluteURI().getSingleURI().toURI());
Path path = file.toPath();
assertTrue(file.exists());
if (!file.setReadable(false)) {
AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class);
UserPrincipal owner = view.getOwner();
List<AclEntry> acl = view.getAcl();
for (ListIterator<AclEntry> it = acl.listIterator(); it.hasNext(); ) {
AclEntry entry = it.next();
if (entry.principal().equals(owner)) {
Set<AclEntryPermission> permissions = entry.permissions();
permissions.remove(AclEntryPermission.READ_DATA);
AclEntry.Builder builder = AclEntry.newBuilder(entry);
builder.setPermissions(permissions);
it.set(builder.build());
break;
}
}
view.setAcl(acl);
}
assertFalse(Files.isReadable(path));
result = manager.copy(source, target);
assertFalse(result.success());
assertFalse(manager.exists(relativeURI("unreadable_destination/unreadable.tmp")));
}
}
@Override
public Class<AclFileAttributeView> viewType() {
return AclFileAttributeView.class;
}
@Override
public AclFileAttributeView view(
FileLookup lookup, ImmutableMap<String, FileAttributeView> inheritedViews) {
return new View(lookup, (FileOwnerAttributeView) inheritedViews.get("owner"));
}