Interface representing an Access Control List (ACL).  An Access
Control List is a data structure used to guard access to
resources.

An ACL can be thought of as a data structure with multiple ACL
entries.  Each ACL entry, of interface type AclEntry, contains a
set of permissions associated with a particular principal. (A
principal represents an entity such as an individual user or a
group). Additionally, each ACL entry is specified as being either
positive or negative. If positive, the permissions are to be
granted to the associated principal. If negative, the permissions
are to be denied.

The ACL Entries in each ACL observe the following rules:

 Each principal can have at most one positive ACL entry and
one negative entry; that is, multiple positive or negative ACL
entries are not allowed for any principal.  Each entry specifies
the set of permissions that are to be granted (if positive) or
denied (if negative).

If there is no entry for a particular principal, then the
principal is considered to have a null (empty) permission set.

If there is a positive entry that grants a principal a
particular permission, and a negative entry that denies the
principal the same permission, the result is as though the
permission was never granted or denied.

Individual permissions always override permissions of the
group(s) to which the individual belongs. That is, individual
negative permissions (specific denial of permissions) override the
groups' positive permissions. And individual positive permissions
override the groups' negative permissions.



The java.security.acl  package provides the
interfaces to the ACL and related data structures (ACL entries,
groups, permissions, etc.), and the sun.security.acl
classes provide a default implementation of the interfaces. For
example, java.security.acl.Acl  provides the
interface to an ACL and the sun.security.acl.AclImpl
class provides the default implementation of the interface.

The java.security.acl.Acl  interface extends the
java.security.acl.Owner  interface. The Owner
interface is used to maintain a list of owners for each ACL.  Only
owners are allowed to modify an ACL. For example, only an owner can
call the ACL's addEntry method to add a new ACL entry
to the ACL.

This is the interface used for representing one entry in an Access
Control List (ACL).

An ACL can be thought of as a data structure with multiple ACL entry
objects. Each ACL entry object contains a set of permissions associated
with a particular principal. (A principal represents an entity such as
an individual user or a group). Additionally, each ACL entry is specified
as being either positive or negative. If positive, the permissions are
to be granted to the associated principal. If negative, the permissions
are to be denied. Each principal can have at most one positive ACL entry
and one negative entry; that is, multiple positive or negative ACL
entries are not allowed for any principal.

Note: ACL entries are by default positive. An entry becomes a
negative entry only if the
setNegativePermissions
method is called on it.

This is an exception that is thrown whenever a reference is made to a
non-existent ACL (Access Control List).

This interface is used to represent a group of principals. (A principal
represents an entity such as an individual user or a company).

Note that Group extends Principal. Thus, either a Principal or a Group can
be passed as an argument to methods containing a Principal parameter. For
example, you can add either a Principal or a Group to a Group object by
calling the object's addMember method, passing it the
Principal or Group.

This is an exception that is thrown whenever an attempt is made to delete
the last owner of an Access Control List.

This is an exception that is thrown whenever the modification of an object
(such as an Access Control List) is only allowed to be done by an owner of
the object, but the Principal attempting the modification is not an owner.

Interface for managing owners of Access Control Lists (ACLs) or ACL
configurations. (Note that the Acl interface in the
java.security.acl package extends this Owner
interface.) The initial owner Principal should be specified as an
argument to the constructor of the class implementing this interface.

This interface represents a permission, such as that used to grant
a particular type of access to a resource.