name once. private XYZPayrollPermission mergeXYZPayrollPermission a, XYZPayrollPermission b { String aAction = a.getActions ; if aAction.equals return b; String bAction = b.getActions ; if bAction.equals return a; return new XYZPayrollPermissiona.getName , aAction + , + bAction; } } Note the logic within the implies method −− its the important part of this example. The implies method must test each permission in the hashtable or whatever other container youve used to store the added permissions, but it should do so efficiently. We could always call the implies method of each entry in the hashtable, but that would clearly not be efficient −− its better to call only the implies method on a permission in the table that has a matching name. The only trick is that we wont find a matching name if were doing wildcard pattern matching −− if weve added the name to the table, well always want to return true , even though looking up the name John Smith in the table will not return the administrative entry. Implementing this wildcard pattern matching efficiently is the key to writing a good permission collection. When you use or subclass one of the concrete permission classes that we listed in Chapter 2, there is no need to provide a permission collection class −− all concrete implementations provide their own collection. In addition, there are two other cases when you do not need to implement a permission collection: When you extend the Permission class, but do not do wildcard pattern matching. Hidden internally within the Java API is a PermissionsHash class, which is the default permission collection class for permission objects. The PermissionsHash class stores the aggregated permissions in a hashtable, so the implementations of its add and elements methods are straightforward. The implementation of its implies method is based on looking up the name of the permission parameter in the hashtable collection: if an entry is found, then the implies method is called on that entry. • When you extend the BasicPermission class and do not provide support for actions. The newPermissionClass method of the BasicPermission class will provide a permission collection that handles wildcard pattern matching correctly and efficiently. • If you implement your own PermissionCollection class, you must keep track of whether it has been marked as read−only. There are two methods involved in this: public boolean isReadOnly Return an indication of whether the collection has been marked as read−only. public void setReadOnly Set the collection to be read−only. Once the read−only flag has been set, it cannot be cleared: the collection will remain read−only forever. 86