*
     * @return the ACE flags
     */
    int getFlags();

    /**
     * Returns true if this ACE is an inherited ACE and false if it is a direct ACE.
     * <p>
     * Note: For reasons not fully understood, <code>FLAGS_INHERITED</code> may
     * not be set within all security descriptors even though the ACE was in
     * face inherited. If an inherited ACE is added to a parent the Windows

    }

    /**
     * Returns true if this ACE is an inherited ACE and false if it is a direct ACE.
     * <p>
     * Note: For reasons not fully understood, <code>FLAGS_INHERITED</code> may
     * not be set within all security descriptors even though the ACE was in
     * face inherited. If an inherited ACE is added to a parent the Windows
     * ACL editor will rebuild all children ACEs and set this flag accordingly.

          "type":       "stemmer_override",
          "rules": []
        },
        "romanian_stop": {
          "type":       "stop",

 * available online).
 * <p>
 * Direct ACEs are evaluated first in order. The SID of the user performing
 * the operation and the desired access bits are compared to the SID
 * and access mask of each ACE. If the SID matches, the allow/deny flags
 * and access mask are considered. If the ACE is a "deny"
 * ACE and <i>any</i> of the desired access bits match bits in the access
 * mask of the ACE, the whole access check fails. If the ACE is an "allow"

            int[] accessConstants = { ACE.FILE_READ_DATA, ACE.FILE_WRITE_DATA, ACE.FILE_APPEND_DATA, ACE.FILE_READ_EA, ACE.FILE_WRITE_EA,
                    ACE.FILE_EXECUTE, ACE.FILE_DELETE, ACE.FILE_READ_ATTRIBUTES, ACE.FILE_WRITE_ATTRIBUTES, ACE.DELETE, ACE.READ_CONTROL,
                    ACE.WRITE_DAC, ACE.WRITE_OWNER, ACE.SYNCHRONIZE, ACE.GENERIC_ALL, ACE.GENERIC_EXECUTE, ACE.GENERIC_WRITE,
                    ACE.GENERIC_READ };

        securityDescriptorBytes[20] = 2; // ACL revision
        securityDescriptorBytes[21] = 0; // sbz1
        securityDescriptorBytes[22] = 8; // ACL size (low byte)
        securityDescriptorBytes[23] = 0; // ACL size (high byte)
        securityDescriptorBytes[24] = 0; // ACE count (low byte) - 0 ACEs
        securityDescriptorBytes[25] = 0; // ACE count (high byte)

                final Set<SID> sidAllowSet = new HashSet<>();
                final Set<SID> sidDenySet = new HashSet<>();
                for (final ACE ace : aces) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("ACE:{}", ace);
                    }

                final Set<SID> sidDenySet = new HashSet<>();
                for (final ACE ace : aces) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("ACE:{}", ace);
                    }
                    processAllowedSIDs(file, ace.getSID(), ace.isAllow() ? sidAllowSet : sidDenySet);
                }

            // Then
            assertNotNull(security1, "Security ACEs should not be null");
            assertNotNull(security2, "Security ACEs with resolve should not be null");
            assertNotNull(shareSecurity, "Share security ACEs should not be null");
            assertEquals(1, security1.length, "Should return expected number of ACEs");

            }

            this.aces = new ACE[numAces];
            for (int i = 0; i < numAces; i++) {
                this.aces[i] = new ACE();
                bufferIndex += this.aces[i].decode(buffer, bufferIndex, len - bufferIndex);
            }
        } else {
            this.aces = null;
        }

        return bufferIndex - start;
    }