List of usage examples for org.springframework.security.acls.domain AclImpl AclImpl
public AclImpl(ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy, PermissionGrantingStrategy grantingStrategy, Acl parentAcl, List<Sid> loadedSids, boolean entriesInheriting, Sid owner)
From source file:org.gaixie.micrite.security.service.impl.AclServiceImpl.java
@SuppressWarnings("unchecked") public Map readAclsById(ObjectIdentity[] objects, Sid[] sids) throws NotFoundException { final Map acls = new HashMap(); for (ObjectIdentity object : objects) { // ?Object?acl // ?ObjectclassNameid String javaType = object.getJavaType().getName(); AclClass aclClass = aclClassDAO.findByClass(javaType); // No need to check for nulls, as guaranteed non-null by ObjectIdentity.getIdentifier() interface contract String identifier = object.getIdentifier().toString(); long id = (Long.valueOf(identifier)).longValue(); AclObjectIdentity aclObjectIdentity = aclObjectIdentityDAO.findByObjectId(aclClass.getId(), id); // ?acl?aclaces // spring securityacl? if (aclObjectIdentity == null) { throw new NotFoundException("Could not found specified aclObjectIdentity."); // AclImpl acl = new AclImpl(object, 0, // aclAuthorizationStrategy, auditLogger, // null, null, false, new GrantedAuthoritySid("ROLE_ADMIN")); // acls.put(object, acl); // continue; }/*from w w w. j ava2s. c o m*/ AclSid aclOwnerSid = aclObjectIdentity.getAclSid(); Sid owner; if (aclOwnerSid.isPrincipal()) { owner = new PrincipalSid(aclOwnerSid.getSid()); } else { owner = new GrantedAuthoritySid(aclOwnerSid.getSid()); } AclImpl acl = new AclImpl(object, aclObjectIdentity.getId(), aclAuthorizationStrategy, auditLogger, null, null, false, owner); acls.put(object, acl); Field acesField = FieldUtils.getField(AclImpl.class, "aces"); List aces; try { acesField.setAccessible(true); aces = (List) acesField.get(acl); } catch (IllegalAccessException ex) { throw new IllegalStateException( "Could not obtain AclImpl.ace field: cause[" + ex.getMessage() + "]"); } List<AclEntry> aclEntrys = aclEntryDAO.findByIdentityId(aclObjectIdentity.getId()); for (AclEntry aclEntry : aclEntrys) { AclSid aclSid = aclEntry.getAclSid(); Sid recipient; if (aclSid.isPrincipal()) { recipient = new PrincipalSid(aclSid.getSid()); } else { recipient = new GrantedAuthoritySid(aclSid.getSid()); } int mask = aclEntry.getMask(); Permission permission = convertMaskIntoPermission(mask); boolean granting = aclEntry.isGranting(); boolean auditSuccess = aclEntry.isAuditSuccess(); boolean auditFailure = aclEntry.isAuditFailure(); AccessControlEntryImpl ace = new AccessControlEntryImpl(aclEntry.getId(), acl, recipient, permission, granting, auditSuccess, auditFailure); // Add the ACE if it doesn't already exist in the ACL.aces field if (!aces.contains(ace)) { aces.add(ace); } } } return acls; }
From source file:eu.europeana.aas.acl.CassandraAclService.java
/** * Creates an {@link AclImpl} instance out of the provided data. * * @param aclObjectIdentity the {@link AclObjectIdentity} holding the basic * Acl data.//from w w w . ja v a 2 s.c o m * @param aclEntries a set of {@link AclEntry} objects to be converted to * {@link AccessControlEntry} objects. * @param parentAcl the parent {@link Acl}. * @return an {@link AclImpl} instance. */ private AclImpl convert(AclObjectIdentity aclObjectIdentity, Set<AclEntry> aclEntries, Acl parentAcl) { AclImpl acl = new AclImpl(aclObjectIdentity.toObjectIdentity(), aclObjectIdentity.getId(), aclAuthorizationStrategy, grantingStrategy, parentAcl, null, aclObjectIdentity.isEntriesInheriting(), aclObjectIdentity.getOwnerSid()); List<AccessControlEntry> aces = new ArrayList<>(aclEntries.size()); for (AclEntry entry : aclEntries) { AccessControlEntry ace = new AccessControlEntryImpl(entry.getId(), acl, entry.getSidObject(), permissionFactory.buildFromMask(entry.getMask()), entry.isGranting(), entry.isAuditSuccess(), entry.isAuditFailure()); aces.add(entry.getOrder(), ace); } try { fieldAces.set(acl, aces); } catch (Exception e) { LOG.error("Could not set AccessControlEntries in the ACL", e); } return acl; }
From source file:com.kylinolap.rest.service.AclService.java
@Override public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException { Map<ObjectIdentity, Acl> aclMaps = new HashMap<ObjectIdentity, Acl>(); HTableInterface htable = null;//from w ww. j av a 2 s .c o m Result result = null; try { htable = HBaseConnection.get(hbaseUrl).getTable(aclTableName); for (ObjectIdentity oid : oids) { result = htable.get(new Get(Bytes.toBytes(String.valueOf(oid.getIdentifier())))); if (null != result && !result.isEmpty()) { SidInfo owner = sidSerializer.deserialize(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_OWNER_COLUMN))); Sid ownerSid = (null == owner) ? null : (owner.isPrincipal() ? new PrincipalSid(owner.getSid()) : new GrantedAuthoritySid(owner.getSid())); boolean entriesInheriting = Bytes.toBoolean(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN))); Acl parentAcl = null; DomainObjectInfo parentInfo = domainObjSerializer.deserialize(result.getValue( Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN))); if (null != parentInfo) { ObjectIdentity parentObj = new ObjectIdentityImpl(parentInfo.getType(), parentInfo.getId()); parentAcl = readAclById(parentObj, null); } AclImpl acl = new AclImpl(oid, oid.getIdentifier(), aclAuthorizationStrategy, permissionGrantingStrategy, parentAcl, null, entriesInheriting, ownerSid); genAces(sids, result, acl); aclMaps.put(oid, acl); } else { throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'"); } } } catch (IOException e) { logger.error(e.getLocalizedMessage(), e); } finally { IOUtils.closeQuietly(htable); } return aclMaps; }
From source file:com.cedac.security.acls.mongo.MongoAclService.java
@Override @SuppressWarnings("unchecked") public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException { LOG.trace(ACL, "Reading ACL for object identity {}", object); Acl acl = aclCache.getFromCache(object); if (acl != null && acl.isSidLoaded(sids)) { LOG.debug(ACL, "ACL for id {} found in cache: {}", object, acl); return acl; } else {/*from w ww . j a v a 2 s .c o m*/ LOG.trace(ACL, "No ACL found in cache for id {}: looking into backend.", object); DBObject result = getAclCollection().findOne(queryByObjectIdentity(object)); if (result == null) { LOG.warn(ACL, "No ACL found for object identity {}", object); throw new NotFoundException("No ACL found for object identity " + object); } LOG.trace(ACL, "Trying to loading parent ACL if needed."); Acl parentAcl = null; DBObject parentDbo = (DBObject) result.get(parentObjectFieldName); if (parentDbo != null) { parentAcl = readAclById(toObjectIdentity(parentDbo)); } LOG.trace(ACL, "Extracting loaded SIDs"); List<DBObject> entries = (List<DBObject>) result.get(entriesFieldName); Set<Sid> loadedSids = new HashSet<Sid>(); if (sids != null) { loadedSids.addAll(sids); } if (entries != null) { for (DBObject entry : entries) { loadedSids.add(toSid((DBObject) entry.get(sidFieldName))); } } Sid owner = toSid((DBObject) result.get(ownerFieldName)); AclImpl loadedAcl = new AclImpl(object, result.get("_id").toString(), aclAuthorizationStrategy, permissionGrantingStrategy, parentAcl, new ArrayList<Sid>(loadedSids), (Boolean) result.get(entriesInheritingFieldName), owner); if (entries != null) { List<AccessControlEntry> aces = new ArrayList<AccessControlEntry>(); for (int i = 0; i < entries.size(); i++) { aces.add(toAccessControlEntry(i, loadedAcl, entries.get(i))); } try { acesField.set(loadedAcl, new ArrayList<AccessControlEntry>(aces)); } catch (Exception ex) { throw new IllegalStateException("Unable to set ACEs.", ex); } } aclCache.putInCache(loadedAcl); return loadedAcl; } }
From source file:org.bremersee.common.security.acls.jdbc.BasicLookupStrategy.java
/** * The final phase of converting the <code>Map</code> of <code>AclImpl</code> * instances which contain <code>StubAclParent</code>s into proper, valid * <code>AclImpl</code>s with correct ACL parents. * * @param inputMap the unconverted <code>AclImpl</code>s * @param currentIdentity the current<code>Acl</code> that we wish to convert (this * may be//w w w. jav a 2 s. co m * */ private AclImpl convert(Map<Serializable, Acl> inputMap, Long currentIdentity) { Assert.notEmpty(inputMap, "InputMap required"); Assert.notNull(currentIdentity, "CurrentIdentity required"); // Retrieve this Acl from the InputMap Acl uncastAcl = inputMap.get(currentIdentity); Assert.isInstanceOf(AclImpl.class, uncastAcl, "The inputMap contained a non-AclImpl"); AclImpl inputAcl = (AclImpl) uncastAcl; Acl parent = inputAcl.getParentAcl(); if ((parent != null) && parent instanceof StubAclParent) { // Lookup the parent StubAclParent stubAclParent = (StubAclParent) parent; parent = convert(inputMap, stubAclParent.getId()); } // Now we have the parent (if there is one), create the true AclImpl AclImpl result = new AclImpl(inputAcl.getObjectIdentity(), inputAcl.getId(), aclAuthorizationStrategy, grantingStrategy, parent, null, inputAcl.isEntriesInheriting(), inputAcl.getOwner()); // Copy the "aces" from the input to the destination // Obtain the "aces" from the input ACL List<AccessControlEntryImpl> aces = readAces(inputAcl); // Create a list in which to store the "aces" for the "result" AclImpl instance List<AccessControlEntryImpl> acesNew = new ArrayList<>(); // Iterate over the "aces" input and replace each nested // AccessControlEntryImpl.getAcl() with the new "result" AclImpl instance // This ensures StubAclParent instances are removed, as per SEC-951 for (AccessControlEntryImpl ace : aces) { setAclOnAce(ace, result); acesNew.add(ace); } // Finally, now that the "aces" have been converted to have the "result" AclImpl // instance, modify the "result" AclImpl instance setAces(result, acesNew); return result; }
From source file:org.apache.kylin.rest.service.AclService.java
@Override public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException { Map<ObjectIdentity, Acl> aclMaps = new HashMap<ObjectIdentity, Acl>(); HTableInterface htable = null;/*w w w. ja va 2 s .c o m*/ Result result = null; try { htable = aclHBaseStorage.getTable(aclTableName); for (ObjectIdentity oid : oids) { result = htable.get(new Get(Bytes.toBytes(String.valueOf(oid.getIdentifier())))); if (null != result && !result.isEmpty()) { SidInfo owner = sidSerializer .deserialize(result.getValue(Bytes.toBytes(AclHBaseStorage.ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_OWNER_COLUMN))); Sid ownerSid = (null == owner) ? null : (owner.isPrincipal() ? new PrincipalSid(owner.getSid()) : new GrantedAuthoritySid(owner.getSid())); boolean entriesInheriting = Bytes .toBoolean(result.getValue(Bytes.toBytes(AclHBaseStorage.ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN))); Acl parentAcl = null; DomainObjectInfo parentInfo = domainObjSerializer .deserialize(result.getValue(Bytes.toBytes(AclHBaseStorage.ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN))); if (null != parentInfo) { ObjectIdentity parentObj = new ObjectIdentityImpl(parentInfo.getType(), parentInfo.getId()); parentAcl = readAclById(parentObj, null); } AclImpl acl = new AclImpl(oid, oid.getIdentifier(), aclAuthorizationStrategy, permissionGrantingStrategy, parentAcl, null, entriesInheriting, ownerSid); genAces(sids, result, acl); aclMaps.put(oid, acl); } else { throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'"); } } } catch (IOException e) { throw new RuntimeException(e.getMessage(), e); } finally { IOUtils.closeQuietly(htable); } return aclMaps; }
From source file:org.apache.kylin.rest.service.LegacyAclService.java
@Override public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException { Map<ObjectIdentity, Acl> aclMaps = new HashMap<ObjectIdentity, Acl>(); Table htable = null;//from w w w .j a v a 2 s . co m Result result = null; try { htable = aclHBaseStorage.getTable(aclTableName); for (ObjectIdentity oid : oids) { result = htable.get(new Get(Bytes.toBytes(String.valueOf(oid.getIdentifier())))); if (null != result && !result.isEmpty()) { SidInfo owner = sidSerializer .deserialize(result.getValue(Bytes.toBytes(AclHBaseStorage.ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_OWNER_COLUMN))); Sid ownerSid = (null == owner) ? null : (owner.isPrincipal() ? new PrincipalSid(owner.getSid()) : new GrantedAuthoritySid(owner.getSid())); boolean entriesInheriting = Bytes .toBoolean(result.getValue(Bytes.toBytes(AclHBaseStorage.ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN))); Acl parentAcl = null; DomainObjectInfo parentInfo = domainObjSerializer .deserialize(result.getValue(Bytes.toBytes(AclHBaseStorage.ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN))); if (null != parentInfo) { ObjectIdentity parentObj = new ObjectIdentityImpl(parentInfo.getType(), parentInfo.getId()); parentAcl = readAclById(parentObj, null); } AclImpl acl = new AclImpl(oid, oid.getIdentifier(), aclAuthorizationStrategy, permissionGrantingStrategy, parentAcl, null, entriesInheriting, ownerSid); genAces(sids, result, acl); aclMaps.put(oid, acl); } else { throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'"); } } } catch (IOException e) { throw new RuntimeException(e.getMessage(), e); } finally { IOUtils.closeQuietly(htable); } return aclMaps; }
From source file:org.springframework.security.acls.cassandra.CassandraAclService.java
/** * Creates an {@link AclImpl} instance out of the provided data. * /* w w w . j a va 2 s .c o m*/ * @param aclObjectIdentity the {@link AclObjectIdentity} holding the basic Acl data. * @param aclEntries a set of {@link AclEntry} objects to be converted to {@link AccessControlEntry} objects. * @param parentAcl the parent {@link Acl}. * @return an {@link AclImpl} instance. */ private AclImpl convert(AclObjectIdentity aclObjectIdentity, Set<AclEntry> aclEntries, Acl parentAcl) { AclImpl acl = new AclImpl(aclObjectIdentity.toObjectIdentity(), aclObjectIdentity.getId(), aclAuthorizationStrategy, grantingStrategy, parentAcl, null, aclObjectIdentity.isEntriesInheriting(), aclObjectIdentity.getOwnerSid()); List<AccessControlEntry> aces = new ArrayList<AccessControlEntry>(aclEntries.size()); for (AclEntry entry : aclEntries) { AccessControlEntry ace = new AccessControlEntryImpl(entry.getId(), acl, entry.getSidObject(), permissionFactory.buildFromMask(entry.getMask()), entry.isGranting(), entry.isAuditSuccess(), entry.isAuditFailure()); aces.add(entry.getOrder(), ace); } try { fieldAces.set(acl, aces); } catch (Exception e) { LOG.error("Could not set AccessControlEntries in the ACL", e); } return acl; }