List of usage examples for org.springframework.security.acls.domain GrantedAuthoritySid GrantedAuthoritySid
public GrantedAuthoritySid(GrantedAuthority grantedAuthority)
From source file:net.projectmonkey.spring.acl.hbase.repository.AclRecordTest.java
@Test public void creatingIdentityWithByteArrayIdentifier() { NavigableMap<byte[], byte[]> familyMap = recordMap(byte[].class, false); AclRecord underTest = new AclRecord(ID.getBytes(), familyMap, null); ObjectIdentity returnedIdentity = underTest.getIdentity(); assertEquals(TYPE, returnedIdentity.getType()); assertTrue(ArrayUtils.isEquals(ID.getBytes(), returnedIdentity.getIdentifier())); assertTrue(ArrayUtils.isEquals(ID.getBytes(), underTest.getKey())); assertTrue(ArrayUtils.isEquals(byte[].class.getName().getBytes(), underTest.getIdTypeBytes())); assertEquals(new GrantedAuthoritySid(SOME_PRINCIPAL), underTest.getOwner()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1")); assertNotNull(acl);//from w w w .j av a2s . c o m assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:pl.exsio.frameset.vaadin.ui.support.component.data.form.SecurityPermissionsForm.java
private void handleRoleSelectionChange(ComboBox roleSelect, final FormLayout permissionsLayout, final JPAContainer<? extends Role> roles, final Map<String, Permission> permissionsMap) { roleSelect.addValueChangeListener(new Property.ValueChangeListener() { private Map<CheckBox, Permission> permissionCbsMap; @Override/*w w w . java 2s . c om*/ public void valueChange(Property.ValueChangeEvent event) { if (event.getProperty().getValue() != null) { this.createRolePermissionsForm(event); } } private void createRolePermissionsForm(Property.ValueChangeEvent event) throws NumberFormatException { this.permissionCbsMap = new HashMap<>(); permissionsLayout.removeAllComponents(); Long itemId = Long.parseLong(event.getProperty().getValue().toString()); Role selectedRole = roles.getItem(itemId).getEntity(); final GrantedAuthoritySid sid = new GrantedAuthoritySid(selectedRole.getName()); for (String permissionName : permissionsMap.keySet()) { CheckBox permissionCb = this.createPermissionCheckbox(permissionName, sid); permissionsLayout.addComponent(permissionCb); } Button savePermissions = this.createSaveButton(sid); permissionsLayout.addComponent(savePermissions); } private CheckBox createPermissionCheckbox(String permissionName, final GrantedAuthoritySid sid) { CheckBox permissionCb = new CheckBox(permissionName, acl.isGranted(subject, permissionsMap.get(permissionName), sid)); this.permissionCbsMap.put(permissionCb, permissionsMap.get(permissionName)); return permissionCb; } private Button createSaveButton(final GrantedAuthoritySid sid) { Button savePermissions = new Button(t("core.save"), FontAwesome.FLOPPY_O); savePermissions.addClickListener(new Button.ClickListener() { @Override public void buttonClick(Button.ClickEvent event) { for (CheckBox permissionCb : permissionCbsMap.keySet()) { if (permissionCb.getValue()) { acl.grant(subject, permissionCbsMap.get(permissionCb), sid); } else { acl.revoke(subject, permissionCbsMap.get(permissionCb), sid); } } Notification.show(t("core.security.management.permision.update.success")); } }); return savePermissions; } }); }
From source file:org.jtalks.common.service.security.AclManagerImplTest.java
@Test public void testRevoke() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(target.getClass(), ID); MutableAcl objectAcl = new AclImpl(objectIdentity, 2L, mock(AclAuthorizationStrategy.class), mock(AuditLogger.class)); objectAcl.insertAce(objectAcl.getEntries().size(), BasePermission.READ, new PrincipalSid(USERNAME), true); objectAcl.insertAce(objectAcl.getEntries().size(), BasePermission.READ, new GrantedAuthoritySid(ROLE), true);// w ww . j av a 2s. com when(aclService.readAclById(objectIdentity)).thenReturn(objectAcl); manager.revoke(sids, permissions, target); assertNotGranted(objectAcl, new PrincipalSid(USERNAME), BasePermission.READ, "Permission to user granted"); assertNotGranted(objectAcl, new GrantedAuthoritySid(ROLE), BasePermission.READ, "Permission to ROLE_USER granted"); verify(aclService).readAclById(objectIdentity); verify(aclService).updateAcl(objectAcl); }
From source file:net.projectmonkey.spring.acl.hbase.repository.AccessControlEntryValueTest.java
@Test public void regeneratingKeyFromDenyingBytes() { Mockito.when(permissionFactory.buildFromMask(PERMISSION.getMask())).thenReturn(PERMISSION); Sid sid = new GrantedAuthoritySid(AUTHORITY); AccessControlEntryValue underTest = new AccessControlEntryValue(DENYING_NON_PRINCIPAL_KEY_BYTES, permissionFactory);/*from w ww . j a v a2s .c o m*/ assertFalse(underTest.isGranting()); assertTrue(ArrayUtils.isEquals(DENYING_NON_PRINCIPAL_KEY_BYTES, underTest.getKey())); assertEquals(ID, underTest.getId()); assertEquals(sid, underTest.getSid()); assertEquals(AUTHORITY, underTest.getAuthority()); assertEquals(PERMISSION, underTest.getPermission()); }
From source file:com.cedac.security.acls.mongo.MongoMutableAclServiceTests.java
@Test @ShouldMatchDataSet/*w ww. j a va 2s . com*/ public void updateAcl_addEntries() { MutableAcl acl = (MutableAcl) fixture .readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Device", "1.1.2")); acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER"), true); acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER"), true); fixture.updateAcl(acl); }
From source file:org.jtalks.common.security.acl.sids.JtalksSidFactory.java
/** * Looks at the format of the {@code sidName} and finds out what sid implementation should be created. If the * specified name doesn't comply with the format of custom sids (prefix + {@link UniversalSid#SID_NAME_SEPARATOR} + * entity id), then ordinary Spring Security implementations are used (either {@link PrincipalSid} or {@link * GrantedAuthoritySid} which is defined by the second parameter {@code principal}. * * @param sidName the name of the sid (its id) to look at its format and decide what implementation of sid should * be created//from w ww. ja v a2 s. c om * @param principal pass {@code true} if it's some kind of entity ID (like user or group), or {@code false} if it's * some standard role ({@link GrantedAuthoritySid} * @return created instance of sid that has the {@code sidName} as the sid id inside */ @Override public Sid create(@Nonnull String sidName, boolean principal) { Sid toReturn = parseCustomSid(sidName); if (toReturn == null) { if (principal) { toReturn = new PrincipalSid(sidName); } else { toReturn = new GrantedAuthoritySid(sidName); } } return toReturn; }
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepositoryTest.java
@Test public void acesAreReturnedInTheOrderTheyWerePriorToPersistence() { SimpleAcl acl = createAcl("id1"); acl.insertAce(UUID.randomUUID(), 0, BasePermission.WRITE, new GrantedAuthoritySid("another authority"), true);/* www.j a v a 2 s . com*/ acl.insertAce(UUID.randomUUID(), 0, BasePermission.READ, new GrantedAuthoritySid("another authority"), true); assertEquals(3, acl.getEntries().size()); underTest.update(acl); ObjectIdentity oid1 = acl.getObjectIdentity(); PrincipalSid owner = new PrincipalSid(SOME_PRINCIPAL); // the owner is taken from the currently logged in user Acl returned = underTest.getAclById(oid1); SimpleAcl expectedAcl = new SimpleAcl(acl.getObjectIdentity(), owner, acl.getEntries(), null, null); assertEquals(expectedAcl, returned); assertEquals(acl.getEntries().get(0), returned.getEntries().get(0)); assertEquals(acl.getEntries().get(1), returned.getEntries().get(1)); assertEquals(acl.getEntries().get(2), returned.getEntries().get(2)); }
From source file:com.sshdemo.common.security.acl.service.EwcmsAclService.java
private Sid getSid(String name) { return isGrant(name) ? new GrantedAuthoritySid(name) : new PrincipalSid(name); }
From source file:org.jtalks.common.service.security.AclManagerImplTest.java
@Test public void testDelete() throws Exception { ObjectIdentity objectIdentity = new ObjectIdentityImpl(target.getClass(), ID); MutableAcl objectAcl = new AclImpl(objectIdentity, 2L, mock(AclAuthorizationStrategy.class), mock(AuditLogger.class)); objectAcl.insertAce(objectAcl.getEntries().size(), BasePermission.READ, new PrincipalSid(USERNAME), true); objectAcl.insertAce(objectAcl.getEntries().size(), BasePermission.READ, new GrantedAuthoritySid(ROLE), true);//www .ja v a 2 s . c o m objectAcl.insertAce(objectAcl.getEntries().size(), BasePermission.DELETE, new GrantedAuthoritySid(ROLE), true); when(aclService.readAclById(objectIdentity)).thenReturn(objectAcl); manager.delete(sids, permissions, target); assertNotGranted(objectAcl, new PrincipalSid(USERNAME), BasePermission.READ, "Permission to user granted"); assertNotGranted(objectAcl, new GrantedAuthoritySid(ROLE), BasePermission.READ, "Permission to ROLE_USER granted"); assertGranted(objectAcl, new GrantedAuthoritySid(ROLE), BasePermission.DELETE, "Permission to ROLE_USER not granted"); verify(aclService).readAclById(objectIdentity); verify(aclService).updateAcl(objectAcl); }