List of usage examples for org.springframework.security.acls.domain PrincipalSid PrincipalSid
public PrincipalSid(Authentication authentication)
From source file:net.projectmonkey.spring.acl.hbase.repository.AclRecordTest.java
@Test public void creatingRecordFromBytesWithPrincipalOwner() { NavigableMap<byte[], byte[]> familyMap = recordMap(String.class, true); AclRecord underTest = new AclRecord(ID.getBytes(), familyMap, new StringAclIdentifierConverter()); ObjectIdentity identity = new ObjectIdentityImpl(TYPE, ID); assertEquals(identity, underTest.getIdentity()); assertTrue(ArrayUtils.isEquals(ID.getBytes(), underTest.getKey())); assertTrue(ArrayUtils.isEquals(String.class.getName().getBytes(), underTest.getIdTypeBytes())); assertEquals(new PrincipalSid(SOME_PRINCIPAL), underTest.getOwner()); }
From source file:sample.contact.ContactManagerBackend.java
public void create(Contact contact) { // Create the Contact itself contact.setId(new Long(counter++)); contactDao.create(contact);/*from w w w . j ava 2 s . c om*/ // Grant the current principal administrative permission to the contact addPermission(contact, new PrincipalSid(getUsername()), BasePermission.ADMINISTRATION); if (logger.isDebugEnabled()) { logger.debug( "Created contact " + contact + " and granted admin permission to recipient " + getUsername()); } }
From source file:eu.europeana.aas.acl.CassandraMutableAclService.java
@Override public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException { Assert.notNull(objectIdentity, "Object Identity required"); if (LOG.isDebugEnabled()) { LOG.debug("BEGIN createAcl: objectIdentity: " + objectIdentity); }/* w w w .ja v a 2s. co m*/ // Need to retrieve the current principal, in order to know who "owns" // this ACL (can be changed later on) Authentication auth = SecurityContextHolder.getContext().getAuthentication(); PrincipalSid sid = new PrincipalSid(auth); AclObjectIdentity newAoi = new AclObjectIdentity(objectIdentity); newAoi.setOwnerId(sid.getPrincipal()); newAoi.setOwnerPrincipal(true); newAoi.setEntriesInheriting(false); try { aclRepository.saveAcl(newAoi); } catch (AclAlreadyExistsException e) { throw new AlreadyExistsException(e.getMessage(), e); } // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc) Acl acl = readAclById(objectIdentity); Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned"); if (LOG.isDebugEnabled()) { LOG.debug("END createAcl: acl: " + acl); } return (MutableAcl) acl; }
From source file:com.cedac.security.acls.mongo.MongoMutableAclService.java
@Override public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException { Assert.notNull(objectIdentity, "Object Identity required"); LOG.trace(ACL, "Checking that object identity {} hasn't already been persisted", objectIdentity); DBObject result = getAclCollection().findOne(queryByObjectIdentity(objectIdentity)); if (result != null) { LOG.warn(ACL, "An ACL entry for object identity {} already exists.", objectIdentity); throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists"); }/* w w w .j a va2 s . c o m*/ LOG.trace(ACL, "Retrieving current principal in order to know who owns this ACL."); Authentication auth = SecurityContextHolder.getContext().getAuthentication(); PrincipalSid sid = new PrincipalSid(auth); LOG.debug(ACL, "Creating ACL entry."); DBObject ownerSid = new BasicDBObject(principalFieldName, true).append(sidFieldName, sid.getPrincipal()); DBObject objectId = new BasicDBObject(classFieldName, objectIdentity.getType()).append(identityFieldName, objectIdentity.getIdentifier()); DBObject acl = new BasicDBObject(ownerFieldName, ownerSid).append(objectIdFieldName, objectId) .append(entriesInheritingFieldName, true); getAclCollection().insert(acl, writeConcern); LOG.trace(ACL, "Retrieving back ACL using superclass."); return (MutableAcl) readAclById(objectIdentity); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test(expected = NotFoundException.class) public void readAclById_withSid_shouldThrowNotFoundException() { List<Sid> sids = new ArrayList<Sid>(); sids.add(new PrincipalSid("admin@cedac.com")); fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "2"), sids); }
From source file:com.cedac.security.acls.mongo.MongoMutableAclServiceTests.java
@Test @ShouldMatchDataSet/* w ww.j a v a 2 s. c o m*/ public void creatingAcl_withNoAcl() { MutableAcl acl = fixture .createAcl(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "2")); assertNotNull(acl); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("2", acl.getObjectIdentity().getIdentifier()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); }
From source file:org.jtalks.common.service.security.AclManagerImplTest.java
@Test public void testGrantOnObjectWithExistingAcl() throws Exception { ObjectIdentity objectIdentity = new ObjectIdentityImpl(target.getClass(), ID); MutableAcl objectAcl = new AclImpl(objectIdentity, 2L, mock(AclAuthorizationStrategy.class), mock(AuditLogger.class)); when(aclService.readAclById(objectIdentity)).thenReturn(objectAcl); manager.grant(sids, permissions, target); assertGranted(objectAcl, new PrincipalSid(USERNAME), BasePermission.READ, "Permission to user not granted"); assertGranted(objectAcl, new GrantedAuthoritySid(ROLE), BasePermission.READ, "Permission to ROLE_USER not granted"); verify(aclService).readAclById(objectIdentity); verify(aclService).updateAcl(objectAcl); }
From source file:net.projectmonkey.spring.acl.hbase.repository.AccessControlEntryValueTest.java
@Test public void keyCreatedCorrectlyForDenyingPermissionAndPrincipal() { Sid sid = new PrincipalSid(AUTHORITY); AccessControlEntryValue underTest = new AccessControlEntryValue(ID, sid, PERMISSION, false); assertFalse(underTest.isGranting()); assertTrue(ArrayUtils.isEquals(DENYING_PRINCIPAL_KEY_BYTES, underTest.getKey())); assertEquals(ID, underTest.getId()); assertEquals(sid, underTest.getSid()); assertEquals(AUTHORITY, underTest.getAuthority()); assertEquals(PERMISSION, underTest.getPermission()); }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public boolean addACLToObject(Long id_object, String name_class) { Authentication authentication = null; ObjectIdentity objectIdentity = new ObjectIdentityImpl(name_class, id_object); // Create or update the relevant ACL MutableAcl acl = null;/*from w w w . j a v a 2 s . c o m*/ try { acl = (MutableAcl) mutableAclService.readAclById(objectIdentity); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(objectIdentity); } try { authentication = SecurityContextHolder.getContext().getAuthentication(); List<Sid> sids = sidRetrievalStrategy.getSids(authentication); acl = (MutableAcl) this.mutableAclService.readAclById(objectIdentity, sids); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(objectIdentity); return false; } if (authentication.getPrincipal() != "anonymousUser") { User user = (User) authentication.getPrincipal(); acl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(user.getUsername()), true); acl.insertAce(1, BasePermission.DELETE, new GrantedAuthoritySid("ROLE_ADMIN"), true); } acl.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMIN"), true); acl.insertAce(1, BasePermission.DELETE, new GrantedAuthoritySid("ROLE_ADMIN"), true); /* * // READ access for users with ROLE_USER acl.insertAce(2, * BasePermission.READ, new GrantedAuthoritySid( "ROLE_USER"), true); */ return true; }
From source file:com.cedac.security.acls.mongo.MongoMutableAclServiceTests.java
@Test @ShouldMatchDataSet/*from ww w. j av a 2 s . c o m*/ public void updateAcl_changeOwner() { MutableAcl acl = (MutableAcl) fixture .readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1")); acl.setOwner(new PrincipalSid("other@cedac.com")); fixture.updateAcl(acl); }