List of usage examples for org.springframework.security.acls.domain PrincipalSid PrincipalSid
public PrincipalSid(Authentication authentication)
From source file:sample.contact.web.AdminPermissionController.java
/** * Handles submission of the "add permission" form. *///from w w w.jav a 2s .com @RequestMapping(value = "/secure/addPermission.htm", method = RequestMethod.POST) public String addPermission(AddPermission addPermission, BindingResult result, ModelMap model) { addPermissionValidator.validate(addPermission, result); if (result.hasErrors()) { model.put("recipients", listRecipients()); model.put("permissions", listPermissions()); return "addPermission"; } PrincipalSid sid = new PrincipalSid(addPermission.getRecipient()); Permission permission = permissionFactory.buildFromMask(addPermission.getPermission()); try { contactService.addPermission(addPermission.getContact(), sid, permission); } catch (DataAccessException existingPermission) { existingPermission.printStackTrace(); result.rejectValue("recipient", "err.recipientExistsForContact", "Addition failure."); model.put("recipients", listRecipients()); model.put("permissions", listPermissions()); return "addPermission"; } return "redirect:/secure/index.htm"; }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1")); assertNotNull(acl);/*from w ww . j ava 2s. co m*/ assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:org.jtalks.common.service.security.AclManagerImplTest.java
@Test public void testRevoke() { ObjectIdentity objectIdentity = new ObjectIdentityImpl(target.getClass(), ID); MutableAcl objectAcl = new AclImpl(objectIdentity, 2L, mock(AclAuthorizationStrategy.class), mock(AuditLogger.class)); objectAcl.insertAce(objectAcl.getEntries().size(), BasePermission.READ, new PrincipalSid(USERNAME), true); objectAcl.insertAce(objectAcl.getEntries().size(), BasePermission.READ, new GrantedAuthoritySid(ROLE), true);/*from w w w . j a v a 2 s . c o m*/ when(aclService.readAclById(objectIdentity)).thenReturn(objectAcl); manager.revoke(sids, permissions, target); assertNotGranted(objectAcl, new PrincipalSid(USERNAME), BasePermission.READ, "Permission to user granted"); assertNotGranted(objectAcl, new GrantedAuthoritySid(ROLE), BasePermission.READ, "Permission to ROLE_USER granted"); verify(aclService).readAclById(objectIdentity); verify(aclService).updateAcl(objectAcl); }
From source file:de.randi2.jsf.supportBeans.PermissionVerifier.java
/** * Checks if the specified trial site can be edited by the current user * @param trialSite - trial site object which should be checked * @return//from ww w .java2 s . c o m */ public boolean isAllowedEditTrialSite(TrialSite trialSite) { try { Acl acl = aclService.readAclById(new ObjectIdentityHibernate(TrialSite.class, trialSite.getId()), sidsOf(new PrincipalSid(loginHandler.getLoggedInUser().getUsername()))); return acl.isGranted(permissionsOf(PermissionHibernate.WRITE, PermissionHibernate.ADMINISTRATION), sidsOf(new PrincipalSid(loginHandler.getLoggedInUser().getUsername())), false); } catch (NotFoundException e) { return false; } }
From source file:sample.contact.ContactManagerTests.java
@Test public void testrod() { makeActiveUser("rod"); // has ROLE_SUPERVISOR List<Contact> contacts = contactManager.getAll(); assertEquals(4, contacts.size());/*from w w w.j a v a 2 s .co m*/ assertContainsContact(1, contacts); assertContainsContact(2, contacts); assertContainsContact(3, contacts); assertContainsContact(4, contacts); assertDoestNotContainContact(5, contacts); Contact c1 = contactManager.getById(new Long(4)); contactManager.deletePermission(c1, new PrincipalSid("bob"), BasePermission.ADMINISTRATION); contactManager.addPermission(c1, new PrincipalSid("bob"), BasePermission.ADMINISTRATION); }
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepositoryTest.java
@Test public void retrievingACLValuesWithSomeSidsSpecifiedLoadsAllRelevantAclsRegardlessOfWhetherACEsExistForTheSids() { Acl acl1 = createAcl("id1"); createAcl("id2"); Acl acl3 = createAcl("id3"); ObjectIdentity oid1 = acl1.getObjectIdentity(); ObjectIdentity oid3 = acl3.getObjectIdentity(); PrincipalSid owner = new PrincipalSid(SOME_PRINCIPAL); // the owner is taken from the currently logged in user List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid(SOME_PRINCIPAL)); Map<ObjectIdentity, Acl> returned = underTest.getAclsById(Arrays.asList(oid1, oid3), sids); assertEquals(2, returned.size());/*ww w . ja va2s . c om*/ Acl returnedAcl1 = returned.get(oid1); SimpleAcl expectedAcl1 = new SimpleAcl(acl1.getObjectIdentity(), owner, acl1.getEntries(), sids, null); assertEquals(expectedAcl1, returnedAcl1); Acl returnedAcl3 = returned.get(oid3); SimpleAcl expectedAcl3 = new SimpleAcl(acl3.getObjectIdentity(), owner, acl3.getEntries(), sids, null); assertEquals(expectedAcl3, returnedAcl3); }
From source file:org.jtalks.common.security.acl.sids.JtalksSidFactory.java
/** * Looks at the format of the {@code sidName} and finds out what sid implementation should be created. If the * specified name doesn't comply with the format of custom sids (prefix + {@link UniversalSid#SID_NAME_SEPARATOR} + * entity id), then ordinary Spring Security implementations are used (either {@link PrincipalSid} or {@link * GrantedAuthoritySid} which is defined by the second parameter {@code principal}. * * @param sidName the name of the sid (its id) to look at its format and decide what implementation of sid should * be created//from w w w. j a v a2 s . c o m * @param principal pass {@code true} if it's some kind of entity ID (like user or group), or {@code false} if it's * some standard role ({@link GrantedAuthoritySid} * @return created instance of sid that has the {@code sidName} as the sid id inside */ @Override public Sid create(@Nonnull String sidName, boolean principal) { Sid toReturn = parseCustomSid(sidName); if (toReturn == null) { if (principal) { toReturn = new PrincipalSid(sidName); } else { toReturn = new GrantedAuthoritySid(sidName); } } return toReturn; }
From source file:de.randi2.jsf.supportBeans.PermissionVerifier.java
/** * Checks if the specified user account can be edited by the current user * @param user - user object which should be checked * @return/*from w w w . j av a2s . com*/ */ public boolean isAllowedEditUser(Login user) { try { Acl acl = aclService.readAclById(new ObjectIdentityHibernate(Login.class, user.getId()), sidsOf(new PrincipalSid(loginHandler.getLoggedInUser().getUsername()))); return acl.isGranted(permissionsOf(PermissionHibernate.WRITE, PermissionHibernate.ADMINISTRATION), sidsOf(new PrincipalSid(loginHandler.getLoggedInUser().getUsername())), false); } catch (NotFoundException e) { return false; } }
From source file:sample.contact.web.AdminPermissionController.java
/** * Deletes a permission/*w w w .j a va 2s . c o m*/ */ @RequestMapping(value = "/secure/deletePermission.htm") public ModelAndView deletePermission(@RequestParam("contactId") int contactId, @RequestParam("sid") String sid, @RequestParam("permission") int mask) { Contact contact = contactService.getById(new Long(contactId)); Sid sidObject = new PrincipalSid(sid); Permission permission = permissionFactory.buildFromMask(mask); contactService.deletePermission(contact, sidObject, permission); Map<String, Object> model = new HashMap<String, Object>(); model.put("contact", contact); model.put("sid", sidObject); model.put("permission", permission); return new ModelAndView("deletePermission", "model", model); }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void addPermissionToAnObjectCollection_ADMINISTRATION(Collection<User> professors, Long id_object, String name_class) { // Create or update the relevant ACL MutableAcl acl = null;/* ww w.j a va 2s .c o m*/ // Prepare the information we'd like in our access control entry (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; for (User u : professors) { sid = new PrincipalSid(u.getUsername()); Permission p = BasePermission.ADMINISTRATION; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } // Now grant some permissions via an access control entry (ACE) if (!acl.getEntries().isEmpty()) acl.insertAce(acl.getEntries().size(), p, sid, true); else acl.insertAce(2, p, sid, true); mutableAclService.updateAcl(acl); } }