List of usage examples for org.springframework.security.acls.domain PrincipalSid PrincipalSid
public PrincipalSid(Authentication authentication)
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObjectCollection_ADMINISTRATION(Collection<User> users, Long id_object, String name_class) { // Create or update the relevant ACL MutableAcl acl = null;/*from w w w . ja v a 2s . c o m*/ // Prepare the information we'd like in our access control entry (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; for (User u : users) { sid = new PrincipalSid(u.getUsername()); Permission p = BasePermission.ADMINISTRATION; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } int aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); }
From source file:de.iew.services.impl.AclEditorServiceImpl.java
public Sid makePrincipalSid(Object securityIdentity) { if (securityIdentity instanceof UserDetails) { return new PrincipalSid(((UserDetails) securityIdentity).getUsername()); } else if (securityIdentity instanceof Authentication) { return makePrincipalSid(((Authentication) securityIdentity).getPrincipal()); } else if (securityIdentity instanceof String) { return new PrincipalSid((String) securityIdentity); } else {/*ww w . ja v a 2 s. c o m*/ throw new IllegalArgumentException("Unsupported security identity " + securityIdentity + "."); } }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withSid_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1"), Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com"))); assertNotNull(acl);//from w w w.j a v a2 s .c o m assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(true, acl.isSidLoaded( Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com")))); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:com.kylinolap.rest.service.AclService.java
@Override public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException { Map<ObjectIdentity, Acl> aclMaps = new HashMap<ObjectIdentity, Acl>(); HTableInterface htable = null;// ww w .java 2 s.c o m Result result = null; try { htable = HBaseConnection.get(hbaseUrl).getTable(aclTableName); for (ObjectIdentity oid : oids) { result = htable.get(new Get(Bytes.toBytes(String.valueOf(oid.getIdentifier())))); if (null != result && !result.isEmpty()) { SidInfo owner = sidSerializer.deserialize(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_OWNER_COLUMN))); Sid ownerSid = (null == owner) ? null : (owner.isPrincipal() ? new PrincipalSid(owner.getSid()) : new GrantedAuthoritySid(owner.getSid())); boolean entriesInheriting = Bytes.toBoolean(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN))); Acl parentAcl = null; DomainObjectInfo parentInfo = domainObjSerializer.deserialize(result.getValue( Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN))); if (null != parentInfo) { ObjectIdentity parentObj = new ObjectIdentityImpl(parentInfo.getType(), parentInfo.getId()); parentAcl = readAclById(parentObj, null); } AclImpl acl = new AclImpl(oid, oid.getIdentifier(), aclAuthorizationStrategy, permissionGrantingStrategy, parentAcl, null, entriesInheriting, ownerSid); genAces(sids, result, acl); aclMaps.put(oid, acl); } else { throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'"); } } } catch (IOException e) { logger.error(e.getLocalizedMessage(), e); } finally { IOUtils.closeQuietly(htable); } return aclMaps; }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void addPermissionToAnObject_ADMINISTRATION(User coordinator, Long id_object, String name_class) { if (coordinator != null) { // Create or update the relevant ACL MutableAcl acl = null;// www . ja v a 2 s . co m // Prepare the information we'd like in our access control entry // (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; sid = new PrincipalSid(coordinator.getUsername()); Permission p = BasePermission.ADMINISTRATION; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } // Now grant some permissions via an access control entry (ACE) if (!acl.getEntries().isEmpty()) acl.insertAce(acl.getEntries().size(), p, sid, true); else acl.insertAce(2, p, sid, true); mutableAclService.updateAcl(acl); } }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void addPermissionToAnObject_WRITE(User coordinator, Long id_object, String name_class) { if (coordinator != null) { // Create or update the relevant ACL MutableAcl acl = null;//from www .j av a2s. co m // Prepare the information we'd like in our access control entry // (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; sid = new PrincipalSid(coordinator.getUsername()); Permission p = BasePermission.WRITE; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } // Now grant some permissions via an access control entry (ACE) if (!acl.getEntries().isEmpty()) acl.insertAce(acl.getEntries().size(), p, sid, true); else acl.insertAce(2, p, sid, true); mutableAclService.updateAcl(acl); } }
From source file:com.kylinolap.rest.service.AclService.java
@Override public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException { Acl acl = null;//www. j a v a 2s . c o m try { acl = readAclById(objectIdentity); } catch (NotFoundException e) { } if (null != acl) { throw new AlreadyExistsException("ACL of " + objectIdentity + " exists!"); } Authentication auth = SecurityContextHolder.getContext().getAuthentication(); PrincipalSid sid = new PrincipalSid(auth); HTableInterface htable = null; try { htable = HBaseConnection.get(hbaseUrl).getTable(aclTableName); Put put = new Put(Bytes.toBytes(String.valueOf(objectIdentity.getIdentifier()))); put.add(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_TYPE_COLUMN), Bytes.toBytes(objectIdentity.getType())); put.add(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_OWNER_COLUMN), sidSerializer.serialize(new SidInfo(sid))); put.add(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN), Bytes.toBytes(true)); htable.put(put); htable.flushCommits(); logger.debug("ACL of " + objectIdentity + " created successfully."); } catch (IOException e) { logger.error(e.getLocalizedMessage(), e); } finally { IOUtils.closeQuietly(htable); } return (MutableAcl) readAclById(objectIdentity); }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void addPermissionToAnObject_READ(User user, Long id_object, String name_class) { if (user != null) { // Create or update the relevant ACL MutableAcl acl = null;//from w w w . ja va 2 s . c o m // Prepare the information we'd like in our access control entry // (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); User admin = userService.findByUsername("admin").getSingleElement(); Sid admin_sid = new PrincipalSid(admin.getUsername()); List<Sid> sids = new ArrayList<Sid>(); sids.add(admin_sid); Sid sid = null; sid = new PrincipalSid(user.getUsername()); Permission p = BasePermission.READ; try { acl = (MutableAcl) mutableAclService.readAclById(oi, sids); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } if (!acl.getEntries().isEmpty()) acl.insertAce(acl.getEntries().size(), p, sid, true); else acl.insertAce(2, p, sid, true); mutableAclService.updateAcl(acl); } }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void addPermissionToAnObjectCollection_READ(Collection<User> professors, Long id_object, String name_class) { // Create or update the relevant ACL MutableAcl acl = null;//from www . j a va 2 s . co m // Prepare the information we'd like in our access control entry (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; for (User u : professors) { sid = new PrincipalSid(u.getUsername()); Permission p = BasePermission.READ; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } // Now grant some permissions via an access control entry (ACE) if (!acl.getEntries().isEmpty()) acl.insertAce(acl.getEntries().size(), p, sid, true); else acl.insertAce(2, p, sid, true); mutableAclService.updateAcl(acl); } }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withParentAcl_shouldLoadTheAcls() { Acl acl = fixture//from ww w .j a va 2s . c o m .readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Room", "1.1")); assertNotNull(acl); assertEquals("com.cedac.smartresidence.profile.domain.Room", acl.getObjectIdentity().getType()); assertEquals("1.1", acl.getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getParentAcl().getObjectIdentity().getType()); assertEquals("1", acl.getParentAcl().getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().isEntriesInheriting()); assertEquals(6, acl.getParentAcl().getEntries().size()); }