List of usage examples for org.springframework.security.acls.model AccessControlEntry getPermission
Permission getPermission();
From source file:com.excilys.ebi.bank.service.impl.security.SimpleAclImpl.java
@Override public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException { AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : entries) { if ((ace.getPermission().getMask() == p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision // will prevail if (ace.isGranting()) { return true; }// w w w. j ava2 s . c o m // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission return false; } // No matches have been found throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); }
From source file:gov.nih.nci.ncicb.tcga.dcc.common.security.impl.AclSecurityUtilImpl.java
@Override @Transactional/* ww w . ja v a2 s . c o m*/ public boolean hasPermission(final DccAnnotationNote dccAnnotationNote, final Sid recipient, final Permission permission) { // Retrieve the Object Identity final ObjectIdentity objectIdentity = new DccAnnotationNoteRetrievalStrategy() .getObjectIdentity(dccAnnotationNote); // Retrieve the relevant ACL MutableAcl acl; try { List<Sid> sidList = new ArrayList<Sid>(); sidList.add(recipient); acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, sidList); List<AccessControlEntry> accessControlEntries = acl.getEntries(); for (final AccessControlEntry accessControlEntry : accessControlEntries) { if (accessControlEntry.getPermission().getMask() == permission.getMask()) { //The recipient has the permission return true; } } } catch (NotFoundException nfe) { logger.debug("Could not find ACL for DccAnnotationNote with Id " + dccAnnotationNote.getNoteId() + " (NotFoundException)"); } return false; }
From source file:com.cedac.security.acls.domain.BitMaskPermissionGrantingStrategy.java
@Override public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : aces) { //Bit-wise comparison if (containsPermission(ace.getPermission().getMask(), p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision will prevail if (ace.isGranting()) { // Success if (!administrativeMode) { auditLogger.logIfNeeded(true, ace); }// w ww. j av a 2 s .c o m return true; } // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission if (!administrativeMode) { auditLogger.logIfNeeded(false, firstRejection); } return false; } // No matches have been found so far if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { // We have a parent, so let them try to find a matching ACE return acl.getParentAcl().isGranted(permission, sids, false); } else { // We either have no parent, or we're the uppermost parent throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); } }
From source file:org.jtalks.poulpe.logic.PermissionManagerTest.java
private void givenGroupAces(Entity entity, JtalksPermission... permissions) { long entityId = entity.getId(); AuditLogger auditLogger = new ConsoleAuditLogger(); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new GrantedAuthorityImpl("some_role")); ObjectIdentity entityIdentity = new AclUtil(null).createIdentity(entityId, entity.getClass().getSimpleName()); ExtendedMutableAcl mutableAcl = mock(ExtendedMutableAcl.class); List<AccessControlEntry> accessControlEntries = new ArrayList<AccessControlEntry>(); Acl acl = new AclImpl(entityIdentity, entityId + 1, aclAuthorizationStrategy, auditLogger); long lastGroupId = 1; for (int i = 0; i < permissions.length; i++) { for (int j = 0, count = RandomUtils.nextInt(20) + 10; j < count; j++) { Group group = randomGroup(lastGroupId++); groups.add(group);//from w w w .j av a 2 s .co m this.permissions.add(permissions[i]); groupAces.add( buildGroupAce(entity, permissions[i], (i % 2 == 1), acl, new UserGroupSid(group.getId()))); } AccessControlEntry controlEntry = mock(AccessControlEntry.class); when(controlEntry.getPermission()).thenReturn(permissions[i]); when(controlEntry.getSid()).thenReturn(UserSid.createAnonymous()); when(controlEntry.isGranting()).thenReturn((i % 2 == 1)); accessControlEntries.add(controlEntry); } when(mutableAcl.getEntries()).thenReturn(accessControlEntries); when(aclUtil.getAclFor(entity)).thenReturn(mutableAcl); }
From source file:org.jtalks.poulpe.logic.PermissionManager.java
/** * Gets {@link org.jtalks.poulpe.model.dto.GroupsPermissions} for provided {@link Entity}. * * @param permissions the list of permissions to get * @param entity the entity to get for * @return {@link org.jtalks.poulpe.model.dto.GroupsPermissions} for provided {@link Entity} */// w ww.j a v a2s .c o m public <T extends JtalksPermission> GroupsPermissions<T> getPermissionsMapFor(List<T> permissions, Entity entity) { GroupsPermissions<T> groupsPermissions = new GroupsPermissions<T>(permissions); List<GroupAce> groupAces = aclManager.getGroupPermissionsOn(entity); for (T permission : permissions) { for (GroupAce groupAce : groupAces) { if (groupAce.getPermissionMask() == permission.getMask()) { groupsPermissions.add(permission, getGroup(groupAce), groupAce.isGranting()); } } for (AccessControlEntry controlEntry : aclUtil.getAclFor(entity).getEntries()) { if (controlEntry.getPermission().equals(permission) && ((UniversalSid) controlEntry.getSid()) .getSidId().equals(UserSid.createAnonymous().getSidId())) { groupsPermissions.add(permission, AnonymousGroup.ANONYMOUS_GROUP, controlEntry.isGranting()); } } } return groupsPermissions; }
From source file:com.sshdemo.common.security.acl.service.EwcmsAclService.java
private void getPermissions(final Set<Permission> permissions, final Acl acl, final List<Sid> sids) { for (Sid sid : sids) { for (AccessControlEntry ace : acl.getEntries()) { if (ace.getSid().equals(sid)) { permissions.add(ace.getPermission()); break; }//w w w .j av a 2 s . co m } } if (acl.getParentAcl() != null) { getPermissions(permissions, acl.getParentAcl(), sids); } }
From source file:org.jtalks.common.service.security.AclManagerImpl.java
/** * Delete permissions from {@code acl} for every sid. * @param acl provided acl/*from w w w .java 2 s .c om*/ * @param sids list of sids * @param permissions list of permissions */ private void deletePermissionsFromAcl(MutableAcl acl, List<Sid> sids, List<Permission> permissions) { List<AccessControlEntry> entries = acl.getEntries(); // it's copy int i = 0; // search for sid-permission pair for (AccessControlEntry entry : entries) { for (Sid recipient : sids) { for (Permission permission : permissions) { if (entry.getSid().equals(recipient) && entry.getPermission().equals(permission)) { acl.deleteAce(i); // delete from original list i--; // because list item deleted in original list } } } i++; } }
From source file:com.cedac.security.acls.mongo.MongoMutableAclService.java
protected DBObject toDBObject(AccessControlEntry entry) { BasicDBObject dbo = new BasicDBObject(); dbo.put(sidFieldName, toDBObject(entry.getSid())); dbo.put(maskFieldName, entry.getPermission().getMask()); dbo.put(grantingFieldName, entry.isGranting()); if (entry instanceof AuditableAccessControlEntry) { AuditableAccessControlEntry ace = (AuditableAccessControlEntry) entry; dbo.put(auditSuccessFieldName, ace.isAuditSuccess()); dbo.put(auditFailureFieldName, ace.isAuditFailure()); }/*from w w w.ja va2 s .c om*/ return dbo; }
From source file:com.trailmagic.image.security.SpringSecurityImageSecurityService.java
private int indexOf(Sid recipient, Permission permission, MutableAcl acl) { final List<AccessControlEntry> entries = acl.getEntries(); for (int i = 0; i < entries.size(); i++) { final AccessControlEntry entry = entries.get(i); if (entry.getSid().equals(recipient) && permission.equals(entry.getPermission())) { return i; }/*from w w w. ja v a 2s . c om*/ } return -1; }
From source file:com.trailmagic.image.security.SpringSecurityImageSecurityService.java
private Set<Permission> findExistingPermissions(MutableAcl acl, Sid recipient) { Set<Permission> existingPermissions = new HashSet<Permission>(); for (AccessControlEntry entry : acl.getEntries()) { if (entry.getSid().equals(recipient)) { existingPermissions.add(entry.getPermission()); }/* w w w .j a va2 s . c o m*/ } return existingPermissions; }