List of usage examples for org.springframework.security.acls.model AccessControlEntry getSid
Sid getSid();
From source file:org.jtalks.common.security.acl.GroupAce.java
public GroupAce(AccessControlEntry ace) { if (!(ace.getSid() instanceof UserGroupSid)) { throw new IllegalArgumentException( "The specified ACE has sid which is not of type: " + UserGroupSid.class); }//from w w w . j av a 2s . c om this.ace = ace; }
From source file:org.jtalks.common.security.acl.AclManagerTest.java
@Test(dataProviderClass = AclDataProvider.class, dataProvider = "provideAclWithMixedTypeSids") public void testGetEntityPermissions(ExtendedMutableAcl acl) throws Exception { ObjectIdentity branch = new ObjectIdentityImpl(Branch.class, 0); when(mockAclUtil.getAclFor(branch)).thenReturn(acl); List<GroupAce> branchPermissions = manager.getGroupPermissionsOn(branch); //next check that UserGroupSids are in the resulting list and others are not there for (AccessControlEntry entry : acl.getEntries()) { if (entry.getSid() instanceof UserGroupSid) { GroupAce groupAce = findWithOriginalAce(branchPermissions, entry); assertSame(entry.getSid(), groupAce.getOriginalAce().getSid()); } else {// w ww .j a va 2 s .c om assertNull(findWithOriginalAce(branchPermissions, entry)); } } }
From source file:org.jtalks.common.security.acl.AclManager.java
private List<GroupAce> getGroupPermissions(MutableAcl branchAcl) { List<AccessControlEntry> originalAces = branchAcl.getEntries(); List<GroupAce> resultingAces = new ArrayList<GroupAce>(originalAces.size()); for (AccessControlEntry originalAce : originalAces) { if (originalAce.getSid() instanceof UserGroupSid) { resultingAces.add(new GroupAce(originalAce)); }//from www . jav a 2s . c om } return resultingAces; }
From source file:com.excilys.ebi.bank.service.impl.security.SimpleAclImpl.java
@Override public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException { AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : entries) { if ((ace.getPermission().getMask() == p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision // will prevail if (ace.isGranting()) { return true; }/* ww w. j av a 2 s . com*/ // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission return false; } // No matches have been found throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); }
From source file:com.sshdemo.common.security.acl.service.EwcmsAclService.java
private void getPermissions(final Set<Permission> permissions, final Acl acl, final List<Sid> sids) { for (Sid sid : sids) { for (AccessControlEntry ace : acl.getEntries()) { if (ace.getSid().equals(sid)) { permissions.add(ace.getPermission()); break; }/*from w ww . j av a2 s . co m*/ } } if (acl.getParentAcl() != null) { getPermissions(permissions, acl.getParentAcl(), sids); } }
From source file:com.sshdemo.common.security.acl.service.EwcmsAclService.java
@Override public void removePermission(Object object, String name) { ObjectIdentity objectIdentity = new ObjectIdentityImpl(object); MutableAcl acl = (MutableAcl) readAclById(objectIdentity); if (acl.getEntries() == null || acl.getEntries().isEmpty()) { return;//from ww w. j a v a2 s . c o m } for (int i = 0; i < acl.getEntries().size(); i++) { AccessControlEntry entry = acl.getEntries().get(i); if (entry.getSid().equals(getSid(name))) { acl.deleteAce(i); updateAcl(acl); break; } } }
From source file:com.trailmagic.image.security.SpringSecurityImageSecurityService.java
private Set<Permission> findExistingPermissions(MutableAcl acl, Sid recipient) { Set<Permission> existingPermissions = new HashSet<Permission>(); for (AccessControlEntry entry : acl.getEntries()) { if (entry.getSid().equals(recipient)) { existingPermissions.add(entry.getPermission()); }// ww w.j a v a2 s . co m } return existingPermissions; }
From source file:com.trailmagic.image.security.SpringSecurityImageSecurityService.java
private int indexOf(Sid recipient, Permission permission, MutableAcl acl) { final List<AccessControlEntry> entries = acl.getEntries(); for (int i = 0; i < entries.size(); i++) { final AccessControlEntry entry = entries.get(i); if (entry.getSid().equals(recipient) && permission.equals(entry.getPermission())) { return i; }/*from w ww . j a v a 2s . c o m*/ } return -1; }
From source file:com.ewcms.core.site.web.AclAction.java
private List<Map<String, Object>> permissionItems(List<AccessControlEntry> aces, boolean inheriting) { List<Map<String, Object>> userItems = new ArrayList<Map<String, Object>>(); List<Map<String, Object>> groupItems = new ArrayList<Map<String, Object>>(); List<Map<String, Object>> authorityItems = new ArrayList<Map<String, Object>>(); for (AccessControlEntry ace : aces) { Sid sid = ace.getSid(); String n = (sid instanceof PrincipalSid) ? ((PrincipalSid) sid).getPrincipal() : ((GrantedAuthoritySid) sid).getGrantedAuthority(); int m = ace.getPermission().getMask(); if (isAuthority(n)) { authorityItems.add(permissionItem(n, m)); } else if (isGroup(n)) { groupItems.add(permissionItem(n, m)); } else {//from w w w. j ava 2 s . c o m userItems.add(permissionItem(n, m)); } } List<Map<String, Object>> items = new ArrayList<Map<String, Object>>(); items.addAll(authorityItems); items.addAll(groupItems); items.addAll(userItems); items.add(inheritItem(inheriting)); return items; }
From source file:com.cedac.security.acls.mongo.MongoMutableAclService.java
protected DBObject toDBObject(AccessControlEntry entry) { BasicDBObject dbo = new BasicDBObject(); dbo.put(sidFieldName, toDBObject(entry.getSid())); dbo.put(maskFieldName, entry.getPermission().getMask()); dbo.put(grantingFieldName, entry.isGranting()); if (entry instanceof AuditableAccessControlEntry) { AuditableAccessControlEntry ace = (AuditableAccessControlEntry) entry; dbo.put(auditSuccessFieldName, ace.isAuditSuccess()); dbo.put(auditFailureFieldName, ace.isAuditFailure()); }/*w ww . ja v a 2 s .c om*/ return dbo; }