List of usage examples for org.springframework.security.acls.model AccessControlEntry getSid
Sid getSid();
From source file:org.jtalks.common.service.security.AclManagerImpl.java
/** * Delete permissions from {@code acl} for every sid. * @param acl provided acl/*from ww w . jav a 2s. co m*/ * @param sids list of sids * @param permissions list of permissions */ private void deletePermissionsFromAcl(MutableAcl acl, List<Sid> sids, List<Permission> permissions) { List<AccessControlEntry> entries = acl.getEntries(); // it's copy int i = 0; // search for sid-permission pair for (AccessControlEntry entry : entries) { for (Sid recipient : sids) { for (Permission permission : permissions) { if (entry.getSid().equals(recipient) && entry.getPermission().equals(permission)) { acl.deleteAce(i); // delete from original list i--; // because list item deleted in original list } } } i++; } }
From source file:com.cedac.security.acls.domain.BitMaskPermissionGrantingStrategy.java
@Override public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : aces) { //Bit-wise comparison if (containsPermission(ace.getPermission().getMask(), p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision will prevail if (ace.isGranting()) { // Success if (!administrativeMode) { auditLogger.logIfNeeded(true, ace); }/*from w w w . j a v a 2s . co m*/ return true; } // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission if (!administrativeMode) { auditLogger.logIfNeeded(false, firstRejection); } return false; } // No matches have been found so far if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { // We have a parent, so let them try to find a matching ACE return acl.getParentAcl().isGranted(permission, sids, false); } else { // We either have no parent, or we're the uppermost parent throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); } }
From source file:org.jtalks.poulpe.logic.PermissionManagerTest.java
private void givenGroupAces(Entity entity, JtalksPermission... permissions) { long entityId = entity.getId(); AuditLogger auditLogger = new ConsoleAuditLogger(); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new GrantedAuthorityImpl("some_role")); ObjectIdentity entityIdentity = new AclUtil(null).createIdentity(entityId, entity.getClass().getSimpleName()); ExtendedMutableAcl mutableAcl = mock(ExtendedMutableAcl.class); List<AccessControlEntry> accessControlEntries = new ArrayList<AccessControlEntry>(); Acl acl = new AclImpl(entityIdentity, entityId + 1, aclAuthorizationStrategy, auditLogger); long lastGroupId = 1; for (int i = 0; i < permissions.length; i++) { for (int j = 0, count = RandomUtils.nextInt(20) + 10; j < count; j++) { Group group = randomGroup(lastGroupId++); groups.add(group);// www . java 2 s.c o m this.permissions.add(permissions[i]); groupAces.add( buildGroupAce(entity, permissions[i], (i % 2 == 1), acl, new UserGroupSid(group.getId()))); } AccessControlEntry controlEntry = mock(AccessControlEntry.class); when(controlEntry.getPermission()).thenReturn(permissions[i]); when(controlEntry.getSid()).thenReturn(UserSid.createAnonymous()); when(controlEntry.isGranting()).thenReturn((i % 2 == 1)); accessControlEntries.add(controlEntry); } when(mutableAcl.getEntries()).thenReturn(accessControlEntries); when(aclUtil.getAclFor(entity)).thenReturn(mutableAcl); }
From source file:org.jtalks.poulpe.logic.PermissionManager.java
/** * Gets {@link org.jtalks.poulpe.model.dto.GroupsPermissions} for provided {@link Entity}. * * @param permissions the list of permissions to get * @param entity the entity to get for * @return {@link org.jtalks.poulpe.model.dto.GroupsPermissions} for provided {@link Entity} *//*from w w w . ja v a2 s .c om*/ public <T extends JtalksPermission> GroupsPermissions<T> getPermissionsMapFor(List<T> permissions, Entity entity) { GroupsPermissions<T> groupsPermissions = new GroupsPermissions<T>(permissions); List<GroupAce> groupAces = aclManager.getGroupPermissionsOn(entity); for (T permission : permissions) { for (GroupAce groupAce : groupAces) { if (groupAce.getPermissionMask() == permission.getMask()) { groupsPermissions.add(permission, getGroup(groupAce), groupAce.isGranting()); } } for (AccessControlEntry controlEntry : aclUtil.getAclFor(entity).getEntries()) { if (controlEntry.getPermission().equals(permission) && ((UniversalSid) controlEntry.getSid()) .getSidId().equals(UserSid.createAnonymous().getSidId())) { groupsPermissions.add(permission, AnonymousGroup.ANONYMOUS_GROUP, controlEntry.isGranting()); } } } return groupsPermissions; }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObject_ADMINISTRATION(User user, Long id_object, String name_class) { if (user != null) { // Create or update the relevant ACL MutableAcl acl = null;/*w ww . j a v a 2s . c o m*/ // Prepare the information we'd like in our access control entry // (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; sid = new PrincipalSid(user.getUsername()); Permission p = BasePermission.ADMINISTRATION; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } Integer aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); } }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObject_READ(User user, Long id_object, String name_class) { if (user != null) { // Create or update the relevant ACL MutableAcl acl = null;//from w w w .j ava 2 s . c o m // Prepare the information we'd like in our access control entry // (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; sid = new PrincipalSid(user.getUsername()); Permission p = BasePermission.READ; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } Integer aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); } }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObject_WRITE(User user, Long id_object, String name_class) { if (user != null) { // Create or update the relevant ACL MutableAcl acl = null;// ww w .j a va 2 s. c o m // Prepare the information we'd like in our access control entry // (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; sid = new PrincipalSid(user.getUsername()); Permission p = BasePermission.WRITE; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } Integer aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); } }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObjectCollection_ADMINISTRATION(Collection<User> users, Long id_object, String name_class) { // Create or update the relevant ACL MutableAcl acl = null;//from w ww . jav a 2 s . c o m // Prepare the information we'd like in our access control entry (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; for (User u : users) { sid = new PrincipalSid(u.getUsername()); Permission p = BasePermission.ADMINISTRATION; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } int aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObjectCollection_READ(Collection<User> users, Long id_object, String name_class) { // Create or update the relevant ACL MutableAcl acl = null;/*from w w w. ja v a2 s.c o m*/ // Prepare the information we'd like in our access control entry (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null; for (User u : users) { sid = new PrincipalSid(u.getUsername()); Permission p = BasePermission.READ; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } int aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); }
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepository.java
private AccessControlEntryValue createAceValue(final AccessControlEntry ace) { Serializable aceId = ace.getId(); // we require the ACE ids to be uuids for ease of serialization / // deserialization UUID id = (UUID) (aceId != null && aceId instanceof UUID ? aceId : UUID.randomUUID()); return new AccessControlEntryValue(id, ace.getSid(), ace.getPermission(), ace.isGranting()); }