List of usage examples for org.springframework.security.acls.model AccessControlEntry getSid
Sid getSid();
From source file:org.apache.kylin.rest.service.AccessService.java
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public Acl grant(AclEntity ae, Permission permission, Sid sid) { Message msg = MsgPicker.getMsg();// w w w . j a va2 s .co m if (ae == null) throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); if (permission == null) throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED()); if (sid == null) throw new BadRequestException(msg.getSID_REQUIRED()); ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae.getClass(), ae.getId()); MutableAcl acl = null; try { acl = (MutableAcl) aclService.readAclById(objectIdentity); } catch (NotFoundException e) { acl = (MutableAcl) init(ae, null); } int indexOfAce = -1; for (int i = 0; i < acl.getEntries().size(); i++) { AccessControlEntry ace = acl.getEntries().get(i); if (ace.getSid().equals(sid)) { indexOfAce = i; } } if (indexOfAce != -1) { secureOwner(acl, indexOfAce); acl.updateAce(indexOfAce, permission); } else { acl.insertAce(acl.getEntries().size(), permission, sid, true); } acl = aclService.updateAcl(acl); return acl; }
From source file:org.apache.kylin.rest.service.AccessService.java
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg, boolean isCaseSensitive) { if (null == acl) { return Collections.emptyList(); }/*from w ww. j a v a2 s.c o m*/ List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); for (AccessControlEntry ace : acl.getEntries()) { if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) { continue; } result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } return result; }
From source file:org.apache.kylin.rest.service.AccessService.java
public List<String> getAllAclSids(Acl acl, String type) { if (null == acl) { return Collections.emptyList(); }//from www. java 2 s . co m List<String> result = new ArrayList<>(); for (AccessControlEntry ace : acl.getEntries()) { String name = null; if (type.equalsIgnoreCase("user") && ace.getSid() instanceof PrincipalSid) { name = ((PrincipalSid) ace.getSid()).getPrincipal(); } if (type.equalsIgnoreCase("group") && ace.getSid() instanceof GrantedAuthoritySid) { name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority(); } if (!StringUtils.isBlank(name)) { result.add(name); } } return result; }
From source file:org.apache.kylin.rest.service.AccessService.java
public Object generateAllAceResponses(Acl acl) { List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); while (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { result.add(/*from ww w . j ava2s . co m*/ new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } acl = acl.getParentAcl(); } return result; }
From source file:org.apache.kylin.rest.service.AccessService.java
private Map<String, Integer> getProjectPermission(String project) { Map<String, Integer> SidWithPermission = new HashMap<>(); String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid(); AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid); Acl acl = getAcl(ae);//from w ww .j a va 2 s.c o m if (acl != null && acl.getEntries() != null) { List<AccessControlEntry> aces = acl.getEntries(); for (AccessControlEntry ace : aces) { Sid sid = ace.getSid(); if (sid instanceof PrincipalSid) { String principal = ((PrincipalSid) sid).getPrincipal(); SidWithPermission.put(principal, ace.getPermission().getMask()); } if (sid instanceof GrantedAuthoritySid) { String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority(); SidWithPermission.put(grantedAuthority, ace.getPermission().getMask()); } } } return SidWithPermission; }
From source file:org.apache.kylin.rest.util.ValidateUtil.java
private List<Sid> getAllSids(String project) { List<Sid> allSids = new ArrayList<>(); ProjectInstance prj = projectService.getProjectManager().getProject(project); AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid()); Acl acl = accessService.getAcl(ae); if (acl != null && acl.getEntries() != null) { for (AccessControlEntry ace : acl.getEntries()) { allSids.add(ace.getSid()); }/*from w w w . ja va 2s .co m*/ } return allSids; }
From source file:org.collectionspace.services.authorization.spring.SpringPermissionManager.java
/** * deletePermissions deletes given permission on given object id for given sid * @param oid// www.ja v a 2 s. co m * @param permission * @param sid */ //non-javadoc NOTE: if sid is null it would remove ACEs for all sid(s) private void deletePermissions(ObjectIdentity oid, Permission permission, Sid sid) /** throws AclDataAccessException */ { int i = 0; MutableAcl acl = getAcl(oid); List<AccessControlEntry> acel = acl.getEntries(); int aces = acel.size(); if (log.isDebugEnabled()) { log.debug("deletePermissions: for acl oid=" + oid.toString() + " found " + aces + " aces"); } ArrayList<Integer> foundAces = new ArrayList<Integer>(); Iterator iter = acel.listIterator(); //not possible to delete while iterating while (iter.hasNext()) { AccessControlEntry ace = (AccessControlEntry) iter.next(); if (sid != null) { if (ace.getSid().equals(sid) && ace.getPermission().equals(permission)) { foundAces.add(i); } } else { if (ace.getPermission().equals(permission)) { foundAces.add(i); } } i++; } for (int j = foundAces.size() - 1; j >= 0; j--) { //the following operation does not work while iterating in the while loop acl.deleteAce(foundAces.get(j)); //autobox } provider.getProviderAclService().updateAcl(acl); if (log.isDebugEnabled()) { log.debug("deletePermissions: for acl oid=" + oid.toString() + " deleted " + i + " aces"); } }
From source file:org.jtalks.jcommune.service.security.acl.AclGroupPermissionEvaluator.java
/** * Check if this <tt>permission</tt> is granted for specified <tt>sid</tt> * * @param sid sid to check permission for it * @param ace entry with security information (for sids) * @param permission permission to check * @param isCheckAllowedGrant flag that indicates what type of grant need to * be checked - 'allowed' (true) or 'restricted' (false) * @return <code>true</code> if this entry has specified <tt>permission</tt> * and type of grant./*from w w w . j av a2s. c o m*/ */ private boolean isGrantedForSid(Sid sid, AccessControlEntry ace, Permission permission, boolean isCheckAllowedGrant) { return ace.isGranting() == isCheckAllowedGrant && permission.equals(ace.getPermission()) && ((UniversalSid) sid).getSidId().equals(((UniversalSid) ace.getSid()).getSidId()); }
From source file:org.jtalks.jcommune.service.security.AclGroupPermissionEvaluator.java
/** * Check if this <tt>permission</tt> is granted for specified <tt>sid</tt> * * @param sid sid to check permission for it * @param ace entry with security information (for sids) * @param permission permission to check * @param isCheckAllowedGrant flag that indicates what type of grant need to * be checked - 'allowed' (true) or 'restricted' (false) * @return <code>true</code> if this entry has specified <tt>permission</tt> * and type of grant.//from w w w . j a v a 2 s. c o m */ private boolean isGrantedForSid(Sid sid, AccessControlEntry ace, Permission permission, boolean isCheckAllowedGrant) { return ((UniversalSid) sid).getSidId().equals(((UniversalSid) ace.getSid()).getSidId()) && permission.equals(ace.getPermission()) && (ace.isGranting() == isCheckAllowedGrant); }
From source file:org.jtalks.jcommune.service.security.PermissionManagerTest.java
private void givenGroupAces(Entity entity, JtalksPermission... permissions) { long entityId = entity.getId(); AuditLogger auditLogger = new ConsoleAuditLogger(); AclAuthorizationStrategy aclAuthorizationStrategy = new org.springframework.security.acls.domain.AclAuthorizationStrategyImpl( new GrantedAuthorityImpl("some_role")); ObjectIdentity entityIdentity = new AclUtil(null).createIdentity(entityId, entity.getClass().getSimpleName()); ExtendedMutableAcl mutableAcl = mock(ExtendedMutableAcl.class); List<AccessControlEntry> accessControlEntries = new ArrayList<>(); Acl acl = new AclImpl(entityIdentity, entityId + 1, aclAuthorizationStrategy, auditLogger); long lastGroupId = 1; for (int i = 0; i < permissions.length; i++) { for (int j = 0, count = RandomUtils.nextInt(20) + 10; j < count; j++) { Group group = randomGroup(lastGroupId++); groups.add(group);//from w w w . j a v a 2s.co m this.permissions.add(permissions[i]); groupAces.add( buildGroupAce(entity, permissions[i], (i % 2 == 1), acl, new UserGroupSid(group.getId()))); } AccessControlEntry controlEntry = mock(AccessControlEntry.class); when(controlEntry.getPermission()).thenReturn(permissions[i]); when(controlEntry.getSid()).thenReturn(UserSid.createAnonymous()); when(controlEntry.isGranting()).thenReturn((i % 2 == 1)); accessControlEntries.add(controlEntry); } when(mutableAcl.getEntries()).thenReturn(accessControlEntries); when(aclUtil.getAclFor(entity)).thenReturn(mutableAcl); }