List of usage examples for org.springframework.security.acls.model AccessControlEntry isGranting
boolean isGranting();
From source file:com.excilys.ebi.bank.service.impl.security.SimpleAclImpl.java
@Override public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException { AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : entries) { if ((ace.getPermission().getMask() == p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision // will prevail if (ace.isGranting()) { return true; }/*from w w w . j av a 2s . com*/ // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission return false; } // No matches have been found throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); }
From source file:com.cedac.security.acls.mongo.MongoMutableAclService.java
protected DBObject toDBObject(AccessControlEntry entry) { BasicDBObject dbo = new BasicDBObject(); dbo.put(sidFieldName, toDBObject(entry.getSid())); dbo.put(maskFieldName, entry.getPermission().getMask()); dbo.put(grantingFieldName, entry.isGranting()); if (entry instanceof AuditableAccessControlEntry) { AuditableAccessControlEntry ace = (AuditableAccessControlEntry) entry; dbo.put(auditSuccessFieldName, ace.isAuditSuccess()); dbo.put(auditFailureFieldName, ace.isAuditFailure()); }//from ww w . j a va 2 s.com return dbo; }
From source file:org.jtalks.poulpe.logic.PermissionManagerTest.java
private void givenGroupAces(Entity entity, JtalksPermission... permissions) { long entityId = entity.getId(); AuditLogger auditLogger = new ConsoleAuditLogger(); AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl( new GrantedAuthorityImpl("some_role")); ObjectIdentity entityIdentity = new AclUtil(null).createIdentity(entityId, entity.getClass().getSimpleName()); ExtendedMutableAcl mutableAcl = mock(ExtendedMutableAcl.class); List<AccessControlEntry> accessControlEntries = new ArrayList<AccessControlEntry>(); Acl acl = new AclImpl(entityIdentity, entityId + 1, aclAuthorizationStrategy, auditLogger); long lastGroupId = 1; for (int i = 0; i < permissions.length; i++) { for (int j = 0, count = RandomUtils.nextInt(20) + 10; j < count; j++) { Group group = randomGroup(lastGroupId++); groups.add(group);//w ww .j a v a2s .c om this.permissions.add(permissions[i]); groupAces.add( buildGroupAce(entity, permissions[i], (i % 2 == 1), acl, new UserGroupSid(group.getId()))); } AccessControlEntry controlEntry = mock(AccessControlEntry.class); when(controlEntry.getPermission()).thenReturn(permissions[i]); when(controlEntry.getSid()).thenReturn(UserSid.createAnonymous()); when(controlEntry.isGranting()).thenReturn((i % 2 == 1)); accessControlEntries.add(controlEntry); } when(mutableAcl.getEntries()).thenReturn(accessControlEntries); when(aclUtil.getAclFor(entity)).thenReturn(mutableAcl); }
From source file:com.cedac.security.acls.domain.BitMaskPermissionGrantingStrategy.java
@Override public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : aces) { //Bit-wise comparison if (containsPermission(ace.getPermission().getMask(), p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision will prevail if (ace.isGranting()) { // Success if (!administrativeMode) { auditLogger.logIfNeeded(true, ace); }//from w ww .j ava 2 s . c o m return true; } // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission if (!administrativeMode) { auditLogger.logIfNeeded(false, firstRejection); } return false; } // No matches have been found so far if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { // We have a parent, so let them try to find a matching ACE return acl.getParentAcl().isGranted(permission, sids, false); } else { // We either have no parent, or we're the uppermost parent throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); } }
From source file:org.jtalks.poulpe.logic.PermissionManager.java
/** * Gets {@link org.jtalks.poulpe.model.dto.GroupsPermissions} for provided {@link Entity}. * * @param permissions the list of permissions to get * @param entity the entity to get for * @return {@link org.jtalks.poulpe.model.dto.GroupsPermissions} for provided {@link Entity} *//*from w ww . ja v a2s .co m*/ public <T extends JtalksPermission> GroupsPermissions<T> getPermissionsMapFor(List<T> permissions, Entity entity) { GroupsPermissions<T> groupsPermissions = new GroupsPermissions<T>(permissions); List<GroupAce> groupAces = aclManager.getGroupPermissionsOn(entity); for (T permission : permissions) { for (GroupAce groupAce : groupAces) { if (groupAce.getPermissionMask() == permission.getMask()) { groupsPermissions.add(permission, getGroup(groupAce), groupAce.isGranting()); } } for (AccessControlEntry controlEntry : aclUtil.getAclFor(entity).getEntries()) { if (controlEntry.getPermission().equals(permission) && ((UniversalSid) controlEntry.getSid()) .getSidId().equals(UserSid.createAnonymous().getSidId())) { groupsPermissions.add(permission, AnonymousGroup.ANONYMOUS_GROUP, controlEntry.isGranting()); } } } return groupsPermissions; }
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepository.java
private AccessControlEntryValue createAceValue(final AccessControlEntry ace) { Serializable aceId = ace.getId(); // we require the ACE ids to be uuids for ease of serialization / // deserialization UUID id = (UUID) (aceId != null && aceId instanceof UUID ? aceId : UUID.randomUUID()); return new AccessControlEntryValue(id, ace.getSid(), ace.getPermission(), ace.isGranting()); }
From source file:org.apache.kylin.rest.service.AccessService.java
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg, boolean isCaseSensitive) { if (null == acl) { return Collections.emptyList(); }/*from www. j a v a 2 s. c o m*/ List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); for (AccessControlEntry ace : acl.getEntries()) { if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) { continue; } result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } return result; }
From source file:org.apache.kylin.rest.service.AccessService.java
public Object generateAllAceResponses(Acl acl) { List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); while (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { result.add(// ww w . j a v a2 s . c o m new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } acl = acl.getParentAcl(); } return result; }
From source file:org.jtalks.jcommune.service.security.acl.AclGroupPermissionEvaluator.java
/** * Check if this <tt>permission</tt> is granted for specified <tt>sid</tt> * * @param sid sid to check permission for it * @param ace entry with security information (for sids) * @param permission permission to check * @param isCheckAllowedGrant flag that indicates what type of grant need to * be checked - 'allowed' (true) or 'restricted' (false) * @return <code>true</code> if this entry has specified <tt>permission</tt> * and type of grant./*from ww w. ja va 2 s .c o m*/ */ private boolean isGrantedForSid(Sid sid, AccessControlEntry ace, Permission permission, boolean isCheckAllowedGrant) { return ace.isGranting() == isCheckAllowedGrant && permission.equals(ace.getPermission()) && ((UniversalSid) sid).getSidId().equals(((UniversalSid) ace.getSid()).getSidId()); }
From source file:org.jtalks.jcommune.service.security.AclGroupPermissionEvaluator.java
/** * Check if this <tt>permission</tt> is granted for specified <tt>sid</tt> * * @param sid sid to check permission for it * @param ace entry with security information (for sids) * @param permission permission to check * @param isCheckAllowedGrant flag that indicates what type of grant need to * be checked - 'allowed' (true) or 'restricted' (false) * @return <code>true</code> if this entry has specified <tt>permission</tt> * and type of grant.//from ww w . j a v a 2s . c o m */ private boolean isGrantedForSid(Sid sid, AccessControlEntry ace, Permission permission, boolean isCheckAllowedGrant) { return ((UniversalSid) sid).getSidId().equals(((UniversalSid) ace.getSid()).getSidId()) && permission.equals(ace.getPermission()) && (ace.isGranting() == isCheckAllowedGrant); }