List of usage examples for org.springframework.security.acls.model Acl getEntries
List<AccessControlEntry> getEntries();
From source file:sample.contact.web.admin.MenuAdminController.java
@RequestMapping("/admin/menu.html") public ModelAndView menu(@RequestParam("menu") Long id) { Map<String, Object> model = new HashMap<String, Object>(); model.put("menu", id); ObjectIdentity identity = new ObjectIdentityImpl(Menu.class.getCanonicalName(), id); Acl acl = aclService.readAclById(identity); model.put("owner", acl.getOwner()); model.put("entries", acl.getEntries()); return new ModelAndView("admin/menu.html", model); }
From source file:com.sshdemo.common.security.acl.service.EwcmsAclService.java
@Override public List<AccessControlEntry> findAces(final ObjectIdentity objectIdentity) { try {//from ww w . j a v a2 s .co m final Acl acl = readAclById(objectIdentity); return acl.getEntries(); } catch (NotFoundException e) { logger.debug("Not found acl by {}", objectIdentity.toString()); return new ArrayList<AccessControlEntry>(); } }
From source file:com.cedac.security.acls.domain.BitMaskPermissionGrantingStrategy.java
@Override public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : aces) { //Bit-wise comparison if (containsPermission(ace.getPermission().getMask(), p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision will prevail if (ace.isGranting()) { // Success if (!administrativeMode) { auditLogger.logIfNeeded(true, ace); }/*w ww.jav a 2s . com*/ return true; } // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission if (!administrativeMode) { auditLogger.logIfNeeded(false, firstRejection); } return false; } // No matches have been found so far if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { // We have a parent, so let them try to find a matching ACE return acl.getParentAcl().isGranted(permission, sids, false); } else { // We either have no parent, or we're the uppermost parent throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); } }
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepositoryTest.java
@Test public void update() { ObjectIdentityImpl id = new ObjectIdentityImpl(HBaseACLRepository.class, "id1"); MutableAcl acl1 = underTest.create(id); assertNotNull(acl1);//w w w . ja v a 2 s .c om assertTrue(underTest.isThereAnAclFor(id)); acl1.insertAce(0, BasePermission.CREATE, new PrincipalSid(SOME_PRINCIPAL), true); underTest.update(acl1); Acl returned = underTest.getAclById(id); List<AccessControlEntry> entries = returned.getEntries(); assertEquals(1, entries.size()); }
From source file:eu.europeana.aas.acl.CassandraMutableAclService.java
/** * Converts an {@link Acl} to a list of {@link AclEntry} objects. * * @param acl the {@link Acl} to convert. * @return the list of derived {@link AclEntry} objects. *//*from w w w . j a v a 2 s . co m*/ private List<AclEntry> convertToAclEntries(Acl acl) { List<AclEntry> result = new ArrayList<>(); for (AccessControlEntry entry : acl.getEntries()) { result.add(new AclEntry(entry)); } return result; }
From source file:com.ewcms.core.site.web.AclAction.java
public void query() { Channel channel = siteFac.getChannel(id); Acl acl = siteFac.findAclOfChannel(channel); if (acl == null || acl.getEntries() == null) { renderObject(new DataGrid(0, Collections.EMPTY_LIST)); return;//from w w w . j a v a 2 s . co m } List<Map<String, Object>> items = permissionItems(acl.getEntries(), acl.isEntriesInheriting()); renderObject(new DataGrid(items.size(), items)); }
From source file:com.sshdemo.common.security.acl.service.EwcmsAclService.java
private void getPermissions(final Set<Permission> permissions, final Acl acl, final List<Sid> sids) { for (Sid sid : sids) { for (AccessControlEntry ace : acl.getEntries()) { if (ace.getSid().equals(sid)) { permissions.add(ace.getPermission()); break; }/*from w ww . j a v a 2 s .c om*/ } } if (acl.getParentAcl() != null) { getPermissions(permissions, acl.getParentAcl(), sids); } }
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepositoryTest.java
@Test public void acesAreReturnedInTheOrderTheyWerePriorToPersistence() { SimpleAcl acl = createAcl("id1"); acl.insertAce(UUID.randomUUID(), 0, BasePermission.WRITE, new GrantedAuthoritySid("another authority"), true);/*w ww .ja v a 2s . c om*/ acl.insertAce(UUID.randomUUID(), 0, BasePermission.READ, new GrantedAuthoritySid("another authority"), true); assertEquals(3, acl.getEntries().size()); underTest.update(acl); ObjectIdentity oid1 = acl.getObjectIdentity(); PrincipalSid owner = new PrincipalSid(SOME_PRINCIPAL); // the owner is taken from the currently logged in user Acl returned = underTest.getAclById(oid1); SimpleAcl expectedAcl = new SimpleAcl(acl.getObjectIdentity(), owner, acl.getEntries(), null, null); assertEquals(expectedAcl, returned); assertEquals(acl.getEntries().get(0), returned.getEntries().get(0)); assertEquals(acl.getEntries().get(1), returned.getEntries().get(1)); assertEquals(acl.getEntries().get(2), returned.getEntries().get(2)); }
From source file:org.createnet.raptor.auth.service.services.AclManagerService.java
public List<Permission> getPermissionList(UserSid sid, ObjectIdentity oid) { List<Permission> permissionsList = new ArrayList(); // Lookup only ACLs for SIDs we're interested in Acl acl = null; try {//from ww w .jav a 2 s . c o m acl = aclService.readAclById(oid, Arrays.asList(sid)); } catch (Exception e) { return permissionsList; } List<AccessControlEntry> aces = acl.getEntries(); aces.stream().forEach((ace) -> { String aceUuid = ((PrincipalSid) ace.getSid()).getPrincipal(); String sidUuid = sid.getUser().getUuid(); if (!(!sidUuid.equals(aceUuid))) { if (!(!ace.isGranting())) { permissionsList.add(ace.getPermission()); } } }); return permissionsList; }
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepository.java
private Put createPut(final Acl acl, final AclRecord record) { Put put = new Put(record.getKey()); put.add(ACL_FAMILY, ACL_ID_TYPE_QUALIFIER, record.getIdTypeBytes()); put.add(ACL_FAMILY, ACL_TYPE_QUALIFIER, record.getTypeBytes()); put.add(ACL_FAMILY, ACL_OWNER_QUALIFIER, record.getOwnerBytes()); List<AccessControlEntry> entries = acl.getEntries(); int i = 0;/*from w w w .j ava 2s. c o m*/ for (AccessControlEntry ace : entries) { AccessControlEntryKey aceKey = new AccessControlEntryKey(i); AccessControlEntryValue aceValue = createAceValue(ace); put.add(ACE_FAMILY, aceKey.getKey(), aceValue.getKey()); i++; } return put; }