List of usage examples for org.springframework.security.acls.model Acl getObjectIdentity
ObjectIdentity getObjectIdentity();
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepositoryTest.java
@Test public void retrievingACLValuesWithNoSidsSpecified() { Acl acl1 = createAcl("id1"); createAcl("id2"); Acl acl3 = createAcl("id3"); ObjectIdentity oid1 = acl1.getObjectIdentity(); ObjectIdentity oid3 = acl3.getObjectIdentity(); Map<ObjectIdentity, Acl> returned = underTest.getAclsById(Arrays.asList(oid1, oid3), null); assertEquals(2, returned.size());/* ww w .ja v a 2s . co m*/ Acl returnedAcl1 = returned.get(oid1); assertEquals(acl1, returnedAcl1); Acl returnedAcl3 = returned.get(oid3); assertEquals(acl3, returnedAcl3); }
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepositoryTest.java
@Test public void retrievingACLValuesWithSomeSidsSpecifiedLoadsAllRelevantAclsRegardlessOfWhetherACEsExistForTheSids() { Acl acl1 = createAcl("id1"); createAcl("id2"); Acl acl3 = createAcl("id3"); ObjectIdentity oid1 = acl1.getObjectIdentity(); ObjectIdentity oid3 = acl3.getObjectIdentity(); PrincipalSid owner = new PrincipalSid(SOME_PRINCIPAL); // the owner is taken from the currently logged in user List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid(SOME_PRINCIPAL)); Map<ObjectIdentity, Acl> returned = underTest.getAclsById(Arrays.asList(oid1, oid3), sids); assertEquals(2, returned.size());/*from ww w . j a va 2 s . c om*/ Acl returnedAcl1 = returned.get(oid1); SimpleAcl expectedAcl1 = new SimpleAcl(acl1.getObjectIdentity(), owner, acl1.getEntries(), sids, null); assertEquals(expectedAcl1, returnedAcl1); Acl returnedAcl3 = returned.get(oid3); SimpleAcl expectedAcl3 = new SimpleAcl(acl3.getObjectIdentity(), owner, acl3.getEntries(), sids, null); assertEquals(expectedAcl3, returnedAcl3); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withParentAcl_shouldLoadTheAcls() { Acl acl = fixture .readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Room", "1.1")); assertNotNull(acl);/* w w w . java2 s . c o m*/ assertEquals("com.cedac.smartresidence.profile.domain.Room", acl.getObjectIdentity().getType()); assertEquals("1.1", acl.getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getParentAcl().getObjectIdentity().getType()); assertEquals("1", acl.getParentAcl().getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().isEntriesInheriting()); assertEquals(6, acl.getParentAcl().getEntries().size()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withDoubleParentAcl_shouldLoadTheAcls() { Acl acl = fixture .readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Device", "1.1.1")); assertNotNull(acl);// w w w. j a v a 2 s . c o m assertEquals("com.cedac.smartresidence.profile.domain.Device", acl.getObjectIdentity().getType()); assertEquals("1.1.1", acl.getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Room", acl.getParentAcl().getObjectIdentity().getType()); assertEquals("1.1", acl.getParentAcl().getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().isEntriesInheriting()); assertEquals(0, acl.getParentAcl().getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getParentAcl().getParentAcl().getObjectIdentity().getType()); assertEquals("1", acl.getParentAcl().getParentAcl().getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl().getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().getParentAcl().isEntriesInheriting()); assertEquals(6, acl.getParentAcl().getParentAcl().getEntries().size()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1")); assertNotNull(acl);//from w w w . ja v a 2s . c o m assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withSid_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1"), Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com"))); assertNotNull(acl);/* w w w .jav a2s .co m*/ assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(true, acl.isSidLoaded( Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com")))); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:org.bremersee.common.security.acls.jdbc.BasicLookupStrategy.java
/** * Looks up a batch of <code>ObjectIdentity</code>s directly from the database. * <p>/* w ww.j av a2 s .c om*/ * The caller is responsible for optimization issues, such as selecting the identities * to lookup, ensuring the cache doesn't contain them already, and adding the returned * elements to the cache etc. * <p> * This subclass is required to return fully valid <code>Acl</code>s, including * properly-configured parent ACLs. * */ private Map<ObjectIdentity, Acl> lookupObjectIdentities(final Collection<ObjectIdentity> objectIdentities, List<Sid> sids) { Assert.notEmpty(objectIdentities, "Must provide identities to lookup"); final Map<Serializable, Acl> acls = new HashMap<>(); // contains // Acls // with // StubAclParents // Make the "acls" map contain all requested objectIdentities // (including markers to each parent in the hierarchy) String sql = computeRepeatingSql(lookupObjectIdentitiesWhereClause, objectIdentities.size()); Set<Long> parentsToLookup = jdbcTemplate.query(sql, new PreparedStatementSetter() { // NOSONAR @Override public void setValues(PreparedStatement ps) throws SQLException { int i = 0; for (ObjectIdentity oid : objectIdentities) { // Determine prepared statement values for this iteration String type = oid.getType(); // No need to check for nulls, as guaranteed non-null by // ObjectIdentity.getIdentifier() interface contract String identifier = oid.getIdentifier().toString(); // Changed by Christian Bremer (cbr) //long id = (Long.valueOf(identifier)).longValue(); // NOSONAR // Inject values //ps.setString((2 * i) + 1, id); // NOSONAR ps.setString((2 * i) + 1, identifier); ps.setString((2 * i) + 2, type); i++; } } }, new ProcessResultSet(acls, sids)); // Lookup the parents, now that our JdbcTemplate has released the database // connection (SEC-547) if (!parentsToLookup.isEmpty()) { lookupPrimaryKeys(acls, parentsToLookup, sids); } // Finally, convert our "acls" containing StubAclParents into true Acls Map<ObjectIdentity, Acl> resultMap = new HashMap<>(); for (Acl inputAcl : acls.values()) { Assert.isInstanceOf(AclImpl.class, inputAcl, "Map should have contained an AclImpl"); Assert.isInstanceOf(Long.class, ((AclImpl) inputAcl).getId(), "Acl.getId() must be Long"); Acl result = convert(acls, (Long) ((AclImpl) inputAcl).getId()); resultMap.put(result.getObjectIdentity(), result); } return resultMap; }
From source file:org.bremersee.common.security.acls.jdbc.BasicLookupStrategy.java
/** * The main method./*from w w w. ja v a 2s. com*/ * <p> * WARNING: This implementation completely disregards the "sids" argument! Every item * in the cache is expected to contain all SIDs. If you have serious performance needs * (e.g. a very large number of SIDs per object identity), you'll probably want to * develop a custom {@link LookupStrategy} implementation instead. * <p> * The implementation works in batch sizes specified by {@link #batchSize}. * * @param objects the identities to lookup (required) * @param sids the SIDs for which identities are required (ignored by this * implementation) * * @return a <tt>Map</tt> where keys represent the {@link ObjectIdentity} of the * located {@link Acl} and values are the located {@link Acl} (never <tt>null</tt> * although some entries may be missing; this method should not throw * {@link NotFoundException}, as a chain of {@link LookupStrategy}s may be used to * automatically create entries if required) */ @Override public final Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, // NOSONAR List<Sid> sids) { Assert.isTrue(batchSize >= 1, "BatchSize must be >= 1"); Assert.notEmpty(objects, "Objects to lookup required"); // Map<ObjectIdentity,Acl> Map<ObjectIdentity, Acl> result = new HashMap<>(); // contains // FULLY // loaded // Acl // objects Set<ObjectIdentity> currentBatchToLoad = new HashSet<>(); for (int i = 0; i < objects.size(); i++) { final ObjectIdentity oid = objects.get(i); boolean aclFound = false; // Check we don't already have this ACL in the results if (result.containsKey(oid)) { aclFound = true; } // Check cache for the present ACL entry if (!aclFound) { Acl acl = aclCache.getFromCache(oid); // Ensure any cached element supports all the requested SIDs // (they should always, as our base impl doesn't filter on SID) if (acl != null) { if (acl.isSidLoaded(sids)) { // NOSONAR result.put(acl.getObjectIdentity(), acl); aclFound = true; } else { throw new IllegalStateException( "Error: SID-filtered element detected when implementation does not perform SID filtering " + "- have you added something to the cache manually?"); } } } // Load the ACL from the database if (!aclFound) { currentBatchToLoad.add(oid); } // Is it time to load from JDBC the currentBatchToLoad? if ((currentBatchToLoad.size() == this.batchSize) || ((i + 1) == objects.size())) { if (!currentBatchToLoad.isEmpty()) { // NOSONAR Map<ObjectIdentity, Acl> loadedBatch = lookupObjectIdentities(currentBatchToLoad, sids); // Add loaded batch (all elements 100% initialized) to results result.putAll(loadedBatch); // Add the loaded batch to the cache for (Acl loadedAcl : loadedBatch.values()) { // NOSONAR aclCache.putInCache((AclImpl) loadedAcl); } currentBatchToLoad.clear(); } } } return result; }
From source file:ubc.pavlab.aspiredb.server.security.authorization.acl.AclTestUtils.java
public void checkHasAclParent(Object f, Object parent) { Acl parentAcl = getParentAcl(f); assertNotNull("No ACL for parent of " + f, parentAcl); if (parent != null) { Acl b = getAcl(parent);//w w w . j av a 2 s .c o m assertEquals(b, parentAcl); } assertNotNull(parentAcl); log.debug("ACL has correct parent for " + f + " <----- " + parentAcl.getObjectIdentity()); }