List of usage examples for org.springframework.security.acls.model Acl getParentAcl
Acl getParentAcl();
From source file:com.sshdemo.common.security.acl.service.EwcmsAclService.java
private void getPermissions(final Set<Permission> permissions, final Acl acl, final List<Sid> sids) { for (Sid sid : sids) { for (AccessControlEntry ace : acl.getEntries()) { if (ace.getSid().equals(sid)) { permissions.add(ace.getPermission()); break; }/*ww w . j a v a 2 s . c o m*/ } } if (acl.getParentAcl() != null) { getPermissions(permissions, acl.getParentAcl(), sids); } }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withParentAcl_shouldLoadTheAcls() { Acl acl = fixture .readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Room", "1.1")); assertNotNull(acl);//from w ww.j a va 2 s . c o m assertEquals("com.cedac.smartresidence.profile.domain.Room", acl.getObjectIdentity().getType()); assertEquals("1.1", acl.getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getParentAcl().getObjectIdentity().getType()); assertEquals("1", acl.getParentAcl().getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().isEntriesInheriting()); assertEquals(6, acl.getParentAcl().getEntries().size()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1")); assertNotNull(acl);//from w ww . jav a 2s. com assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withDoubleParentAcl_shouldLoadTheAcls() { Acl acl = fixture .readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Device", "1.1.1")); assertNotNull(acl);//from w w w . j a va 2 s .c o m assertEquals("com.cedac.smartresidence.profile.domain.Device", acl.getObjectIdentity().getType()); assertEquals("1.1.1", acl.getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Room", acl.getParentAcl().getObjectIdentity().getType()); assertEquals("1.1", acl.getParentAcl().getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().isEntriesInheriting()); assertEquals(0, acl.getParentAcl().getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getParentAcl().getParentAcl().getObjectIdentity().getType()); assertEquals("1", acl.getParentAcl().getParentAcl().getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl().getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().getParentAcl().isEntriesInheriting()); assertEquals(6, acl.getParentAcl().getParentAcl().getEntries().size()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withSid_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1"), Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com"))); assertNotNull(acl);/*from ww w . ja v a2 s .com*/ assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(true, acl.isSidLoaded( Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com")))); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:com.cedac.security.acls.domain.BitMaskPermissionGrantingStrategy.java
@Override public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : aces) { //Bit-wise comparison if (containsPermission(ace.getPermission().getMask(), p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision will prevail if (ace.isGranting()) { // Success if (!administrativeMode) { auditLogger.logIfNeeded(true, ace); }//w ww .ja v a 2 s. c om return true; } // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission if (!administrativeMode) { auditLogger.logIfNeeded(false, firstRejection); } return false; } // No matches have been found so far if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { // We have a parent, so let them try to find a matching ACE return acl.getParentAcl().isGranted(permission, sids, false); } else { // We either have no parent, or we're the uppermost parent throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); } }
From source file:org.apache.kylin.rest.service.AccessService.java
public Object generateAllAceResponses(Acl acl) { List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); while (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { result.add(/*from w ww .j av a 2 s . co m*/ new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } acl = acl.getParentAcl(); } return result; }
From source file:ubc.pavlab.aspiredb.server.security.authorization.acl.AclTestUtils.java
public Acl getParentAcl(Object f) { Acl a = getAcl(f); Acl parentAcl = a.getParentAcl(); return parentAcl; }
From source file:ubic.gemma.core.security.authorization.acl.AclAdviceTest.java
@Test public void testExpressionExperimentAcls() { ExpressionExperiment ee = this.getTestPersistentCompleteExpressionExperiment(false); aclTestUtils.checkEEAcls(ee);//from w w w . j a v a2s .c om /* * Make public, and then add a factor and factorvalue. */ securityService.makePublic(ee); ExperimentalFactor ef = ExperimentalFactor.Factory.newInstance(); Characteristic cat = Characteristic.Factory.newInstance(); cat.setCategory("foo"); cat.setCategoryUri("bar"); ef.setName("TESTING ACLS"); ef.setCategory(cat); ef.setType(FactorType.CATEGORICAL); ef = expressionExperimentService.addFactor(ee, ef); FactorValue fv = FactorValue.Factory.newInstance(ef); fv.setValue("ack"); fv = FactorValue.Factory.newInstance(ef); fv.setValue("adddck"); expressionExperimentService.addFactorValue(ee, fv); securityService.makePrivate(ee); aclTestUtils.checkEEAcls(ee); /* * Now associate with ee set, remove the set and then the ee, make sure things are done correctly! */ ExpressionExperimentSet ees = ExpressionExperimentSet.Factory.newInstance(); ees.getExperiments().add(ee); ees.setName(this.randomName()); persisterHelper.persist(ees); // make sure the ACL for objects are there (throws an exception if not). Acl eeacl = aclService.readAclById(new AclObjectIdentity(ee)); aclService.readAclById(new AclObjectIdentity(ees)); assertNull(eeacl.getParentAcl()); expressionExperimentSetService.remove(ees); // make sure ACL for ees is gone aclTestUtils.checkDeletedAcl(ees); // make sure the ACL for ee is still there aclTestUtils.checkHasAcl(ee); expressionExperimentService.remove(ee); aclTestUtils.checkDeleteEEAcls(ee); }
From source file:ubic.gemma.security.authorization.acl.AclAdvice.java
/** * Kick off an update. This is executed when we call fooService.update(s). The basic issue is to add permissions for * any <em>new</em> associated objects. * /*from w w w.j a v a 2s. c o m*/ * @param m the update method * @param s the securable being updated. */ private void startUpdate(String m, Securable s) { ObjectIdentity oi = makeObjectIdentity(s); if (oi == null) { throw new IllegalStateException( "On 'update' methods, object should have a valid objectIdentity available. Method=" + m + " on " + s); } Acl parentAcl = null; try { Acl acl = aclService.readAclById(oi); parentAcl = acl.getParentAcl(); // can be null. } catch (NotFoundException nfe) { /* * Then, this shouldn't be an update. */ log.warn("On 'update' methods, there should be a ACL on the passed object already. Method=" + m + " on " + s); } addOrUpdateAcl(s, parentAcl); processAssociations(m, s, parentAcl); }