List of usage examples for org.springframework.security.acls.model Acl isEntriesInheriting
boolean isEntriesInheriting();
From source file:com.ewcms.core.site.web.AclAction.java
public void query() { Channel channel = siteFac.getChannel(id); Acl acl = siteFac.findAclOfChannel(channel); if (acl == null || acl.getEntries() == null) { renderObject(new DataGrid(0, Collections.EMPTY_LIST)); return;/*from w ww .j a v a2 s. c om*/ } List<Map<String, Object>> items = permissionItems(acl.getEntries(), acl.isEntriesInheriting()); renderObject(new DataGrid(items.size(), items)); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withParentAcl_shouldLoadTheAcls() { Acl acl = fixture .readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Room", "1.1")); assertNotNull(acl);//w w w .ja v a 2 s .c o m assertEquals("com.cedac.smartresidence.profile.domain.Room", acl.getObjectIdentity().getType()); assertEquals("1.1", acl.getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getParentAcl().getObjectIdentity().getType()); assertEquals("1", acl.getParentAcl().getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().isEntriesInheriting()); assertEquals(6, acl.getParentAcl().getEntries().size()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1")); assertNotNull(acl);/* www .j av a 2 s . co m*/ assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withDoubleParentAcl_shouldLoadTheAcls() { Acl acl = fixture .readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Device", "1.1.1")); assertNotNull(acl);/*from w w w. ja v a 2s . c o m*/ assertEquals("com.cedac.smartresidence.profile.domain.Device", acl.getObjectIdentity().getType()); assertEquals("1.1.1", acl.getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Room", acl.getParentAcl().getObjectIdentity().getType()); assertEquals("1.1", acl.getParentAcl().getObjectIdentity().getIdentifier()); assertNotNull(acl.getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().isEntriesInheriting()); assertEquals(0, acl.getParentAcl().getEntries().size()); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getParentAcl().getParentAcl().getObjectIdentity().getType()); assertEquals("1", acl.getParentAcl().getParentAcl().getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl().getParentAcl().getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getParentAcl().getParentAcl().getOwner()); assertEquals(true, acl.getParentAcl().getParentAcl().isEntriesInheriting()); assertEquals(6, acl.getParentAcl().getParentAcl().getEntries().size()); }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withSid_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1"), Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com"))); assertNotNull(acl);/* w w w. ja v a2s.co m*/ assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(true, acl.isSidLoaded( Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com")))); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:com.cedac.security.acls.domain.BitMaskPermissionGrantingStrategy.java
@Override public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : aces) { //Bit-wise comparison if (containsPermission(ace.getPermission().getMask(), p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision will prevail if (ace.isGranting()) { // Success if (!administrativeMode) { auditLogger.logIfNeeded(true, ace); }/*from w w w . j ava2 s . com*/ return true; } // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission if (!administrativeMode) { auditLogger.logIfNeeded(false, firstRejection); } return false; } // No matches have been found so far if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { // We have a parent, so let them try to find a matching ACE return acl.getParentAcl().isGranted(permission, sids, false); } else { // We either have no parent, or we're the uppermost parent throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); } }