List of usage examples for org.springframework.security.acls.model Acl isGranted
boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException;
From source file:org.zkoss.spring.security.SecurityUtil.java
/** * Return true if the current Authentication has one of the specified * permissions to the presented domain object instance. * * @param hasPermission A comma separated list of integers, each * representing a required bit mask permission from a subclass of * {@link org.springframework.security.acl.basic.AbstractBasicAclEntry}. * @param domainObject The actual domain object instance for which permissions * are being evaluated./* ww w . j a va 2 s.c o m*/ * @return true if current Authentication has one of the specified permission * to the presented domain object instance. */ public static boolean isAccessible(String hasPermission, Object domainObject) { if (hasPermission == null || "".equals(hasPermission)) { return false; } initializeIfRequired(); final List<Permission> requiredPermissions = parsePermissions(hasPermission); Object resolvedDomainObject = domainObject; if (resolvedDomainObject == null) { // Of course they have access to a null object! return true; } if (SecurityContextHolder.getContext().getAuthentication() == null) { //SecurityContextHolder did not return a non-null Authentication object, so skipping tag body return false; } List<Sid> sids = _sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication()); ObjectIdentity oid = _objectIdentityRetrievalStrategy.getObjectIdentity(resolvedDomainObject); // Obtain aclEntrys applying to the current Authentication object try { final Acl acl = _aclService.readAclById(oid, sids); return acl.isGranted(requiredPermissions, sids, false); } catch (NotFoundException nfe) { return false; } }
From source file:com.sshdemo.common.security.acl.EwcmsAclPermissionEvaluator.java
private boolean checkPermission(Authentication authentication, ObjectIdentity oid, Object permission) { // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); List<Permission> requiredPermission = resolvePermission(permission); try {//from w w w. j ava2s .com // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(oid, sids); if (acl.isGranted(requiredPermission, sids, false)) { if (logger.isDebugEnabled()) { logger.debug("Access is granted"); } return true; } if (logger.isDebugEnabled()) { logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal"); } } catch (NotFoundException nfe) { if (logger.isDebugEnabled()) { logger.debug("Returning false - no ACLs apply for this principal"); } } return false; }
From source file:net.projectmonkey.spring.acl.enhancement.voter.AclEntryVoter.java
private int checkGranted(final List<Sid> sids, final Acl acl) { try {/*from w ww . jav a 2s.c o m*/ if (acl.isGranted(requirePermission, sids, false)) { if (logger.isDebugEnabled()) { logger.debug("Voting to grant access"); } return ACCESS_GRANTED; } else { if (logger.isDebugEnabled()) { logger.debug( "Voting to deny access - ACLs returned, but insufficient permissions for this principal"); } return ACCESS_DENIED; } } catch (NotFoundException nfe) { if (logger.isDebugEnabled()) { logger.debug("Voting to deny access - no ACLs apply for this principal"); } return ACCESS_DENIED; } }
From source file:de.randi2.aspects.SecurityAspects.java
/** * Aroung Aspect to secure the randomize prozess. * // ww w . j a va2s . c om * @param pjp * the pjp * * @return the object * * @throws Throwable * the throwable */ @Around("execution(public * de.randi2.services.*.randomize*(..))") @Transactional(propagation = Propagation.REQUIRED) public Object secRandomize(ProceedingJoinPoint pjp) throws Throwable { boolean allowedReadTrial = false; Trial trial = (Trial) pjp.getArgs()[0]; if (trial.getStatus() == TrialStatus.ACTIVE) { TrialSubject subject = (TrialSubject) pjp.getArgs()[1]; try { Acl acl = aclService.readAclById(new ObjectIdentityHibernate(Trial.class, trial.getId()), sidsOf(new PrincipalSid(SecurityContextHolder.getContext().getAuthentication()))); allowedReadTrial = acl.isGranted( permissionsOf(PermissionHibernate.READ, PermissionHibernate.ADMINISTRATION), sidsOf(new PrincipalSid(SecurityContextHolder.getContext().getAuthentication())), false); if (allowedReadTrial) { acl = aclService.readAclById(new ObjectIdentityHibernate(TrialSubject.class, subject.getId()), sidsOf(new PrincipalSid(SecurityContextHolder.getContext().getAuthentication()))); boolean allowedRandomize = acl.isGranted( permissionsOf(PermissionHibernate.CREATE, PermissionHibernate.ADMINISTRATION), sidsOf(new PrincipalSid(SecurityContextHolder.getContext().getAuthentication())), false); if (allowedRandomize) { return pjp.proceed(); } } } catch (NotFoundException e) { logger.info("The user (" + SecurityContextHolder.getContext().getAuthentication().getName() + ")have no permission to randomize in this trial!"); } throw new AccessDeniedException("You have not the permission to randomize in this trial!"); } else { throw new AccessDeniedException("It is not possible to randomize in this inactive trial!"); } }
From source file:de.randi2.jsf.supportBeans.PermissionVerifier.java
/** * Checks if the specified user account can be edited by the current user * @param user - user object which should be checked * @return//from w w w. j a v a 2 s . c o m */ public boolean isAllowedEditUser(Login user) { try { Acl acl = aclService.readAclById(new ObjectIdentityHibernate(Login.class, user.getId()), sidsOf(new PrincipalSid(loginHandler.getLoggedInUser().getUsername()))); return acl.isGranted(permissionsOf(PermissionHibernate.WRITE, PermissionHibernate.ADMINISTRATION), sidsOf(new PrincipalSid(loginHandler.getLoggedInUser().getUsername())), false); } catch (NotFoundException e) { return false; } }
From source file:de.randi2.jsf.supportBeans.PermissionVerifier.java
/** * Checks if the specified trial site can be edited by the current user * @param trialSite - trial site object which should be checked * @return/*from www . j a v a 2 s . c om*/ */ public boolean isAllowedEditTrialSite(TrialSite trialSite) { try { Acl acl = aclService.readAclById(new ObjectIdentityHibernate(TrialSite.class, trialSite.getId()), sidsOf(new PrincipalSid(loginHandler.getLoggedInUser().getUsername()))); return acl.isGranted(permissionsOf(PermissionHibernate.WRITE, PermissionHibernate.ADMINISTRATION), sidsOf(new PrincipalSid(loginHandler.getLoggedInUser().getUsername())), false); } catch (NotFoundException e) { return false; } }
From source file:com.trailmagic.image.security.SpringSecurityImageSecurityService.java
private boolean isGranted(Object target, Sid recipient, Permission permission) { List<Sid> sids = Arrays.asList(recipient); try {/* w w w. j a va2 s.c o m*/ final Acl acl = aclService.readAclById(identityRetrievalStrategy.getObjectIdentity(target), sids); return acl != null && acl.isGranted(Arrays.asList(permission), sids, false); } catch (NotFoundException e) { return false; } }
From source file:de.iew.services.impl.AclEditorServiceImpl.java
public void isGrantedOrDeny(Acl acl, Permission permission, Object securityIdentity) { Sid sid = makePrincipalSid(securityIdentity); List<Sid> sids = new ArrayList<Sid>(); sids.add(sid);//w w w. j av a 2 s.c o m List<Permission> permissions = new ArrayList<Permission>(); permissions.add(permission); if (!acl.isGranted(permissions, sids, false)) { } }
From source file:org.springframework.security.acls.AclEntryVoter.java
public int vote(Authentication authentication, MethodInvocation object, Collection<ConfigAttribute> attributes) { for (ConfigAttribute attr : attributes) { if (!this.supports(attr)) { continue; }// ww w. ja va2s . c o m // Need to make an access decision on this invocation // Attempt to locate the domain object instance to process Object domainObject = getDomainObjectInstance(object); // If domain object is null, vote to abstain if (domainObject == null) { if (logger.isDebugEnabled()) { logger.debug("Voting to abstain - domainObject is null"); } return ACCESS_ABSTAIN; } // Evaluate if we are required to use an inner domain object if (StringUtils.hasText(internalMethod)) { try { Class<?> clazz = domainObject.getClass(); Method method = clazz.getMethod(internalMethod, new Class[0]); domainObject = method.invoke(domainObject); } catch (NoSuchMethodException nsme) { throw new AuthorizationServiceException("Object of class '" + domainObject.getClass() + "' does not provide the requested internalMethod: " + internalMethod); } catch (IllegalAccessException iae) { logger.debug("IllegalAccessException", iae); throw new AuthorizationServiceException( "Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject); } catch (InvocationTargetException ite) { logger.debug("InvocationTargetException", ite); throw new AuthorizationServiceException( "Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject); } } // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject); // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); Acl acl; try { // Lookup only ACLs for SIDs we're interested in acl = aclService.readAclById(objectIdentity, sids); } catch (NotFoundException nfe) { if (logger.isDebugEnabled()) { logger.debug("Voting to deny access - no ACLs apply for this principal"); } return ACCESS_DENIED; } try { if (acl.isGranted(requirePermission, sids, false)) { if (logger.isDebugEnabled()) { logger.debug("Voting to grant access"); } return ACCESS_GRANTED; } else { if (logger.isDebugEnabled()) { logger.debug( "Voting to deny access - ACLs returned, but insufficient permissions for this principal"); } return ACCESS_DENIED; } } catch (NotFoundException nfe) { if (logger.isDebugEnabled()) { logger.debug("Voting to deny access - no ACLs apply for this principal"); } return ACCESS_DENIED; } } // No configuration attribute matched, so abstain return ACCESS_ABSTAIN; }
From source file:org.springframework.security.acls.AclPermissionEvaluator.java
private boolean checkPermission(Authentication authentication, ObjectIdentity oid, Object permission) { // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); List<Permission> requiredPermission = resolvePermission(permission); final boolean debug = logger.isDebugEnabled(); if (debug) {//from w ww. j a v a2 s .c om logger.debug("Checking permission '" + permission + "' for object '" + oid + "'"); } try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(oid, sids); if (acl.isGranted(requiredPermission, sids, false)) { if (debug) { logger.debug("Access is granted"); } return true; } if (debug) { logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal"); } } catch (NotFoundException nfe) { if (debug) { logger.debug("Returning false - no ACLs apply for this principal"); } } return false; }