List of usage examples for org.springframework.security.acls.model Acl isGranted
boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException;
From source file:ubic.gemma.security.authorization.acl.AclCollectionEntryVoter.java
@Override public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { for (ConfigAttribute attr : attributes) { if (!this.supports(attr)) { continue; }/*from w ww. j a va 2 s.c o m*/ /* * This is what makes the decision on the invocation */ Collection<?> coll = getCollectionInstance(object); if (coll == null) { continue; } for (Object domainObject : coll) { // If domain object is null, vote to abstain if (domainObject == null) { continue; } // Evaluate if we are required to use an inner domain object if (StringUtils.hasText(getInternalMethod())) { try { Class<?> clazz = domainObject.getClass(); Method method = clazz.getMethod(getInternalMethod(), new Class[0]); domainObject = method.invoke(domainObject, new Object[0]); } catch (NoSuchMethodException nsme) { throw new AuthorizationServiceException("Object of class '" + domainObject.getClass() + "' does not provide the requested internalMethod: " + getInternalMethod()); } catch (IllegalAccessException iae) { logger.debug("IllegalAccessException", iae); throw new AuthorizationServiceException("Problem invoking internalMethod: " + getInternalMethod() + " for object: " + domainObject); } catch (InvocationTargetException ite) { logger.debug("InvocationTargetException", ite); throw new AuthorizationServiceException("Problem invoking internalMethod: " + getInternalMethod() + " for object: " + domainObject); } } // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject); // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); Acl acl; try { // Lookup only ACLs for SIDs we're interested in acl = aclService.readAclById(objectIdentity, sids); } catch (NotFoundException nfe) { if (logger.isDebugEnabled()) { logger.debug("Voting to deny access - no ACLs apply for this principal: " + domainObject); } return ACCESS_DENIED; } try { if (!acl.isGranted(requirePermission, sids, false)) { if (logger.isDebugEnabled()) { logger.debug( "Voting to deny access - ACLs returned, but insufficient permissions for this principal"); } return ACCESS_DENIED; } } catch (NotFoundException nfe) { if (logger.isDebugEnabled()) { logger.debug("Voting to deny access - no ACLs apply for this principal"); } return ACCESS_DENIED; } } // No denials, so we're allowing access. if (logger.isDebugEnabled()) { logger.debug("Voting to grant access: " + coll); } return ACCESS_GRANTED; } // No configuration attribute matched, so abstain return ACCESS_ABSTAIN; }
From source file:ubic.gemma.security.SecurityServiceImpl.java
@Override public boolean hasPermission(SecureValueObject svo, List<Permission> requiredPermissions, Authentication authentication) { List<Sid> sids = sidRetrievalStrategy.getSids(authentication); Acl acl = null; ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(svo); try {/*from w ww . java2s. c o m*/ // Lookup only ACLs for SIDs we're interested in (this actually get them all) acl = aclService.readAclById(objectIdentity, sids); // administrative mode = false return acl.isGranted(requiredPermissions, sids, false); } catch (NotFoundException ignore) { return false; } }
From source file:ubic.gemma.security.SecurityServiceImpl.java
@Override public Map<SecureValueObject, Boolean> hasPermission(Collection<SecureValueObject> svos, List<Permission> requiredPermissions, Authentication authentication) { Map<SecureValueObject, Boolean> result = new HashMap<SecureValueObject, Boolean>(); if (svos.isEmpty()) return result; Map<ObjectIdentity, SecureValueObject> objectIdentities = getValueObjectIdentities(svos); /*/*w ww.j av a 2 s . c om*/ * Take advantage of fast bulk loading of ACLs. */ Map<ObjectIdentity, Acl> acls = aclService .readAclsById(new Vector<ObjectIdentity>(objectIdentities.keySet())); assert !acls.isEmpty(); List<Sid> sids = sidRetrievalStrategy.getSids(authentication); assert !sids.isEmpty(); for (ObjectIdentity oi : acls.keySet()) { Acl acl = acls.get(oi); try { boolean granted = acl.isGranted(requiredPermissions, sids, false); result.put(objectIdentities.get(oi), granted); } catch (NotFoundException ignore) { // this won't happen? /* * The user is anonymous. */ result.put(objectIdentities.get(oi), false); } } return result; }
From source file:ubic.gemma.security.SecurityServiceImpl.java
/** * @param domainObject/*from ww w. j a v a 2 s. c o m*/ * @param requiredPermissions * @param groupName * @return */ private boolean groupHasPermission(Securable domainObject, List<Permission> requiredPermissions, String groupName) { ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject); List<GrantedAuthority> auths = userManager.findGroupAuthorities(groupName); List<Sid> sids = new ArrayList<Sid>(); for (GrantedAuthority a : auths) { GrantedAuthoritySid sid = new GrantedAuthoritySid( new GrantedAuthorityImpl(userManager.getRolePrefix() + a.getAuthority())); sids.add(sid); } try { // Lookup only ACLs for SIDs we're interested in (this actually get them all) Acl acl = aclService.readAclById(objectIdentity, sids); // administrative mode = true return acl.isGranted(requiredPermissions, sids, true); } catch (NotFoundException ignore) { return false; } }
From source file:ubic.gemma.security.SecurityServiceImpl.java
private boolean hasPermission(Securable domainObject, List<Permission> requiredPermissions, String userName) { // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject); // Obtain the SIDs applicable to the principal UserDetails user = userManager.loadUserByUsername(userName); Authentication authentication = new UsernamePasswordAuthenticationToken(userName, user.getPassword(), user.getAuthorities());/*from ww w . j ava 2 s . co m*/ List<Sid> sids = sidRetrievalStrategy.getSids(authentication); Acl acl = null; try { // Lookup only ACLs for SIDs we're interested in (this actually get them all) acl = aclService.readAclById(objectIdentity, sids); // administrative mode = true return acl.isGranted(requiredPermissions, sids, true); } catch (NotFoundException ignore) { return false; } }