List of usage examples for org.springframework.security.acls.model Acl isSidLoaded
boolean isSidLoaded(List<Sid> sids);
From source file:eu.europeana.aas.acl.CassandraAclService.java
@Override public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException { Assert.notEmpty(objects, "Objects to lookup required"); if (LOG.isDebugEnabled()) { LOG.debug("BEGIN readAclById: objectIdentities: " + objects + ", sids: " + sids); }//from w w w . j a v a 2 s . c om // contains FULLY loaded Acl objects Map<ObjectIdentity, Acl> result = new HashMap<>(); List<ObjectIdentity> objectsToLookup = new ArrayList<>(objects); // Check for Acls in the cache if (aclCache != null) { for (ObjectIdentity oi : objects) { boolean aclLoaded = false; Acl acl = aclCache.getFromCache(oi); if (acl != null && acl.isSidLoaded(sids)) { // Ensure any cached element supports all the requested SIDs result.put(oi, acl); aclLoaded = true; } if (aclLoaded) { objectsToLookup.remove(oi); } } } if (!objectsToLookup.isEmpty()) { Map<ObjectIdentity, Acl> loadedAcls = doLookup(objectsToLookup); result.putAll(loadedAcls); // Put loaded Acls in the cache if (aclCache != null) { for (Acl loadedAcl : loadedAcls.values()) { aclCache.putInCache((AclImpl) loadedAcl); } } } for (ObjectIdentity oid : objects) { if (!result.containsKey(oid)) { throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'"); } } if (LOG.isDebugEnabled()) { LOG.debug("END readAclById: acls: " + result.values()); } return result; }
From source file:com.cedac.security.acls.mongo.MongoAclService.java
@Override @SuppressWarnings("unchecked") public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException { LOG.trace(ACL, "Reading ACL for object identity {}", object); Acl acl = aclCache.getFromCache(object); if (acl != null && acl.isSidLoaded(sids)) { LOG.debug(ACL, "ACL for id {} found in cache: {}", object, acl); return acl; } else {//from ww w. ja v a2 s. c o m LOG.trace(ACL, "No ACL found in cache for id {}: looking into backend.", object); DBObject result = getAclCollection().findOne(queryByObjectIdentity(object)); if (result == null) { LOG.warn(ACL, "No ACL found for object identity {}", object); throw new NotFoundException("No ACL found for object identity " + object); } LOG.trace(ACL, "Trying to loading parent ACL if needed."); Acl parentAcl = null; DBObject parentDbo = (DBObject) result.get(parentObjectFieldName); if (parentDbo != null) { parentAcl = readAclById(toObjectIdentity(parentDbo)); } LOG.trace(ACL, "Extracting loaded SIDs"); List<DBObject> entries = (List<DBObject>) result.get(entriesFieldName); Set<Sid> loadedSids = new HashSet<Sid>(); if (sids != null) { loadedSids.addAll(sids); } if (entries != null) { for (DBObject entry : entries) { loadedSids.add(toSid((DBObject) entry.get(sidFieldName))); } } Sid owner = toSid((DBObject) result.get(ownerFieldName)); AclImpl loadedAcl = new AclImpl(object, result.get("_id").toString(), aclAuthorizationStrategy, permissionGrantingStrategy, parentAcl, new ArrayList<Sid>(loadedSids), (Boolean) result.get(entriesInheritingFieldName), owner); if (entries != null) { List<AccessControlEntry> aces = new ArrayList<AccessControlEntry>(); for (int i = 0; i < entries.size(); i++) { aces.add(toAccessControlEntry(i, loadedAcl, entries.get(i))); } try { acesField.set(loadedAcl, new ArrayList<AccessControlEntry>(aces)); } catch (Exception ex) { throw new IllegalStateException("Unable to set ACEs.", ex); } } aclCache.putInCache(loadedAcl); return loadedAcl; } }
From source file:org.bremersee.common.security.acls.jdbc.BasicLookupStrategy.java
/** * The main method./*w w w. j av a 2 s . co m*/ * <p> * WARNING: This implementation completely disregards the "sids" argument! Every item * in the cache is expected to contain all SIDs. If you have serious performance needs * (e.g. a very large number of SIDs per object identity), you'll probably want to * develop a custom {@link LookupStrategy} implementation instead. * <p> * The implementation works in batch sizes specified by {@link #batchSize}. * * @param objects the identities to lookup (required) * @param sids the SIDs for which identities are required (ignored by this * implementation) * * @return a <tt>Map</tt> where keys represent the {@link ObjectIdentity} of the * located {@link Acl} and values are the located {@link Acl} (never <tt>null</tt> * although some entries may be missing; this method should not throw * {@link NotFoundException}, as a chain of {@link LookupStrategy}s may be used to * automatically create entries if required) */ @Override public final Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, // NOSONAR List<Sid> sids) { Assert.isTrue(batchSize >= 1, "BatchSize must be >= 1"); Assert.notEmpty(objects, "Objects to lookup required"); // Map<ObjectIdentity,Acl> Map<ObjectIdentity, Acl> result = new HashMap<>(); // contains // FULLY // loaded // Acl // objects Set<ObjectIdentity> currentBatchToLoad = new HashSet<>(); for (int i = 0; i < objects.size(); i++) { final ObjectIdentity oid = objects.get(i); boolean aclFound = false; // Check we don't already have this ACL in the results if (result.containsKey(oid)) { aclFound = true; } // Check cache for the present ACL entry if (!aclFound) { Acl acl = aclCache.getFromCache(oid); // Ensure any cached element supports all the requested SIDs // (they should always, as our base impl doesn't filter on SID) if (acl != null) { if (acl.isSidLoaded(sids)) { // NOSONAR result.put(acl.getObjectIdentity(), acl); aclFound = true; } else { throw new IllegalStateException( "Error: SID-filtered element detected when implementation does not perform SID filtering " + "- have you added something to the cache manually?"); } } } // Load the ACL from the database if (!aclFound) { currentBatchToLoad.add(oid); } // Is it time to load from JDBC the currentBatchToLoad? if ((currentBatchToLoad.size() == this.batchSize) || ((i + 1) == objects.size())) { if (!currentBatchToLoad.isEmpty()) { // NOSONAR Map<ObjectIdentity, Acl> loadedBatch = lookupObjectIdentities(currentBatchToLoad, sids); // Add loaded batch (all elements 100% initialized) to results result.putAll(loadedBatch); // Add the loaded batch to the cache for (Acl loadedAcl : loadedBatch.values()) { // NOSONAR aclCache.putInCache((AclImpl) loadedAcl); } currentBatchToLoad.clear(); } } } return result; }
From source file:com.cedac.security.acls.mongo.MongoAclServiceTests.java
@Test public void readAclById_withSid_shouldLoadTheAcl() { Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "1"), Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com"))); assertNotNull(acl);//w w w.ja va 2 s . c o m assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("1", acl.getObjectIdentity().getIdentifier()); assertNull(acl.getParentAcl()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(6, acl.getEntries().size()); assertEquals(true, acl.isSidLoaded( Arrays.asList(new GrantedAuthoritySid("ROLE_ADMIN"), new PrincipalSid("other@cedac.com")))); assertEquals(0, acl.getEntries().get(0).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(0).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(0).getPermission()); assertEquals(true, acl.getEntries().get(0).isGranting()); assertSame(acl, acl.getEntries().get(0).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(0)).isAuditFailure()); assertEquals(1, acl.getEntries().get(1).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(1).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(1).getPermission()); assertEquals(true, acl.getEntries().get(1).isGranting()); assertSame(acl, acl.getEntries().get(1).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(1)).isAuditFailure()); assertEquals(2, acl.getEntries().get(2).getId()); assertEquals(new GrantedAuthoritySid("ROLE_ADMIN"), acl.getEntries().get(2).getSid()); assertEquals(BasePermission.ADMINISTRATION, acl.getEntries().get(2).getPermission()); assertEquals(true, acl.getEntries().get(2).isGranting()); assertSame(acl, acl.getEntries().get(2).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(2)).isAuditFailure()); assertEquals(3, acl.getEntries().get(3).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(3).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(3).getPermission()); assertEquals(true, acl.getEntries().get(3).isGranting()); assertSame(acl, acl.getEntries().get(3).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(3)).isAuditFailure()); assertEquals(4, acl.getEntries().get(4).getId()); assertEquals(new PrincipalSid("mauro.franceschini@cedac.com"), acl.getEntries().get(4).getSid()); assertEquals(BasePermission.WRITE, acl.getEntries().get(4).getPermission()); assertEquals(true, acl.getEntries().get(4).isGranting()); assertSame(acl, acl.getEntries().get(4).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(4)).isAuditFailure()); assertEquals(5, acl.getEntries().get(5).getId()); assertEquals(new PrincipalSid("other@cedac.com"), acl.getEntries().get(5).getSid()); assertEquals(BasePermission.READ, acl.getEntries().get(5).getPermission()); assertEquals(true, acl.getEntries().get(5).isGranting()); assertSame(acl, acl.getEntries().get(5).getAcl()); assertEquals(false, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditSuccess()); assertEquals(true, AuditableAccessControlEntry.class.cast(acl.getEntries().get(5)).isAuditFailure()); }
From source file:org.springframework.security.acls.cassandra.CassandraAclService.java
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException { Assert.notEmpty(objects, "Objects to lookup required"); if (LOG.isDebugEnabled()) { LOG.debug("BEGIN readAclById: objectIdentities: " + objects + ", sids: " + sids); }//from w w w . j a v a 2 s.c om // contains FULLY loaded Acl objects Map<ObjectIdentity, Acl> result = new HashMap<ObjectIdentity, Acl>(); List<ObjectIdentity> objectsToLookup = new ArrayList<ObjectIdentity>(objects); // Check for Acls in the cache if (aclCache != null) { for (ObjectIdentity oi : objects) { boolean aclLoaded = false; Acl acl = aclCache.getFromCache(oi); if (acl != null && acl.isSidLoaded(sids)) { // Ensure any cached element supports all the requested SIDs result.put(oi, acl); aclLoaded = true; } if (aclLoaded) { objectsToLookup.remove(oi); } } } if (!objectsToLookup.isEmpty()) { Map<ObjectIdentity, Acl> loadedAcls = doLookup(objectsToLookup); result.putAll(loadedAcls); // Put loaded Acls in the cache if (aclCache != null) { for (Acl loadedAcl : loadedAcls.values()) { aclCache.putInCache((AclImpl) loadedAcl); } } } for (ObjectIdentity oid : objects) { if (!result.containsKey(oid)) { throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'"); } } if (LOG.isDebugEnabled()) { LOG.debug("END readAclById: acls: " + result.values()); } return result; }