List of usage examples for org.springframework.security.acls.model MutableAcl getEntries
List<AccessControlEntry> getEntries();
From source file:com.trailmagic.image.security.SpringSecurityImageSecurityService.java
private Set<Permission> findExistingPermissions(MutableAcl acl, Sid recipient) { Set<Permission> existingPermissions = new HashSet<Permission>(); for (AccessControlEntry entry : acl.getEntries()) { if (entry.getSid().equals(recipient)) { existingPermissions.add(entry.getPermission()); }/* w w w . ja v a 2s .com*/ } return existingPermissions; }
From source file:gov.nih.nci.ncicb.tcga.dcc.common.security.impl.AclSecurityUtilImpl.java
@Override @Transactional//from w ww . jav a 2s. c o m public boolean hasPermission(final DccAnnotationNote dccAnnotationNote, final Sid recipient, final Permission permission) { // Retrieve the Object Identity final ObjectIdentity objectIdentity = new DccAnnotationNoteRetrievalStrategy() .getObjectIdentity(dccAnnotationNote); // Retrieve the relevant ACL MutableAcl acl; try { List<Sid> sidList = new ArrayList<Sid>(); sidList.add(recipient); acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, sidList); List<AccessControlEntry> accessControlEntries = acl.getEntries(); for (final AccessControlEntry accessControlEntry : accessControlEntries) { if (accessControlEntry.getPermission().getMask() == permission.getMask()) { //The recipient has the permission return true; } } } catch (NotFoundException nfe) { logger.debug("Could not find ACL for DccAnnotationNote with Id " + dccAnnotationNote.getNoteId() + " (NotFoundException)"); } return false; }
From source file:sample.contact.service.impl.MenuServiceImpl.java
public void addPermission(Menu menu, Sid recipient, Permission permission) { MutableAcl acl; ObjectIdentity oid = new ObjectIdentityImpl(Menu.class, menu.getId()); try {//w w w.j ava2 s. c om acl = (MutableAcl) mutableAclService.readAclById(oid); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oid); } acl.insertAce(acl.getEntries().size(), permission, recipient, true); mutableAclService.updateAcl(acl); logger.debug("Added permission " + permission + " for Sid " + recipient + " menu " + menu); }
From source file:org.createnet.raptor.auth.service.services.AclManagerService.java
@Retryable(maxAttempts = 3, value = AclManagerException.class, backoff = @Backoff(delay = 200, multiplier = 3)) private void isPermissionGranted(Permission permission, Sid sid, MutableAcl acl) { try {//from www . j a v a 2s . c o m try { acl.isGranted(Arrays.asList(permission), Arrays.asList(sid), false); } catch (NotFoundException e) { acl.insertAce(acl.getEntries().size(), permission, sid, true); } } catch (Exception e) { log.warn("Failed to add ACE: {}", e.getMessage()); throw new AclManagerException(e); } }
From source file:gov.nih.nci.ncicb.tcga.dcc.common.security.impl.AclSecurityUtilImpl.java
@Override @Transactional/*w w w. j a va 2 s. c om*/ public void addPermission(final DccAnnotationNote dccAnnotationNote, final Sid recipient, final Permission permission) { // Prepare the information to be put in the access control entry (ACE) final ObjectIdentity objectIdentity = new DccAnnotationNoteRetrievalStrategy() .getObjectIdentity(dccAnnotationNote); // Create or update the relevant ACL MutableAcl acl; try { acl = (MutableAcl) mutableAclService.readAclById(objectIdentity); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(objectIdentity); } final boolean granting = true; try { acl.insertAce(acl.getEntries().size(), permission, recipient, granting); } catch (NotFoundException nfe) { logger.debug("Could not insert ACE [recipient:" + recipient + ", with permission:" + permission + ", granting:" + granting + "] (NotFoundException)"); } mutableAclService.updateAcl(acl); }
From source file:sample.contact.ContactManagerBackend.java
public void addPermission(Contact contact, Sid recipient, Permission permission) { MutableAcl acl; ObjectIdentity oid = new ObjectIdentityImpl(Contact.class, contact.getId()); try {// w ww . j a v a2 s .c o m acl = (MutableAcl) mutableAclService.readAclById(oid); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oid); } acl.insertAce(acl.getEntries().size(), permission, recipient, true); mutableAclService.updateAcl(acl); logger.debug("Added permission " + permission + " for Sid " + recipient + " contact " + contact); }
From source file:com.cedac.security.acls.mongo.MongoMutableAclServiceTests.java
@Test @ShouldMatchDataSet/*w ww . java2 s . c o m*/ public void creatingAcl_withNoAcl() { MutableAcl acl = fixture .createAcl(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "2")); assertNotNull(acl); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("2", acl.getObjectIdentity().getIdentifier()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); }
From source file:com.cedac.security.acls.mongo.MongoMutableAclService.java
@Override public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException { Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier"); DBObject persistedAcl = getAclCollection().findOne(queryByObjectIdentity(acl.getObjectIdentity())); if (persistedAcl == null) { LOG.trace(ACL, "No ACL found for object identity {}", acl.getObjectIdentity()); throw new NotFoundException("No acl found for object identity " + acl.getObjectIdentity()); }//from www . java2 s . c o m LOG.debug(ACL, "Updating persisted ACL object"); if (acl.getParentAcl() != null) { ObjectIdentity parentOid = acl.getParentAcl().getObjectIdentity(); persistedAcl.put(parentObjectFieldName, toDBObject(parentOid)); } persistedAcl.put(ownerFieldName, toDBObject(acl.getOwner())); persistedAcl.put(entriesInheritingFieldName, acl.isEntriesInheriting()); BasicDBList list = new BasicDBList(); for (AccessControlEntry entry : acl.getEntries()) { list.add(toDBObject(entry)); } persistedAcl.put(entriesFieldName, list); getAclCollection().save(persistedAcl, writeConcern); LOG.trace(ACL, "Clearing cache including children for object identity {}", acl.getObjectIdentity()); clearCacheIncludingChildren(acl.getObjectIdentity()); LOG.trace(ACL, "Retrieve ACL via superclass."); return (MutableAcl) super.readAclById(acl.getObjectIdentity()); }
From source file:com.trailmagic.image.security.SpringSecurityImageSecurityService.java
public void effectPermissions(MutableAcl acl, Sid recipient, Set<Permission> newPermissions, boolean additive) { Set<Permission> existingPermissions = findExistingPermissions(acl, recipient); if (!additive) { Set<Permission> permsToRemove = new HashSet<Permission>(); permsToRemove.addAll(existingPermissions); permsToRemove.removeAll(newPermissions); for (Permission perm : permsToRemove) { acl.deleteAce(indexOf(recipient, perm, acl)); if (log.isDebugEnabled()) { log.debug("Removed ACE for permission " + perm + ", recipient " + recipient + ", on object " + acl.getObjectIdentity()); }//from ww w. j av a 2 s . com } } Set<Permission> permsToAdd = new HashSet<Permission>(); permsToAdd.addAll(newPermissions); permsToAdd.removeAll(existingPermissions); for (Permission perm : permsToAdd) { acl.insertAce(acl.getEntries().size(), perm, recipient, true); if (log.isDebugEnabled()) { log.debug("Added ACE for permission " + perm + ", recipient " + recipient + ", on object " + acl.getObjectIdentity()); } } aclService.updateAcl(acl); }
From source file:es.ucm.fdi.dalgs.acl.service.AclObjectService.java
public void removePermissionToAnObjectCollection_READ(Collection<User> users, Long id_object, String name_class) { // Create or update the relevant ACL MutableAcl acl = null; // Prepare the information we'd like in our access control entry (ACE) ObjectIdentity oi = new ObjectIdentityImpl(name_class, id_object); Sid sid = null;/*from w w w. j a v a2 s.c o m*/ for (User u : users) { sid = new PrincipalSid(u.getUsername()); Permission p = BasePermission.READ; try { acl = (MutableAcl) mutableAclService.readAclById(oi); } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oi); } int aceIndex = 0; for (AccessControlEntry ace : acl.getEntries()) { if ((ace.getSid().equals(sid)) && (ace.getPermission().equals(p))) { acl.deleteAce(aceIndex); break; } else aceIndex++; } } // Now grant some permissions via an access control entry (ACE) if (acl != null) mutableAclService.updateAcl(acl); }