List of usage examples for org.springframework.security.acls.model MutableAcl getEntries
List<AccessControlEntry> getEntries();
From source file:ubc.pavlab.aspiredb.server.security.authorization.SecurityServiceTest.java
/** * Tests that the same ACL can not be added to a securable object. * /* w w w . j a v a 2 s . c o m*/ * @throws Exception */ @Test public void testDuplicateAcesNotAddedOnIndividual() throws Exception { // make private experiment Subject ind = testObjectHelper .createPersistentTestSubjectObjectWithCNV(RandomStringUtils.randomAlphabetic(4)); assertTrue("This should be private because all data should be private", this.securityService.isPrivate(ind)); // add user and add the user to the group String username = "bananabread" + randomName(); String groupName = "bakedgoods" + randomName(); makeUser(username); this.securityService.makeOwnedByUser(ind, username); assertTrue(this.securityService.isEditableByUser(ind, username)); this.runAsUser(username); this.securityService.createGroup(groupName); MutableAcl acl = getAcl(ind); int numberOfAces = acl.getEntries().size(); this.securityService.makeReadableByGroup(ind, groupName); MutableAcl aclAfterReadableAdded = getAcl(ind); assertEquals(numberOfAces + 1, aclAfterReadableAdded.getEntries().size()); this.securityService.makeWriteableByGroup(ind, groupName); MutableAcl aclAfterWritableAdded = getAcl(ind); assertEquals(numberOfAces + 2, aclAfterWritableAdded.getEntries().size()); // this time the acl there and should not be added again this.securityService.makeReadableByGroup(ind, groupName); MutableAcl aclAfterReadableAddedAgain = getAcl(ind); assertEquals(numberOfAces + 2, aclAfterReadableAddedAgain.getEntries().size()); // check writable too this.securityService.makeWriteableByGroup(ind, groupName); MutableAcl aclAfterWritableAddedAgain = getAcl(ind); assertEquals(numberOfAces + 2, aclAfterWritableAddedAgain.getEntries().size()); }
From source file:ubic.gemma.core.security.authorization.SecurityServiceTest.java
@Test public void testDuplicateAcesNotAddedOnPrivateExpressionExperiment() { // make private experiment ExpressionExperiment ee = super.getTestPersistentBasicExpressionExperiment(); this.securityService.makePrivate(ee); // add user and add the user to the group String username = "salmonid" + this.randomName(); String groupName = "fish" + this.randomName(); this.makeUser(username); this.securityService.makeOwnedByUser(ee, username); assertTrue(this.securityService.isEditableByUser(ee, username)); this.runAsUser(username); this.securityService.createGroup(groupName); MutableAcl acl = aclTestUtils.getAcl(ee); int numberOfAces = acl.getEntries().size(); this.securityService.makeReadableByGroup(ee, groupName); MutableAcl aclAfterReadableAdded = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 1, aclAfterReadableAdded.getEntries().size()); this.securityService.makeWriteableByGroup(ee, groupName); MutableAcl aclAfterWritableAdded = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 2, aclAfterWritableAdded.getEntries().size()); // this time the acl there and should not be added again this.securityService.makeReadableByGroup(ee, groupName); MutableAcl aclAfterReadableAddedAgain = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 2, aclAfterReadableAddedAgain.getEntries().size()); // check writable too this.securityService.makeWriteableByGroup(ee, groupName); MutableAcl aclAfterWritableAddedAgain = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 2, aclAfterWritableAddedAgain.getEntries().size()); }
From source file:ubic.gemma.core.security.authorization.SecurityServiceTest.java
@Test public void testRemoveMultipleAcesFromPrivateExpressionExperiment() { // make private experiment ExpressionExperiment ee = super.getTestPersistentBasicExpressionExperiment(); this.securityService.makePrivate(ee); // add user and add the user to a group String username = "salmonid"; String groupName = "fish" + this.randomName(); this.makeUser(username); this.securityService.makeOwnedByUser(ee, username); assertTrue(this.securityService.isEditableByUser(ee, username)); this.runAsUser(username); this.securityService.createGroup(groupName); // get the basic acls MutableAcl acl = aclTestUtils.getAcl(ee); int numberOfAces = acl.getEntries().size(); // make readable by group add first ACE read for group and check added this.securityService.makeReadableByGroup(ee, groupName); MutableAcl aclAfterReadableAdded = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 1, aclAfterReadableAdded.getEntries().size()); // force the addition of duplicate ACE read, fish group on the same experiment. Note that in the current // implementation this only adds one - we already avoid duplicates. List<GrantedAuthority> groupAuthorities = this.userManager.findGroupAuthorities(groupName); GrantedAuthority ga = groupAuthorities.get(0); aclAfterReadableAdded.insertAce(aclAfterReadableAdded.getEntries().size(), BasePermission.READ, new AclGrantedAuthoritySid(this.userManager.getRolePrefix() + ga), true); this.aclTestUtils.update(aclAfterReadableAdded); MutableAcl aclAfterReadableAddedDuplicate = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 1, aclAfterReadableAddedDuplicate.getEntries().size()); // remove the ace now and check removed permission completely. this.securityService.makeUnreadableByGroup(ee, groupName); MutableAcl aclAfterReadableAddedDuplicateRemoval = aclTestUtils.getAcl(ee); assertEquals(numberOfAces, aclAfterReadableAddedDuplicateRemoval.getEntries().size()); List<AccessControlEntry> entriesAfterDelete = aclAfterReadableAddedDuplicateRemoval.getEntries(); assertEquals(numberOfAces, entriesAfterDelete.size()); // also check that the right ACE check the principals Collection<String> principals = new ArrayList<>(); principals.add("AclGrantedAuthoritySid[GROUP_ADMIN]"); principals.add("AclGrantedAuthoritySid[GROUP_AGENT]"); principals.add("AclPrincipalSid[salmonid]"); principals.add("AclPrincipalSid[salmonid]"); for (AccessControlEntry accessControl : entriesAfterDelete) { Sid sid = accessControl.getSid(); assertTrue(principals.contains(sid.toString())); // remove it once in case found in case of duplicates principals.remove(sid.toString()); }/*from w w w . j a v a 2 s . c o m*/ // clean up the groups this.userManager.deleteGroup(groupName); // userManager.deleteUser( username ); }
From source file:ubic.gemma.security.authorization.acl.AclAdvice.java
/** * When setting the parent, we check to see if we can delete the ACEs on the 'child', if any. This is because we * want permissions to be managed by the parent. Check that the ACEs on the child are exactly equivalent to the ones * on the parent./*from www .j a va 2s.co m*/ * * @param parentAcl -- careful with the order! * @param object * @param acl * @param true if ACEs were cleared. */ private boolean maybeClearACEsOnChild(Securable object, MutableAcl childAcl, Acl parentAcl) { int aceCount = childAcl.getEntries().size(); if (aceCount == 0) { if (parentAcl.getEntries().size() == 0) { throw new IllegalStateException("Either the child or the parent has to have ACEs"); } return false; } if (parentAcl.getEntries().size() == aceCount) { boolean oktoClearACEs = true; // check for exact match of all ACEs for (AccessControlEntry ace : parentAcl.getEntries()) { boolean found = false; for (AccessControlEntry childAce : childAcl.getEntries()) { if (childAce.getPermission().equals(ace.getPermission()) && childAce.getSid().equals(ace.getSid())) { found = true; break; } } if (!found) { oktoClearACEs = false; break; } } if (oktoClearACEs) { if (log.isTraceEnabled()) log.trace("Erasing ACEs from child " + object); while (childAcl.getEntries().size() > 0) { childAcl.deleteAce(0); } return true; } } return false; }
From source file:ubic.gemma.security.SecurityServiceImpl.java
@Override @Secured("ACL_SECURABLE_EDIT") public void makePublic(Securable object) { if (object == null) { return;/*w w w. j ava 2 s.c o m*/ } if (isPublic(object)) { log.warn("Object is already public"); return; } /* * Add an ACE for IS_AUTHENTICATED_ANOYMOUSLY. */ MutableAcl acl = getAcl(object); if (acl == null) { throw new IllegalArgumentException("makePrivate is only valid for objects that have an ACL"); } acl.insertAce(acl.getEntries().size(), BasePermission.READ, new GrantedAuthoritySid(new GrantedAuthorityImpl(AuthorityConstants.IS_AUTHENTICATED_ANONYMOUSLY)), true); aclService.updateAcl(acl); if (isPrivate(object)) { throw new IllegalStateException("Failed to make object public: " + object); } }
From source file:ubic.gemma.security.SecurityServiceImpl.java
/** * Provide permission to the given group on the given securable. * //from w w w . j av a 2 s . c o m * @param s * @param permission * @param groupName e.g. "GROUP_JOESLAB" */ private void addGroupAuthority(Securable s, Permission permission, String groupName) { MutableAcl acl = getAcl(s); List<GrantedAuthority> groupAuthorities = userManager.findGroupAuthorities(groupName); if (groupAuthorities == null || groupAuthorities.isEmpty()) { throw new IllegalStateException("Group has no authorities"); } if (groupAuthorities.size() > 1) { throw new UnsupportedOperationException("Sorry, groups can only have a single authority"); } GrantedAuthority ga = groupAuthorities.get(0); acl.insertAce(acl.getEntries().size(), permission, new GrantedAuthoritySid(userManager.getRolePrefix() + ga), true); aclService.updateAcl(acl); }
From source file:ubic.gemma.security.SecurityServiceImpl.java
/** * @param s//from w w w. j a va 2s . c o m * @param permission * @param principal i.e. username */ private void addPrincipalAuthority(Securable s, Permission permission, String principal) { MutableAcl acl = getAcl(s); acl.insertAce(acl.getEntries().size(), permission, new PrincipalSid(principal), true); aclService.updateAcl(acl); }
From source file:ubic.gemma.security.SecurityServiceImpl.java
/** * Method removes just one acl and then informs calling method the number of acls to remove * //w w w.j a va 2 s .c o m * @param object The object to remove the permissions from * @param permission The permission to remove * @param authority e.g. "GROUP_JOESLAB" * @return Number of acl records that need removing */ private int removeOneGrantedAuthority(Securable object, Permission permission, String authority) { int numberAclsToRemove = 0; MutableAcl acl = getAcl(object); if (acl == null) { throw new IllegalArgumentException("makePrivate is only valid for objects that have an ACL"); } List<Integer> toremove = new Vector<Integer>(); for (int i = 0; i < acl.getEntries().size(); i++) { AccessControlEntry entry = acl.getEntries().get(i); if (!entry.getPermission().equals(permission)) { continue; } Sid sid = entry.getSid(); if (sid instanceof GrantedAuthoritySid) { if (((GrantedAuthoritySid) sid).getGrantedAuthority().equals(authority)) { toremove.add(i); } } } if (toremove.isEmpty()) { // this can happen commonly, no big deal. if (log.isDebugEnabled()) log.debug("No changes, didn't remove: " + authority); } else if (toremove.size() >= 1) { numberAclsToRemove = toremove.size(); // take the first acl acl.deleteAce(toremove.iterator().next()); aclService.updateAcl(acl); } return numberAclsToRemove; }