List of usage examples for org.springframework.security.acls.model MutableAcl getOwner
Sid getOwner();
From source file:com.cedac.security.acls.mongo.MongoMutableAclServiceTests.java
@Test @ShouldMatchDataSet//from w w w . j a v a 2 s.com public void creatingAcl_withNoAcl() { MutableAcl acl = fixture .createAcl(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Home", "2")); assertNotNull(acl); assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getObjectIdentity().getType()); assertEquals("2", acl.getObjectIdentity().getIdentifier()); assertEquals(new PrincipalSid("admin@cedac.com"), acl.getOwner()); assertEquals(true, acl.isEntriesInheriting()); assertEquals(0, acl.getEntries().size()); }
From source file:net.projectmonkey.spring.acl.hbase.repository.HBaseACLRepository.java
/** * Updates an existing acl. This deletes the existing acl and completely * replaces the row with the new acl./*from w w w . j av a 2s.c o m*/ * * @param acl which must not be null. * @throws AuthorizationServiceException if some mandatory aspect of * the supplied acl is null or if an unexpected exception * occurred */ @Override public void update(final MutableAcl acl) { Assert.notNull(acl, "acl must not be null"); HTableInterface table = getTable(); try { ObjectIdentity identity = acl.getObjectIdentity(); AclRecord aclRecord = new AclRecord(identity, acl.getOwner(), resolveConverter(identity)); deleteInternal(aclRecord, table); save(acl, table, aclRecord); } catch (IOException e) { throw new AuthorizationServiceException("An unexpected exception occurred", e); } finally { close(table); } }
From source file:com.cedac.security.acls.mongo.MongoMutableAclService.java
@Override public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException { Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier"); DBObject persistedAcl = getAclCollection().findOne(queryByObjectIdentity(acl.getObjectIdentity())); if (persistedAcl == null) { LOG.trace(ACL, "No ACL found for object identity {}", acl.getObjectIdentity()); throw new NotFoundException("No acl found for object identity " + acl.getObjectIdentity()); }/*ww w . j a v a 2 s.c om*/ LOG.debug(ACL, "Updating persisted ACL object"); if (acl.getParentAcl() != null) { ObjectIdentity parentOid = acl.getParentAcl().getObjectIdentity(); persistedAcl.put(parentObjectFieldName, toDBObject(parentOid)); } persistedAcl.put(ownerFieldName, toDBObject(acl.getOwner())); persistedAcl.put(entriesInheritingFieldName, acl.isEntriesInheriting()); BasicDBList list = new BasicDBList(); for (AccessControlEntry entry : acl.getEntries()) { list.add(toDBObject(entry)); } persistedAcl.put(entriesFieldName, list); getAclCollection().save(persistedAcl, writeConcern); LOG.trace(ACL, "Clearing cache including children for object identity {}", acl.getObjectIdentity()); clearCacheIncludingChildren(acl.getObjectIdentity()); LOG.trace(ACL, "Retrieve ACL via superclass."); return (MutableAcl) super.readAclById(acl.getObjectIdentity()); }
From source file:org.apache.kylin.rest.service.AccessService.java
/** * Protect admin permission granted to acl owner. * * @param acl/*from w ww. jav a 2s . c om*/ * @param indexOfAce */ private void secureOwner(MutableAcl acl, int indexOfAce) { Message msg = MsgPicker.getMsg(); // Can't revoke admin permission from domain object owner if (acl.getOwner().equals(acl.getEntries().get(indexOfAce).getSid()) && BasePermission.ADMINISTRATION.equals(acl.getEntries().get(indexOfAce).getPermission())) { throw new ForbiddenException(msg.getREVOKE_ADMIN_PERMISSION()); } }
From source file:ubic.gemma.security.SecurityServiceImpl.java
@Override @Secured("GROUP_ADMIN") public void makeOwnedByUser(Securable s, String userName) { MutableAcl acl = getAcl(s); Sid owner = acl.getOwner(); if (owner != null && owner instanceof PrincipalSid && ((PrincipalSid) owner).getPrincipal().equals(userName)) { /*/*from ww w . j av a 2 s . c o m*/ * Already owned by the given user -- note we don't check if the user exists here. */ return; } // make sure user exists and is enabled. UserDetails user = this.userManager.loadUserByUsername(userName); if (!user.isEnabled() || !user.isAccountNonExpired() || !user.isAccountNonLocked()) { throw new IllegalArgumentException("User " + userName + " has a disabled account"); } acl.setOwner(new PrincipalSid(userName)); aclService.updateAcl(acl); /* * FIXME: I don't know if these are necessary if you are the owner. */ addPrincipalAuthority(s, BasePermission.WRITE, userName); addPrincipalAuthority(s, BasePermission.READ, userName); }