List of usage examples for org.springframework.security.acls.model MutableAcl insertAce
void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting) throws NotFoundException;
From source file:org.apache.kylin.rest.service.AccessService.java
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public Acl grant(AclEntity ae, Permission permission, Sid sid) { Message msg = MsgPicker.getMsg();//from w w w.java 2 s .c o m if (ae == null) throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); if (permission == null) throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED()); if (sid == null) throw new BadRequestException(msg.getSID_REQUIRED()); ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae.getClass(), ae.getId()); MutableAcl acl = null; try { acl = (MutableAcl) aclService.readAclById(objectIdentity); } catch (NotFoundException e) { acl = (MutableAcl) init(ae, null); } int indexOfAce = -1; for (int i = 0; i < acl.getEntries().size(); i++) { AccessControlEntry ace = acl.getEntries().get(i); if (ace.getSid().equals(sid)) { indexOfAce = i; } } if (indexOfAce != -1) { secureOwner(acl, indexOfAce); acl.updateAce(indexOfAce, permission); } else { acl.insertAce(acl.getEntries().size(), permission, sid, true); } acl = aclService.updateAcl(acl); return acl; }
From source file:org.collectionspace.services.authorization.spring.SpringPermissionManager.java
/** * addPermission adds permission grant for given object identity for given permission * for given sid/* w w w. jav a 2s . co m*/ * @param oid * @param permission * @param sid * @param grant * @throws PermissionException */ private void addPermission(ObjectIdentity oid, Permission permission, Sid sid, boolean grant) throws PermissionException { MutableAcl acl; try { acl = getAcl(oid); } catch (NotFoundException nfe) { if (log.isDebugEnabled()) { log.debug("addPermission: acl not found for oid=" + oid.toString() + " perm=" + permission.toString() + " sid=" + sid.toString() + " grant=" + grant + " adding..."); } acl = provider.getProviderAclService().createAcl(oid); } acl.insertAce(acl.getEntries().size(), permission, sid, grant); provider.getProviderAclService().updateAcl(acl); if (log.isDebugEnabled()) { log.debug("addPermission: added acl for oid=" + oid.toString() + " perm=" + permission.toString() + " sid=" + sid.toString() + " grant=" + grant); } }
From source file:org.opennaas.core.security.acl.ACLManager.java
private void insertAcl(long id, PrincipalSid principalSid, Permission permission) { ObjectIdentity oi = new ObjectIdentityImpl(Resource.class, id); // Create or update the relevant ACL MutableAcl acl = null; try {/* www.j a v a 2s. c om*/ acl = (MutableAcl) aclService.readAclById(oi); } catch (NotFoundException nfe) { acl = aclService.createAcl(oi); } // Now grant some permissions via an access control entry (ACE) acl.insertAce(acl.getEntries().size(), permission, principalSid, true); aclService.updateAcl(acl); }
From source file:ubic.gemma.core.security.authorization.SecurityServiceTest.java
@Test public void testRemoveMultipleAcesFromPrivateExpressionExperiment() { // make private experiment ExpressionExperiment ee = super.getTestPersistentBasicExpressionExperiment(); this.securityService.makePrivate(ee); // add user and add the user to a group String username = "salmonid"; String groupName = "fish" + this.randomName(); this.makeUser(username); this.securityService.makeOwnedByUser(ee, username); assertTrue(this.securityService.isEditableByUser(ee, username)); this.runAsUser(username); this.securityService.createGroup(groupName); // get the basic acls MutableAcl acl = aclTestUtils.getAcl(ee); int numberOfAces = acl.getEntries().size(); // make readable by group add first ACE read for group and check added this.securityService.makeReadableByGroup(ee, groupName); MutableAcl aclAfterReadableAdded = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 1, aclAfterReadableAdded.getEntries().size()); // force the addition of duplicate ACE read, fish group on the same experiment. Note that in the current // implementation this only adds one - we already avoid duplicates. List<GrantedAuthority> groupAuthorities = this.userManager.findGroupAuthorities(groupName); GrantedAuthority ga = groupAuthorities.get(0); aclAfterReadableAdded.insertAce(aclAfterReadableAdded.getEntries().size(), BasePermission.READ, new AclGrantedAuthoritySid(this.userManager.getRolePrefix() + ga), true); this.aclTestUtils.update(aclAfterReadableAdded); MutableAcl aclAfterReadableAddedDuplicate = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 1, aclAfterReadableAddedDuplicate.getEntries().size()); // remove the ace now and check removed permission completely. this.securityService.makeUnreadableByGroup(ee, groupName); MutableAcl aclAfterReadableAddedDuplicateRemoval = aclTestUtils.getAcl(ee); assertEquals(numberOfAces, aclAfterReadableAddedDuplicateRemoval.getEntries().size()); List<AccessControlEntry> entriesAfterDelete = aclAfterReadableAddedDuplicateRemoval.getEntries(); assertEquals(numberOfAces, entriesAfterDelete.size()); // also check that the right ACE check the principals Collection<String> principals = new ArrayList<>(); principals.add("AclGrantedAuthoritySid[GROUP_ADMIN]"); principals.add("AclGrantedAuthoritySid[GROUP_AGENT]"); principals.add("AclPrincipalSid[salmonid]"); principals.add("AclPrincipalSid[salmonid]"); for (AccessControlEntry accessControl : entriesAfterDelete) { Sid sid = accessControl.getSid(); assertTrue(principals.contains(sid.toString())); // remove it once in case found in case of duplicates principals.remove(sid.toString()); }/*from w w w . ja v a 2 s .c om*/ // clean up the groups this.userManager.deleteGroup(groupName); // userManager.deleteUser( username ); }
From source file:ubic.gemma.security.SecurityServiceImpl.java
@Override @Secured("ACL_SECURABLE_EDIT") public void makePublic(Securable object) { if (object == null) { return;/*from w w w .j a v a2 s . c o m*/ } if (isPublic(object)) { log.warn("Object is already public"); return; } /* * Add an ACE for IS_AUTHENTICATED_ANOYMOUSLY. */ MutableAcl acl = getAcl(object); if (acl == null) { throw new IllegalArgumentException("makePrivate is only valid for objects that have an ACL"); } acl.insertAce(acl.getEntries().size(), BasePermission.READ, new GrantedAuthoritySid(new GrantedAuthorityImpl(AuthorityConstants.IS_AUTHENTICATED_ANONYMOUSLY)), true); aclService.updateAcl(acl); if (isPrivate(object)) { throw new IllegalStateException("Failed to make object public: " + object); } }
From source file:ubic.gemma.security.SecurityServiceImpl.java
/** * Provide permission to the given group on the given securable. * //from ww w . j a v a 2 s . co m * @param s * @param permission * @param groupName e.g. "GROUP_JOESLAB" */ private void addGroupAuthority(Securable s, Permission permission, String groupName) { MutableAcl acl = getAcl(s); List<GrantedAuthority> groupAuthorities = userManager.findGroupAuthorities(groupName); if (groupAuthorities == null || groupAuthorities.isEmpty()) { throw new IllegalStateException("Group has no authorities"); } if (groupAuthorities.size() > 1) { throw new UnsupportedOperationException("Sorry, groups can only have a single authority"); } GrantedAuthority ga = groupAuthorities.get(0); acl.insertAce(acl.getEntries().size(), permission, new GrantedAuthoritySid(userManager.getRolePrefix() + ga), true); aclService.updateAcl(acl); }
From source file:ubic.gemma.security.SecurityServiceImpl.java
/** * @param s//from w ww . j a v a 2s . c o m * @param permission * @param principal i.e. username */ private void addPrincipalAuthority(Securable s, Permission permission, String principal) { MutableAcl acl = getAcl(s); acl.insertAce(acl.getEntries().size(), permission, new PrincipalSid(principal), true); aclService.updateAcl(acl); }