List of usage examples for org.springframework.security.acls.model NotFoundException NotFoundException
public NotFoundException(String msg)
NotFoundException
with the specified message. From source file:org.jtalks.common.security.acl.AclUtilTest.java
@Test @SuppressWarnings("unchecked") public void testGetAclForObjectIdentity_whichIsNotSavedSoFar() throws Exception { ObjectIdentity identity = new ObjectIdentityImpl(getClass().getName(), 1); MutableAcl mockAcl = mock(MutableAcl.class); when(aclService.readAclById(identity)).thenThrow(new NotFoundException("")); when(aclService.createAcl(identity)).thenReturn(mockAcl); ExtendedMutableAcl extendedMutableAcl = util.getAclFor(identity); assertSame(extendedMutableAcl.getAcl(), mockAcl); }
From source file:org.jtalks.common.service.security.AclManagerImplTest.java
@Test public void testGrantOnObjectWithNotExistingAcl() throws Exception { ObjectIdentity objectIdentity = new ObjectIdentityImpl(target.getClass(), ID); MutableAcl objectAcl = new AclImpl(objectIdentity, 2L, mock(AclAuthorizationStrategy.class), mock(AuditLogger.class)); when(aclService.readAclById(objectIdentity)).thenThrow(new NotFoundException("")); when(aclService.createAcl(objectIdentity)).thenReturn(objectAcl); manager.grant(sids, permissions, target); assertGranted(objectAcl, new PrincipalSid(USERNAME), BasePermission.READ, "Permission to user not granted"); assertGranted(objectAcl, new GrantedAuthoritySid(ROLE), BasePermission.READ, "Permission to ROLE_USER not granted"); verify(aclService).readAclById(objectIdentity); verify(aclService).createAcl(objectIdentity); verify(aclService).updateAcl(objectAcl); }
From source file:com.excilys.ebi.bank.service.impl.security.SimpleAclImpl.java
@Override public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException { AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : entries) { if ((ace.getPermission().getMask() == p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision // will prevail if (ace.isGranting()) { return true; }/*from ww w .j a va 2 s . co m*/ // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission return false; } // No matches have been found throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); }
From source file:com.cedac.security.acls.domain.BitMaskPermissionGrantingStrategy.java
@Override public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : aces) { //Bit-wise comparison if (containsPermission(ace.getPermission().getMask(), p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision will prevail if (ace.isGranting()) { // Success if (!administrativeMode) { auditLogger.logIfNeeded(true, ace); }//from w w w. j ava 2 s. c om return true; } // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission if (!administrativeMode) { auditLogger.logIfNeeded(false, firstRejection); } return false; } // No matches have been found so far if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { // We have a parent, so let them try to find a matching ACE return acl.getParentAcl().isGranted(permission, sids, false); } else { // We either have no parent, or we're the uppermost parent throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); } }
From source file:net.projectmonkey.spring.acl.service.SimpleACLService.java
@Override public Map<ObjectIdentity, Acl> readAclsById(final List<ObjectIdentity> identities, final List<Sid> sids) throws NotFoundException { Assert.notNull(identities, "At least one Object Identity required"); Assert.isTrue(identities.size() > 0, "At least one Object Identity required"); Assert.noNullElements(identities.toArray(new ObjectIdentity[0]), "Null object identities are not permitted"); Map<ObjectIdentity, Acl> result = aclRepository.getAclsById(identities, sids); /*/*ww w.ja va2s . c o m*/ * Check we found an ACL for every requested object. Where ACL's do not * exist for some objects throw a suitable exception. */ Set<ObjectIdentity> remainingIdentities = new HashSet<ObjectIdentity>(identities); if (result.size() != remainingIdentities.size()) { remainingIdentities.removeAll(result.keySet()); throw new NotFoundException( "Unable to find ACL information for object identities '" + remainingIdentities + "'"); } return result; }
From source file:org.jtalks.common.security.acl.AclUtilTest.java
@Test public void testAclFromObjectIdentity_CreateAcl() { ObjectIdentityImpl oid = new ObjectIdentityImpl("type", 1L); MutableAcl acl = mock(MutableAcl.class); when(aclService.readAclById(oid)).thenThrow(new NotFoundException("")); when(aclService.createAcl(oid)).thenReturn(acl); assertSame(((ExtendedMutableAcl) util.aclFromObjectIdentity(1L, "type")).getAcl(), acl); }
From source file:eu.europeana.aas.acl.CassandraAclService.java
@Override public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException { Assert.notEmpty(objects, "Objects to lookup required"); if (LOG.isDebugEnabled()) { LOG.debug("BEGIN readAclById: objectIdentities: " + objects + ", sids: " + sids); }/*w ww . ja v a 2s.co m*/ // contains FULLY loaded Acl objects Map<ObjectIdentity, Acl> result = new HashMap<>(); List<ObjectIdentity> objectsToLookup = new ArrayList<>(objects); // Check for Acls in the cache if (aclCache != null) { for (ObjectIdentity oi : objects) { boolean aclLoaded = false; Acl acl = aclCache.getFromCache(oi); if (acl != null && acl.isSidLoaded(sids)) { // Ensure any cached element supports all the requested SIDs result.put(oi, acl); aclLoaded = true; } if (aclLoaded) { objectsToLookup.remove(oi); } } } if (!objectsToLookup.isEmpty()) { Map<ObjectIdentity, Acl> loadedAcls = doLookup(objectsToLookup); result.putAll(loadedAcls); // Put loaded Acls in the cache if (aclCache != null) { for (Acl loadedAcl : loadedAcls.values()) { aclCache.putInCache((AclImpl) loadedAcl); } } } for (ObjectIdentity oid : objects) { if (!result.containsKey(oid)) { throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'"); } } if (LOG.isDebugEnabled()) { LOG.debug("END readAclById: acls: " + result.values()); } return result; }
From source file:net.projectmonkey.spring.acl.service.SimpleACLService.java
private void verifyAclExists(final MutableAcl acl) { ObjectIdentity identity = acl.getObjectIdentity(); if (!aclRepository.isThereAnAclFor(identity)) { throw new NotFoundException("Acl does not exist for object identity " + identity); }/*from www . j a v a 2 s . com*/ }
From source file:com.cedac.security.acls.mongo.MongoMutableAclService.java
@Override public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException { Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier"); DBObject persistedAcl = getAclCollection().findOne(queryByObjectIdentity(acl.getObjectIdentity())); if (persistedAcl == null) { LOG.trace(ACL, "No ACL found for object identity {}", acl.getObjectIdentity()); throw new NotFoundException("No acl found for object identity " + acl.getObjectIdentity()); }//from w ww. j a v a 2 s . c o m LOG.debug(ACL, "Updating persisted ACL object"); if (acl.getParentAcl() != null) { ObjectIdentity parentOid = acl.getParentAcl().getObjectIdentity(); persistedAcl.put(parentObjectFieldName, toDBObject(parentOid)); } persistedAcl.put(ownerFieldName, toDBObject(acl.getOwner())); persistedAcl.put(entriesInheritingFieldName, acl.isEntriesInheriting()); BasicDBList list = new BasicDBList(); for (AccessControlEntry entry : acl.getEntries()) { list.add(toDBObject(entry)); } persistedAcl.put(entriesFieldName, list); getAclCollection().save(persistedAcl, writeConcern); LOG.trace(ACL, "Clearing cache including children for object identity {}", acl.getObjectIdentity()); clearCacheIncludingChildren(acl.getObjectIdentity()); LOG.trace(ACL, "Retrieve ACL via superclass."); return (MutableAcl) super.readAclById(acl.getObjectIdentity()); }
From source file:com.cedac.security.acls.mongo.MongoAclService.java
@Override @SuppressWarnings("unchecked") public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException { LOG.trace(ACL, "Reading ACL for object identity {}", object); Acl acl = aclCache.getFromCache(object); if (acl != null && acl.isSidLoaded(sids)) { LOG.debug(ACL, "ACL for id {} found in cache: {}", object, acl); return acl; } else {//from w w w .ja v a 2 s .c o m LOG.trace(ACL, "No ACL found in cache for id {}: looking into backend.", object); DBObject result = getAclCollection().findOne(queryByObjectIdentity(object)); if (result == null) { LOG.warn(ACL, "No ACL found for object identity {}", object); throw new NotFoundException("No ACL found for object identity " + object); } LOG.trace(ACL, "Trying to loading parent ACL if needed."); Acl parentAcl = null; DBObject parentDbo = (DBObject) result.get(parentObjectFieldName); if (parentDbo != null) { parentAcl = readAclById(toObjectIdentity(parentDbo)); } LOG.trace(ACL, "Extracting loaded SIDs"); List<DBObject> entries = (List<DBObject>) result.get(entriesFieldName); Set<Sid> loadedSids = new HashSet<Sid>(); if (sids != null) { loadedSids.addAll(sids); } if (entries != null) { for (DBObject entry : entries) { loadedSids.add(toSid((DBObject) entry.get(sidFieldName))); } } Sid owner = toSid((DBObject) result.get(ownerFieldName)); AclImpl loadedAcl = new AclImpl(object, result.get("_id").toString(), aclAuthorizationStrategy, permissionGrantingStrategy, parentAcl, new ArrayList<Sid>(loadedSids), (Boolean) result.get(entriesInheritingFieldName), owner); if (entries != null) { List<AccessControlEntry> aces = new ArrayList<AccessControlEntry>(); for (int i = 0; i < entries.size(); i++) { aces.add(toAccessControlEntry(i, loadedAcl, entries.get(i))); } try { acesField.set(loadedAcl, new ArrayList<AccessControlEntry>(aces)); } catch (Exception ex) { throw new IllegalStateException("Unable to set ACEs.", ex); } } aclCache.putInCache(loadedAcl); return loadedAcl; } }