List of usage examples for org.springframework.security.acls.model Permission getMask
int getMask();
From source file:com.dtolabs.yana2.springacl.YanaPermission.java
public static String nameFor(final Permission permission) { if (!byMask.containsKey(permission.getMask())) { throw new IllegalStateException("Not a valid permission mask: " + permission.getMask()); }//from www .ja va2s . c o m return byMask.get(permission.getMask()); }
From source file:org.createnet.raptor.auth.service.acl.RaptorPermission.java
public static String toLabel(Permission p) { switch (p.getMask()) { case 1:/*from w w w.j a v a 2s . c o m*/ return "read"; case 2: return "update"; case 4: return "create"; case 8: return "delete"; case 16: return "admin"; case 32: return "push"; case 64: return "pull"; case 128: return "subscribe"; case 256: return "execute"; case 512: return "list"; } return null; }
From source file:com.excilys.ebi.bank.service.impl.security.SimpleAclImpl.java
@Override public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException { AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : entries) { if ((ace.getPermission().getMask() == p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision // will prevail if (ace.isGranting()) { return true; }//from w w w. j a v a 2s . c o m // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission return false; } // No matches have been found throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); }
From source file:net.projectmonkey.spring.acl.hbase.repository.AccessControlEntryValue.java
private byte[] createKey(final UUID id, final String authority, final Sid sid, final Permission permission, final boolean granting) { StringBuilder builder = new StringBuilder(id.toString()); builder.append(SEPARATOR);/*from ww w . ja v a 2s.c om*/ builder.append(authority); builder.append(SEPARATOR); builder.append(SidUtil.isPrincipal(sid)); builder.append(SEPARATOR); builder.append(permission.getMask()); builder.append(SEPARATOR); builder.append(granting); return builder.toString().getBytes(); }
From source file:org.jtalks.common.service.security.AclManagerImpl.java
/** * Apply every permission from list to every sid from list. * * @param sids list of sids//from w ww . j a v a2s. c o m * @param permissions list of permissions * @param target securable object * @param acl ACL of this object * @param granting grant if true, revoke if false */ private void applyPermissionsToSids(List<Sid> sids, List<Permission> permissions, Entity target, MutableAcl acl, boolean granting) { deletePermissionsFromAcl(acl, sids, permissions); int aclIndex = acl.getEntries().size(); for (Sid recipient : sids) { for (Permission permission : permissions) { // add permission to acl for recipient acl.insertAce(aclIndex++, permission, recipient, granting); logger.debug("Added permission mask {} for Sid {} securedObject {} id {}", new Object[] { permission.getMask(), recipient, target.getClass().getSimpleName(), target.getId() }); } } }
From source file:com.cedac.security.acls.domain.BitMaskPermissionGrantingStrategy.java
@Override public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : aces) { //Bit-wise comparison if (containsPermission(ace.getPermission().getMask(), p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision will prevail if (ace.isGranting()) { // Success if (!administrativeMode) { auditLogger.logIfNeeded(true, ace); }/*w ww . java 2s .c om*/ return true; } // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission if (!administrativeMode) { auditLogger.logIfNeeded(false, firstRejection); } return false; } // No matches have been found so far if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { // We have a parent, so let them try to find a matching ACE return acl.getParentAcl().isGranted(permission, sids, false); } else { // We either have no parent, or we're the uppermost parent throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs"); } }
From source file:org.geosdi.geoplatform.experimental.connector.core.OAuth2ServiceTest.java
protected long createAndInsertAccountProject(GPAccount account, GPProject project, Permission permission) throws Exception { GPAccountProject userProject = new GPAccountProject(); userProject.setAccountAndProject(account, project); userProject.setPermissionMask(permission.getMask()); return oauth2CoreClientConnector.insertAccountProject(userProject); }
From source file:gov.nih.nci.ncicb.tcga.dcc.common.security.impl.AclSecurityUtilImpl.java
@Override @Transactional/*from w ww . j a va 2s. co m*/ public boolean hasPermission(final DccAnnotationNote dccAnnotationNote, final Sid recipient, final Permission permission) { // Retrieve the Object Identity final ObjectIdentity objectIdentity = new DccAnnotationNoteRetrievalStrategy() .getObjectIdentity(dccAnnotationNote); // Retrieve the relevant ACL MutableAcl acl; try { List<Sid> sidList = new ArrayList<Sid>(); sidList.add(recipient); acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, sidList); List<AccessControlEntry> accessControlEntries = acl.getEntries(); for (final AccessControlEntry accessControlEntry : accessControlEntries) { if (accessControlEntry.getPermission().getMask() == permission.getMask()) { //The recipient has the permission return true; } } } catch (NotFoundException nfe) { logger.debug("Could not find ACL for DccAnnotationNote with Id " + dccAnnotationNote.getNoteId() + " (NotFoundException)"); } return false; }
From source file:org.collectionspace.services.authorization.spring.SpringPermissionEvaluator.java
private void debug(CSpaceResource res, Authentication authToken, Serializable objectIdId, String objectIdType, Permission perm) { if (log.isTraceEnabled() == true) { log.debug(this.getClass().getCanonicalName() + ":" + this); String resourceTarget = "[" + res.getId() + "]" + " | " + "[" + "objectIdId: " + objectIdType + "(" + objectIdId + ")]"; System.out.println("PERMISSION CHECK FOR: " + resourceTarget); System.out.println("\tPrincipal: " + authToken.getName() + "\tTenant ID: " + res.getTenantId()); System.out.println("\tRoles: " + authToken.getAuthorities()); System.out.println(//from w w w . j a v a 2 s .c o m "\tPermission Mask: " + perm.getMask() + " - Permission Pattern: " + perm.getPattern()); System.out.println(""); } }