List of usage examples for org.springframework.security.acls.model Sid toString
public String toString()
From source file:org.collectionspace.services.authorization.spring.SpringPermissionManager.java
/** * addPermissions adds permissions according to the given grant for given * resource#action for each given principal * @param res/*from w ww . j a v a 2 s.c o m*/ * @param action * @param principals * @param grant * @throws PermissionException */ @Override public void addPermissions(CSpaceResource res, CSpaceAction action, String[] principals, boolean grant) throws PermissionException { ObjectIdentity oid = SpringAuthorizationProvider.getObjectIdentity(res); Sid[] sids = SpringAuthorizationProvider.getSids(principals); Permission p = SpringAuthorizationProvider.getPermission(action); TransactionStatus status = provider.beginTransaction("addPermssions"); //add permission for each sid for (Sid sid : sids) { try { addPermission(oid, p, sid, grant); if (log.isDebugEnabled()) { log.debug("addpermissions(res,action,prin[], grant), success for " + " res=" + res.toString() + " action=" + action.toString() + " grant=" + grant + " oid=" + oid.toString() + " perm=" + p.toString() + " sid=" + sid.toString()); } } catch (AlreadyExistsException aex) { if (log.isWarnEnabled()) { log.warn("addpermissions(res,action,prin[], grant) failed," + " oid=" + oid.toString() + " res=" + res.toString() + " grant=" + grant + " action=" + action.toString() + " oid=" + oid.toString() + " perm=" + p.toString(), aex); } //keep going } catch (Exception ex) { String msg = "addpermissions(res,action,prin[], grant) failed," + " oid=" + oid.toString() + " res=" + res.toString() + " action=" + action.toString() + " oid=" + oid.toString() + " perm=" + p.toString() + " grant=" + grant; if (log.isDebugEnabled()) { log.debug(msg, ex); } //don't know what might be wrong...stop provider.rollbackTransaction(status); if (ex instanceof PermissionException) { throw (PermissionException) ex; } throw new PermissionException(msg, ex); } } //rof provider.commitTransaction(status); if (log.isDebugEnabled()) { log.debug("addpermissions(res,action,prin[], grant), success for " + " res=" + res.toString() + " action=" + action.toString() + " grant=" + grant + " oid=" + oid.toString() + " perm=" + p.toString() + " sids=" + sids.toString()); } }
From source file:org.collectionspace.services.authorization.spring.SpringPermissionManager.java
/** * deletePermissions removes permisions for given resource#action for each given principal * @param res/* ww w. j a v a2 s . c om*/ * @param action * @param principals * @throws PermissionNotFoundException * @throws PermissionException */ @Override public void deletePermissions(CSpaceResource res, CSpaceAction action, String[] principals) throws PermissionNotFoundException, PermissionException { ObjectIdentity oid = SpringAuthorizationProvider.getObjectIdentity(res); Sid[] sids = SpringAuthorizationProvider.getSids(principals); Permission p = SpringAuthorizationProvider.getPermission(action); TransactionStatus status = provider.beginTransaction("deletePermssions"); //delete permission for each sid for (Sid sid : sids) { try { deletePermissions(oid, p, sid); if (log.isDebugEnabled()) { log.debug("deletedpermissions(res,action,prin[]), success for " + " res=" + res.toString() + " action=" + action.toString() + " oid=" + oid.toString() + " perm=" + p.toString() + " sid=" + sid.toString()); } } catch (AclDataAccessException aex) { if (log.isWarnEnabled()) { log.debug("deletepermissions(res,action,prin[]) failed, " + " oid=" + oid.toString() + " res=" + res.toString() + " action=" + action.toString() + " oid=" + oid.toString() + " perm=" + p.toString(), aex); } //keep going } catch (Exception ex) { String msg = "deletepermissions(res,action,prin[]) failed," + " oid=" + oid.toString() + " res=" + res.toString() + " action=" + action.toString() + " oid=" + oid.toString() + " perm=" + p.toString(); if (log.isDebugEnabled()) { log.debug(msg, ex); } //don't know what might be wrong...stop provider.rollbackTransaction(status); if (ex instanceof PermissionException) { throw (PermissionException) ex; } throw new PermissionException(msg, ex); } } provider.commitTransaction(status); if (log.isDebugEnabled()) { log.debug("deletedpermissions(res,action,prin[]), success for " + " res=" + res.toString() + " action=" + action.toString() + " oid=" + oid.toString() + " perm=" + p.toString() + " sids=" + sids.toString()); } }
From source file:org.collectionspace.services.authorization.spring.SpringPermissionManager.java
/** * addPermission adds permission grant for given object identity for given permission * for given sid// www . j a va2 s . co m * @param oid * @param permission * @param sid * @param grant * @throws PermissionException */ private void addPermission(ObjectIdentity oid, Permission permission, Sid sid, boolean grant) throws PermissionException { MutableAcl acl; try { acl = getAcl(oid); } catch (NotFoundException nfe) { if (log.isDebugEnabled()) { log.debug("addPermission: acl not found for oid=" + oid.toString() + " perm=" + permission.toString() + " sid=" + sid.toString() + " grant=" + grant + " adding..."); } acl = provider.getProviderAclService().createAcl(oid); } acl.insertAce(acl.getEntries().size(), permission, sid, grant); provider.getProviderAclService().updateAcl(acl); if (log.isDebugEnabled()) { log.debug("addPermission: added acl for oid=" + oid.toString() + " perm=" + permission.toString() + " sid=" + sid.toString() + " grant=" + grant); } }
From source file:ubic.gemma.core.security.authorization.SecurityServiceTest.java
@Test public void testRemoveMultipleAcesFromPrivateExpressionExperiment() { // make private experiment ExpressionExperiment ee = super.getTestPersistentBasicExpressionExperiment(); this.securityService.makePrivate(ee); // add user and add the user to a group String username = "salmonid"; String groupName = "fish" + this.randomName(); this.makeUser(username); this.securityService.makeOwnedByUser(ee, username); assertTrue(this.securityService.isEditableByUser(ee, username)); this.runAsUser(username); this.securityService.createGroup(groupName); // get the basic acls MutableAcl acl = aclTestUtils.getAcl(ee); int numberOfAces = acl.getEntries().size(); // make readable by group add first ACE read for group and check added this.securityService.makeReadableByGroup(ee, groupName); MutableAcl aclAfterReadableAdded = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 1, aclAfterReadableAdded.getEntries().size()); // force the addition of duplicate ACE read, fish group on the same experiment. Note that in the current // implementation this only adds one - we already avoid duplicates. List<GrantedAuthority> groupAuthorities = this.userManager.findGroupAuthorities(groupName); GrantedAuthority ga = groupAuthorities.get(0); aclAfterReadableAdded.insertAce(aclAfterReadableAdded.getEntries().size(), BasePermission.READ, new AclGrantedAuthoritySid(this.userManager.getRolePrefix() + ga), true); this.aclTestUtils.update(aclAfterReadableAdded); MutableAcl aclAfterReadableAddedDuplicate = aclTestUtils.getAcl(ee); assertEquals(numberOfAces + 1, aclAfterReadableAddedDuplicate.getEntries().size()); // remove the ace now and check removed permission completely. this.securityService.makeUnreadableByGroup(ee, groupName); MutableAcl aclAfterReadableAddedDuplicateRemoval = aclTestUtils.getAcl(ee); assertEquals(numberOfAces, aclAfterReadableAddedDuplicateRemoval.getEntries().size()); List<AccessControlEntry> entriesAfterDelete = aclAfterReadableAddedDuplicateRemoval.getEntries(); assertEquals(numberOfAces, entriesAfterDelete.size()); // also check that the right ACE check the principals Collection<String> principals = new ArrayList<>(); principals.add("AclGrantedAuthoritySid[GROUP_ADMIN]"); principals.add("AclGrantedAuthoritySid[GROUP_AGENT]"); principals.add("AclPrincipalSid[salmonid]"); principals.add("AclPrincipalSid[salmonid]"); for (AccessControlEntry accessControl : entriesAfterDelete) { Sid sid = accessControl.getSid(); assertTrue(principals.contains(sid.toString())); // remove it once in case found in case of duplicates principals.remove(sid.toString()); }//from www.j a v a 2s .c om // clean up the groups this.userManager.deleteGroup(groupName); // userManager.deleteUser( username ); }