org.springframework.security.acls.domain.ObjectIdentityImpl Java Examples

The following examples show how to use org.springframework.security.acls.domain.ObjectIdentityImpl. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: EntityHelperTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetLabelledObjectIdentity() {
  Repository repository = mock(Repository.class);
  EntityType entityType = mock(EntityType.class);
  when(entityType.getLabel()).thenReturn("typeLabel");
  Attribute idAttr = mock(Attribute.class);
  when(idAttr.getDataType()).thenReturn(STRING);
  when(entityType.getIdAttribute()).thenReturn(idAttr);
  when(repository.getEntityType()).thenReturn(entityType);
  Entity entity = mock(Entity.class);
  when(entity.getLabelValue()).thenReturn("label");
  when(repository.findOneById("identifier")).thenReturn(entity);
  when(dataService.getRepository("typeId")).thenReturn(repository);
  when(dataService.getEntityType("typeId")).thenReturn(entityType);
  assertEquals(
      create("entity-typeId", "typeId", "typeLabel", "identifier", "label"),
      entityHelper.getLabelledObjectIdentity(
          new ObjectIdentityImpl("entity-typeId", "identifier")));
}
 
Example #2
Source File: EntityHelperTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetLabelledObjectIdentityIntId() {
  Repository repository = mock(Repository.class);
  EntityType entityType = mock(EntityType.class);
  when(entityType.getLabel()).thenReturn("typeLabel");
  Attribute idAttr = mock(Attribute.class);
  when(idAttr.getDataType()).thenReturn(INT);
  when(entityType.getIdAttribute()).thenReturn(idAttr);
  when(repository.getEntityType()).thenReturn(entityType);
  Entity entity = mock(Entity.class);
  when(entity.getLabelValue()).thenReturn("label");
  when(repository.findOneById(1)).thenReturn(entity);
  when(dataService.getRepository("typeId")).thenReturn(repository);
  when(dataService.getEntityType("typeId")).thenReturn(entityType);
  assertEquals(
      create("entity-typeId", "typeId", "typeLabel", "1", "label"),
      entityHelper.getLabelledObjectIdentity(new ObjectIdentityImpl("entity-typeId", 1)));
}
 
Example #3
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testUpdatePermission() {
  setUser();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.updatePermission(permission);
  verify(permissionService).updatePermission(permission);
  resetContext();
}
 
Example #4
Source File: DefaultCalendarService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Transactional
@Override
public int createEvent(Event event) {

    int result = eventDao.createEvent(event);
    event.setId(result);

    // Add new ACL Entry:
    MutableAcl acl = aclService.createAcl(new ObjectIdentityImpl(event));
    PrincipalSid sid = new PrincipalSid(userContext.getCurrentUser().getEmail());
    acl.setOwner(sid);
    acl.insertAce(0,  BasePermission.READ, sid, true);
    aclService.updateAcl(acl);

    return result;
}
 
Example #5
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testCreatePermissions() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.createPermissions(Collections.singleton(permission));
  verify(permissionService).createPermissions(Collections.singleton(permission));
  resetContext();
}
 
Example #6
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testCreatePermission() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  permissionServiceDecorator.createPermission(permission);
  verify(permissionService).createPermission(permission);
  resetContext();
}
 
Example #7
Source File: PermissionsControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@BeforeEach
private void beforeMethod() {
  RSQLParser rsqlParser = new RSQLParser();
  PermissionsController controller =
      new PermissionsController(
          permissionsService, rsqlParser, objectIdentityService, userRoleTools, entityHelper);
  mockMvc =
      MockMvcBuilders.standaloneSetup(controller)
          .setMessageConverters(new FormHttpMessageConverter(), gsonHttpMessageConverter)
          .build();

  user1 = new PrincipalSid("user1");
  user2 = new PrincipalSid("user2");
  role1 = new GrantedAuthoritySid("ROLE_role1");
  role2 = new GrantedAuthoritySid("ROLE_role2");

  objectIdentity = new ObjectIdentityImpl("typeId", "identifier");
}
 
Example #8
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetAcls() {
  resetMocks();

  when(objectIdentityService.getObjectIdentities("entity-type", 10, 0))
      .thenReturn(
          Arrays.asList(
              new ObjectIdentityImpl("classId", "test1"),
              new ObjectIdentityImpl("classId", "test2")));
  doReturn("label1").when(entityHelper).getLabel("classId", "test1");
  doReturn("label2").when(entityHelper).getLabel("classId", "test2");
  assertEquals(
      new HashSet<>(
          asList(
              LabelledObject.create("test2", "label2"),
              LabelledObject.create("test1", "label1"))),
      permissionsApiService.getObjects("entity-type", 1, 10));
}
 
Example #9
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testDeletePermission() {
  Sid sid = mock(Sid.class);
  MutableAcl acl = mock(MutableAcl.class);
  AccessControlEntry ace = mock(AccessControlEntry.class);
  when(acl.getEntries()).thenReturn(singletonList(ace));
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("entity-typeId", "identifier");
  doReturn(acl).when(mutableAclService).readAclById(objectIdentity, singletonList(sid));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(sid);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  doReturn(acl).when(mutableAclService).readAclById(objectIdentity);

  LinkedHashSet<Sid> sids = new LinkedHashSet<>();
  sids.add(sid);
  when(userRoleTools.sortSids(sids)).thenReturn(new LinkedList<>(sids));

  permissionsApiService.deletePermission(sid, objectIdentity);
  verify(acl).deleteAce(0);
  verify(mutableAclService).updateAcl(acl);
}
 
Example #10
Source File: EntityHelperTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCheckEntityExistsFail() {
  when(dataService.hasEntityType("typeId")).thenReturn(true);
  when(dataService.getRepository("typeId")).thenReturn(repository);
  when(repository.findOneById("identifier")).thenReturn(null);
  assertThrows(
      UnknownEntityException.class,
      () ->
          entityHelper.checkEntityExists(new ObjectIdentityImpl("entity-typeId", "identifier")));
}
 
Example #11
Source File: EntityHelperTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCheckEntityExists() {
  when(dataService.hasEntityType("typeId")).thenReturn(true);

  when(dataService.getRepository("typeId")).thenReturn(repository);
  when(repository.findOneById("identifier")).thenReturn(mock(Entity.class));
  entityHelper.checkEntityExists(new ObjectIdentityImpl("entity-typeId", "identifier"));
}
 
Example #12
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCreatePermission() {
  MutableAcl acl = mock(MutableAcl.class);
  when(mutableAclService.readAclById(new ObjectIdentityImpl("entity-typeId", "identifier")))
      .thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));
  Sid role = new GrantedAuthoritySid("ROLE_role");

  permissionsApiService.createPermission(
      Permission.create(new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE));

  verify(acl).insertAce(0, WRITE, role, true);
  verify(mutableAclService).updateAcl(acl);
}
 
Example #13
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCreatePermissions() {
  MutableAcl acl = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);

  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  doReturn(acl2)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier2"));
  Permission permission1 =
      Permission.create(
          new ObjectIdentityImpl("entity-typeId", "identifier"),
          new GrantedAuthoritySid("ROLE_role"),
          WRITE);
  Permission permission2 =
      Permission.create(
          new ObjectIdentityImpl("entity-typeId", "identifier2"),
          new PrincipalSid("user1"),
          READ);

  Sid expectedSid = new GrantedAuthoritySid("ROLE_role");
  Sid expectedSid2 = new PrincipalSid("user1");
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.createPermissions(Sets.newHashSet(permission1, permission2));

  verify(acl).insertAce(0, WRITE, expectedSid, true);
  verify(acl2).insertAce(0, READ, expectedSid2, true);
  verify(mutableAclService).updateAcl(acl);
}
 
Example #14
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testSetPermission() {
  Sid role = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = mock(ObjectIdentity.class);
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(role);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.updatePermission(
      Permission.create(new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE));

  verify(acl).deleteAce(0);
  verify(acl).insertAce(1, WRITE, role, true);
  verify(mutableAclService, times(2)).updateAcl(acl);
}
 
Example #15
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCreateDuplicatePermission() {
  Sid role = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = mock(ObjectIdentity.class);
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(role);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  assertThrows(
      DuplicatePermissionException.class,
      () ->
          permissionsApiService.createPermission(
              Permission.create(
                  new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE)));
}
 
Example #16
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testSetPermissions() {
  Sid sid = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("entity-typeId", "identifier");
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl).when(mutableAclService).readAclById(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(sid);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(sid))).thenReturn(new LinkedList(singletonList(sid)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.updatePermissions(
      singleton(Permission.create(objectIdentity, sid, WRITE)));

  verify(acl).deleteAce(0);
  verify(acl).insertAce(1, WRITE, sid, true);
  verify(mutableAclService, times(2)).updateAcl(acl);
}
 
Example #17
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
     * Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl
     * object. Also will create an acl_sid entry if needed for the Sid that owns the MutableAcl.
     *
     * @param acl to modify (a row must already exist in acl_object_identity)
     *
     * @throws NotFoundException if the ACL could not be found to update.
     */
    protected void updateObjectIdentity(MutableAcl acl) {
        AclObjectIdentity parentId = null;

        if (acl.getParentAcl() != null) {
            Assert.isInstanceOf(ObjectIdentityImpl.class, acl.getParentAcl().getObjectIdentity(),
                    "Implementation only supports ObjectIdentityImpl");

            AclObjectIdentity oii = (AclObjectIdentity) acl.getParentAcl().getObjectIdentity();
            parentId = retrieveObjectIdentityPrimaryKey(oii);
        }

        Assert.notNull(acl.getOwner(), "Owner is required in this implementation");

        AclSid ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true);
        //TODO: Fixme:
//        aclObject.setParentObject(parentId);
//        aclObject.setOwner(ownerSid);
//        aclObject.setEntriesInheriting(Boolean.valueOf(acl.isEntriesInheriting()));
//
        // FIXME: This has to occur:
//        boolean update = aclDao.updateObjectIdentity(aclObject);

//        if (!update) {
//            throw new NotFoundException("Unable to locate ACL to update");
//        }
    }
 
Example #18
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetPermissionsForObject() {
  setUser();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");
  permissionServiceDecorator.getPermissionsForObject(
      objectIdentity, Collections.singleton(sid), true);
  verify(permissionService)
      .getPermissionsForObject(objectIdentity, Collections.singleton(sid), true);
  resetContext();
}
 
Example #19
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCreateAcl() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  permissionServiceDecorator.createAcl(objectIdentity);
  verify(permissionService).createAcl(objectIdentity);
  resetContext();
}
 
Example #20
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testUpdatePermissions() {
  setUser();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));
  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.updatePermissions(Collections.singleton(permission));
  verify(permissionService).updatePermissions(Collections.singleton(permission));
  resetContext();
}
 
Example #21
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testDeletePermission() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));
  permissionServiceDecorator.deletePermission(sid, objectIdentity);
  verify(permissionService).deletePermission(sid, objectIdentity);
  resetContext();
}
 
Example #22
Source File: PermissionServiceDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testExists() {
  setUser();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");
  permissionServiceDecorator.exists(objectIdentity, sid);
  verify(permissionService).exists(objectIdentity, sid);
  resetContext();
}
 
Example #23
Source File: PermissionPopulatorTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testPopulate() {
  ApplicationContext applicationContext = mock(ApplicationContext.class);

  ObjectIdentity objectIdentity0 = new ObjectIdentityImpl("type", "id0");
  PermissionRegistry permissionRegistry0 = mock(PermissionRegistry.class);
  Multimap<ObjectIdentity, Pair<PermissionSet, Sid>> registry0Permissions =
      ArrayListMultimap.create();
  Sid sid0 = mock(Sid.class);
  registry0Permissions.put(objectIdentity0, new Pair<>(PermissionSet.COUNT, sid0));
  when(permissionRegistry0.getPermissions()).thenReturn(registry0Permissions);

  ObjectIdentity objectIdentity1 = new ObjectIdentityImpl("type", "id1");
  Multimap<ObjectIdentity, Pair<PermissionSet, Sid>> registry1Permissions =
      ArrayListMultimap.create();
  Sid sid1 = mock(Sid.class);
  registry1Permissions.put(objectIdentity1, new Pair<>(PermissionSet.READ, sid1));
  PermissionRegistry permissionRegistry1 = mock(PermissionRegistry.class);
  when(permissionRegistry1.getPermissions()).thenReturn(registry1Permissions);

  Map<String, PermissionRegistry> registryMap = new LinkedHashMap<>();
  registryMap.put("registry0", permissionRegistry0);
  registryMap.put("registry1", permissionRegistry1);
  when(applicationContext.getBeansOfType(PermissionRegistry.class)).thenReturn(registryMap);

  permissionPopulator.populate(applicationContext);

  verify(permissionService)
      .createPermission(Permission.create(objectIdentity0, sid0, PermissionSet.COUNT));
  verify(permissionService)
      .createPermission(Permission.create(objectIdentity1, sid1, PermissionSet.READ));
}
 
Example #24
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
     * Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl
     * object. Also will create an acl_sid entry if needed for the Sid that owns the MutableAcl.
     *
     * @param acl to modify (a row must already exist in acl_object_identity)
     *
     * @throws NotFoundException if the ACL could not be found to update.
     */
    protected void updateObjectIdentity(MutableAcl acl) {
        AclObjectIdentity parentId = null;

        if (acl.getParentAcl() != null) {
            Assert.isInstanceOf(ObjectIdentityImpl.class, acl.getParentAcl().getObjectIdentity(),
                    "Implementation only supports ObjectIdentityImpl");

            AclObjectIdentity oii = (AclObjectIdentity) acl.getParentAcl().getObjectIdentity();
            parentId = retrieveObjectIdentityPrimaryKey(oii);
        }

        Assert.notNull(acl.getOwner(), "Owner is required in this implementation");

        AclSid ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true);
        //TODO: Fixme:
//        aclObject.setParentObject(parentId);
//        aclObject.setOwner(ownerSid);
//        aclObject.setEntriesInheriting(Boolean.valueOf(acl.isEntriesInheriting()));
//
        // FIXME: This has to occur:
//        boolean update = aclDao.updateObjectIdentity(aclObject);

//        if (!update) {
//            throw new NotFoundException("Unable to locate ACL to update");
//        }
    }
 
Example #25
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
 * Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.
 *
 * @param acl containing the ACEs to insert
 */
protected void createEntries(final MutableAcl acl) {
    if(acl.getEntries().isEmpty()) {
        return;
    }
    AclImpl aclImpl = (AclImpl)acl;
    ObjectIdentityImpl objIdentity = (ObjectIdentityImpl) aclImpl.getObjectIdentity();
    List<AclEntry> entries = new ArrayList<>();
    for(int i=0;i<acl.getEntries().size();i++) {
        AccessControlEntryImpl entry = (AccessControlEntryImpl) acl.getEntries().get(i);
        AclEntry aclEntry = new AclEntry();
        aclEntry.setAclObjectIdentity(aclDao.getObjectIdentity(objIdentity.getType(), objIdentity.getIdentifier()));
        aclEntry.setAceOrder(i);
        PrincipalSid sid = (PrincipalSid) entry.getSid();
        AclSid aclSid = aclDao.findAclSid(sid.getPrincipal());
        if(aclSid==null) {
            aclSid = new AclSid();
            aclSid.setSid(sid.getPrincipal());
            aclSid.setPrincipal(true);
            aclSid = aclDao.createAclSid(aclSid);
        }
        aclEntry.setSid(aclSid);
        aclEntry.setMask(entry.getPermission().getMask());
        aclEntry.setGranting(entry.isGranting());
        aclEntry.setAuditSuccess(entry.isAuditSuccess());
        aclEntry.setAuditFailure(entry.isAuditFailure());
        entries.add(aclEntry);
    }
    aclDao.createEntries(entries);

}
 
Example #26
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
     * Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl
     * object. Also will create an acl_sid entry if needed for the Sid that owns the MutableAcl.
     *
     * @param acl to modify (a row must already exist in acl_object_identity)
     *
     * @throws NotFoundException if the ACL could not be found to update.
     */
    protected void updateObjectIdentity(MutableAcl acl) {
        AclObjectIdentity parentId = null;

        if (acl.getParentAcl() != null) {
            Assert.isInstanceOf(ObjectIdentityImpl.class, acl.getParentAcl().getObjectIdentity(),
                    "Implementation only supports ObjectIdentityImpl");

            AclObjectIdentity oii = (AclObjectIdentity) acl.getParentAcl().getObjectIdentity();
            parentId = retrieveObjectIdentityPrimaryKey(oii);
        }

        Assert.notNull(acl.getOwner(), "Owner is required in this implementation");

        AclSid ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true);
        //TODO: Fixme:
//        aclObject.setParentObject(parentId);
//        aclObject.setOwner(ownerSid);
//        aclObject.setEntriesInheriting(Boolean.valueOf(acl.isEntriesInheriting()));
//
        // FIXME: This has to occur:
//        boolean update = aclDao.updateObjectIdentity(aclObject);

//        if (!update) {
//            throw new NotFoundException("Unable to locate ACL to update");
//        }
    }
 
Example #27
Source File: AclService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
@Override
public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
    List<ObjectIdentity> oids = new ArrayList<ObjectIdentity>();
    HTableInterface htable = null;
    try {
        htable = HBaseConnection.get(hbaseUrl).getTable(aclTableName);

        Scan scan = new Scan();
        SingleColumnValueFilter parentFilter = new SingleColumnValueFilter(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN), CompareOp.EQUAL, domainObjSerializer.serialize(new DomainObjectInfo(parentIdentity)));
        parentFilter.setFilterIfMissing(true);
        scan.setFilter(parentFilter);

        ResultScanner scanner = htable.getScanner(scan);
        for (Result result = scanner.next(); result != null; result = scanner.next()) {
            String id = Bytes.toString(result.getRow());
            String type = Bytes.toString(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_TYPE_COLUMN)));

            oids.add(new ObjectIdentityImpl(type, id));
        }
    } catch (IOException e) {
        throw new RuntimeException(e.getMessage(), e);
    } finally {
        IOUtils.closeQuietly(htable);
    }

    return oids;
}
 
Example #28
Source File: AclService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> aclMaps = new HashMap<ObjectIdentity, Acl>();
    HTableInterface htable = null;
    Result result = null;
    try {
        htable = HBaseConnection.get(hbaseUrl).getTable(aclTableName);

        for (ObjectIdentity oid : oids) {
            result = htable.get(new Get(Bytes.toBytes(String.valueOf(oid.getIdentifier()))));

            if (null != result && !result.isEmpty()) {
                SidInfo owner = sidSerializer.deserialize(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_OWNER_COLUMN)));
                Sid ownerSid = (null == owner) ? null : (owner.isPrincipal() ? new PrincipalSid(owner.getSid()) : new GrantedAuthoritySid(owner.getSid()));
                boolean entriesInheriting = Bytes.toBoolean(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN)));

                Acl parentAcl = null;
                DomainObjectInfo parentInfo = domainObjSerializer.deserialize(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN)));
                if (null != parentInfo) {
                    ObjectIdentity parentObj = new ObjectIdentityImpl(parentInfo.getType(), parentInfo.getId());
                    parentAcl = readAclById(parentObj, null);
                }

                AclImpl acl = new AclImpl(oid, oid.getIdentifier(), aclAuthorizationStrategy, permissionGrantingStrategy, parentAcl, null, entriesInheriting, ownerSid);
                genAces(sids, result, acl);

                aclMaps.put(oid, acl);
            } else {
                throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'");
            }
        }
    } catch (IOException e) {
        throw new RuntimeException(e.getMessage(), e);
    } finally {
        IOUtils.closeQuietly(htable);
    }

    return aclMaps;
}
 
Example #29
Source File: AccessService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public Acl update(AclEntity ae, Long accessEntryId, Permission newPermission) {
    Assert.notNull(ae, "Acl domain object required");
    Assert.notNull(accessEntryId, "Ace id required");
    Assert.notNull(newPermission, "Acl permission required");

    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae.getClass(), ae.getId());
    MutableAcl acl = (MutableAcl) aclService.readAclById(objectIdentity);

    int indexOfAce = -1;
    for (int i = 0; i < acl.getEntries().size(); i++) {
        AccessControlEntry ace = acl.getEntries().get(i);
        if (ace.getId().equals(accessEntryId)) {
            indexOfAce = i;
            break;
        }
    }

    if (indexOfAce != -1) {
        secureOwner(acl, indexOfAce);

        try {
            acl.updateAce(indexOfAce, newPermission);
            acl = aclService.updateAcl(acl);
        } catch (NotFoundException e) {
        }
    }

    return acl;
}
 
Example #30
Source File: AccessService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public Acl revoke(AclEntity ae, Long accessEntryId) {
    Assert.notNull(ae, "Acl domain object required");
    Assert.notNull(accessEntryId, "Ace id required");

    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae.getClass(), ae.getId());
    MutableAcl acl = (MutableAcl) aclService.readAclById(objectIdentity);
    int indexOfAce = -1;

    for (int i = 0; i < acl.getEntries().size(); i++) {
        AccessControlEntry ace = acl.getEntries().get(i);
        if (((Long) ace.getId()).equals(accessEntryId)) {
            indexOfAce = i;
            break;
        }
    }

    if (indexOfAce != -1) {
        secureOwner(acl, indexOfAce);

        try {
            acl.deleteAce(indexOfAce);
            acl = aclService.updateAcl(acl);
        } catch (NotFoundException e) {
        }
    }

    return acl;
}