Java Code Examples for org.springframework.security.acls.model.Acl#getEntries()
The following examples show how to use
org.springframework.security.acls.model.Acl#getEntries() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
|
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg,
boolean isCaseSensitive) {
if (null == acl) {
return Collections.emptyList();
}
List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
for (AccessControlEntry ace : acl.getEntries()) {
if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) {
continue;
}
result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
return result;
}
Example 2
| Source File: PermissionServiceImpl.java From molgenis with GNU Lesser General Public License v3.0 | 6 votes |
|
private void getPermissionResponsesForSingleSid(
Acl acl, boolean isReturnInheritedPermissions, Set<LabelledPermission> result, Sid sid) {
PermissionSet ownPermission = null;
for (AccessControlEntry ace : acl.getEntries()) {
if (sid.equals(ace.getSid())) {
ownPermission = PermissionSetUtils.getPermissionSet(ace);
}
}
Set<LabelledPermission> inheritedPermissions = new LinkedHashSet<>();
if (isReturnInheritedPermissions) {
inheritedPermissions.addAll(inheritanceResolver.getInheritedPermissions(acl, sid));
}
if (ownPermission != null || !inheritedPermissions.isEmpty()) {
inheritedPermissions = inheritedPermissions.isEmpty() ? null : inheritedPermissions;
result.add(
LabelledPermission.create(
sid,
entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()),
ownPermission,
inheritedPermissions));
}
}
Example 3
| Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
|
private Map<String, Integer> getProjectPermission(String project) {
Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
Acl acl = getAcl(ae);
if (acl != null && acl.getEntries() != null) {
List<AccessControlEntry> aces = acl.getEntries();
for (AccessControlEntry ace : aces) {
Sid sid = ace.getSid();
if (sid instanceof PrincipalSid) {
String principal = ((PrincipalSid) sid).getPrincipal();
SidWithPermission.put(principal, ace.getPermission().getMask());
}
if (sid instanceof GrantedAuthoritySid) {
String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
}
}
}
return SidWithPermission;
}
Example 4
| Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
|
public List<String> getAllAclSids(Acl acl, String type) {
if (null == acl) {
return Collections.emptyList();
}
List<String> result = new ArrayList<>();
for (AccessControlEntry ace : acl.getEntries()) {
String name = null;
if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
name = ((PrincipalSid) ace.getSid()).getPrincipal();
}
if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
}
if (!StringUtils.isBlank(name)) {
result.add(name);
}
}
return result;
}
Example 5
| Source File: AclServiceTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
@Test
public void testBatchUpsertAce() {
switchToAdmin();
ObjectIdentity oid = oid("acl");
MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
aclService.batchUpsertAce(acl, sidToPerm);
for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
List<AccessControlEntry> e = a.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
}
Example 6
| Source File: MigrationService.java From kylin with Apache License 2.0 | 6 votes |
|
public List<String> getCubeAdmins(CubeInstance cubeInstance) {
ProjectInstance prjInstance = cubeInstance.getProjectInstance();
AclEntity ae = accessService.getAclEntity("ProjectInstance", prjInstance.getUuid());
logger.info("ProjectUUID : " + prjInstance.getUuid());
Acl acl = accessService.getAcl(ae);
String mailSuffix = KylinConfig.getInstanceFromEnv().getNotificationMailSuffix();
List<String> cubeAdmins = Lists.newArrayList();
if (acl != null) {
for (AccessControlEntry ace : acl.getEntries()) {
if (ace.getPermission().getMask() == 16) {
PrincipalSid ps = (PrincipalSid) ace.getSid();
cubeAdmins.add(ps.getPrincipal() + mailSuffix);
}
}
}
if (cubeAdmins.isEmpty()) {
throw new BadRequestException("Cube access list is null, please add at least one role in it.");
}
return cubeAdmins;
}
Example 7
| Source File: AclServiceTest.java From kylin with Apache License 2.0 | 6 votes |
|
@Test
public void testBatchUpsertAce() {
switchToAdmin();
ObjectIdentity oid = oid("acl");
MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
aclService.batchUpsertAce(acl, sidToPerm);
for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
List<AccessControlEntry> e = a.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
}
Example 8
| Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
private Map<String, Integer> getProjectPermission(String project) {
Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
Acl acl = getAcl(ae);
if (acl != null && acl.getEntries() != null) {
List<AccessControlEntry> aces = acl.getEntries();
for (AccessControlEntry ace : aces) {
Sid sid = ace.getSid();
if (sid instanceof PrincipalSid) {
String principal = ((PrincipalSid) sid).getPrincipal();
SidWithPermission.put(principal, ace.getPermission().getMask());
}
if (sid instanceof GrantedAuthoritySid) {
String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
}
}
}
return SidWithPermission;
}
Example 9
| Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
public List<String> getAllAclSids(Acl acl, String type) {
if (null == acl) {
return Collections.emptyList();
}
List<String> result = new ArrayList<>();
for (AccessControlEntry ace : acl.getEntries()) {
String name = null;
if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
name = ((PrincipalSid) ace.getSid()).getPrincipal();
}
if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
}
if (!StringUtils.isBlank(name)) {
result.add(name);
}
}
return result;
}
Example 10
| Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg,
boolean isCaseSensitive) {
if (null == acl) {
return Collections.emptyList();
}
List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
for (AccessControlEntry ace : acl.getEntries()) {
if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) {
continue;
}
result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
return result;
}
Example 11
| Source File: ValidateUtil.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
private List<Sid> getAllSids(String project) {
List<Sid> allSids = new ArrayList<>();
ProjectInstance prj = projectService.getProjectManager().getProject(project);
AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid());
Acl acl = accessService.getAcl(ae);
if (acl != null && acl.getEntries() != null) {
for (AccessControlEntry ace : acl.getEntries()) {
allSids.add(ace.getSid());
}
}
return allSids;
}
Example 12
| Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
public Object generateAllAceResponses(Acl acl) {
List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
while (acl != null) {
for (AccessControlEntry ace : acl.getEntries()) {
result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
acl = acl.getParentAcl();
}
return result;
}
Example 13
| Source File: AccessService.java From kylin with Apache License 2.0 | 5 votes |
|
public Object generateAllAceResponses(Acl acl) {
List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
while (acl != null) {
for (AccessControlEntry ace : acl.getEntries()) {
result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
acl = acl.getParentAcl();
}
return result;
}
Example 14
| Source File: ValidateUtil.java From kylin with Apache License 2.0 | 5 votes |
|
private List<Sid> getAllSids(String project) {
List<Sid> allSids = new ArrayList<>();
ProjectInstance prj = projectService.getProjectManager().getProject(project);
AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid());
Acl acl = accessService.getAcl(ae);
if (acl != null && acl.getEntries() != null) {
for (AccessControlEntry ace : acl.getEntries()) {
allSids.add(ace.getSid());
}
}
return allSids;
}
Example 15
| Source File: AccessService.java From Kylin with Apache License 2.0 | 5 votes |
|
public List<AccessEntryResponse> generateAceResponses(Acl acl) {
if (null == acl) {
return Collections.emptyList();
}
List<AccessEntryResponse> accessControlEntities = new ArrayList<AccessEntryResponse>();
// Cause there is a circle reference in AccessControlEntry, it needs to
// set acl to null as a workaround.
for (AccessControlEntry ace : acl.getEntries()) {
accessControlEntities.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
return accessControlEntities;
}
Example 16
| Source File: PermissionInheritanceResolver.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
|
private PermissionSet getPermissionsForAcl(Acl acl, Sid sid) {
PermissionSet ownPermission = null;
for (AccessControlEntry ace : acl.getEntries()) {
if (ace.getSid().equals(sid)) {
ownPermission = PermissionSetUtils.getPermissionSet(ace);
}
}
return ownPermission;
}
Example 17
| Source File: TenantBasedPermissionGrantedStrategy.java From haven-platform with Apache License 2.0 | 4 votes |
|
@Override
public PermissionData getPermission(Acl acl, List<Sid> sids) {
Assert.notNull(tenantsService, "tenantsService is null");
Assert.notNull(userDetailsService, "userDetailsService is null");
final Sid ownerSid = acl.getOwner();
final String ownerTenantId = getTenantFromSid(ownerSid);
if(ownerTenantId == MultiTenancySupport.NO_TENANT) {
throw new RuntimeException("Can not retrieve tenant from acl owner: acl.objectIdentity=" + acl.getObjectIdentity().getIdentifier());
}
final String currentPrincipalTenant = getPrincipalSidTenant(sids);
PermissionGrantingContext pgc = new PermissionGrantingContext(this, ownerSid, currentPrincipalTenant);
// below code based on DefaultPermissionGrantingStrategy
final List<AccessControlEntry> aces = acl.getEntries();
pgc.setHasAces(!aces.isEmpty());
PermissionData.Builder pb = PermissionData.builder();
pb.add(defaultBehavior.getPermission(pgc));
// !! not use foreach here
for(int aceIndex = 0; aceIndex < aces.size(); ++ aceIndex) {
AccessControlEntry ace = aces.get(aceIndex);
Sid aceSid = ace.getSid();
final String aceTenant = getTenantFromSid(aceSid);
for(int sidIndex = 0; sidIndex < sids.size(); ++sidIndex) {
final Sid sid = sids.get(sidIndex);
pgc.setCurrentSid(sid);
//root SIDs consume all ACE
if(aceTenant != null && !pgc.getCurrentTenants().contains(aceTenant)) {
continue;
}
if(!compareSids(sid, aceSid)) {
continue;
}
Permission acep = ace.getPermission();
if(ace.isGranting()) {
pb.add(acep);
} else {
pb.remove(acep);
}
}
}
//TODO handle ACL inheriting
return pb.build();
}
Example 18
| Source File: BitMaskPermissionGrantingStrategy.java From molgenis with GNU Lesser General Public License v3.0 | 4 votes |
|
public boolean isGranted(
Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) {
final List<AccessControlEntry> aces = acl.getEntries();
AccessControlEntry firstRejection = null;
for (Permission p : permission) {
for (Sid sid : sids) {
// Attempt to find exact match for this permission mask and SID
boolean scanNextSid = true;
for (AccessControlEntry ace : aces) {
if (containsPermission(ace.getPermission().getMask(), p.getMask())
&& ace.getSid().equals(sid)) {
// Found a matching ACE, so its authorization decision will
// prevail
if (ace.isGranting()) {
// Success
if (!administrativeMode) {
auditLogger.logIfNeeded(true, ace);
}
return true;
}
// Failure for this permission, so stop search
// We will see if they have a different permission
// (this permission is 100% rejected for this SID)
if (firstRejection == null) {
// Store first rejection for auditing reasons
firstRejection = ace;
}
scanNextSid = false; // helps break the loop
break; // exit aces loop
}
}
if (!scanNextSid) {
break; // exit SID for loop (now try next permission)
}
}
}
if (firstRejection != null) {
// We found an ACE to reject the request at this point, as no
// other ACEs were found that granted a different permission
if (!administrativeMode) {
auditLogger.logIfNeeded(false, firstRejection);
}
return false;
}
// No matches have been found so far
if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) {
// We have a parent, so let them try to find a matching ACE
return acl.getParentAcl().isGranted(permission, sids, false);
} else {
// We either have no parent, or we're the uppermost parent
throw new NotFoundException(
"Unable to locate a matching ACE for passed permissions and SIDs");
}
}
