Java Code Examples for org.springframework.security.acls.domain.GrantedAuthoritySid

The following examples show how to use org.springframework.security.acls.domain.GrantedAuthoritySid. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example 2
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example 3
/**
 * Note that position of SIDs is important
 * @param authSid
 * @param aclSid
 * @return
 */
private boolean compareSids(Sid authSid, Sid aclSid) {
    if(MultiTenancySupport.isNoTenant(aclSid)) {
        // acl sid can has no tenant, we must consider this
        // not that null tenant mean that it common rule for any GrantedAuthorities of tenants
        if(authSid instanceof GrantedAuthoritySid) {
            return (aclSid instanceof GrantedAuthoritySid) && Objects.equals(
              ((GrantedAuthoritySid) authSid).getGrantedAuthority(),
              ((GrantedAuthoritySid) aclSid).getGrantedAuthority()
            );
        }
        if(authSid instanceof PrincipalSid) {
            return (aclSid instanceof PrincipalSid) && Objects.equals(
              ((PrincipalSid) authSid).getPrincipal(),
              ((PrincipalSid) aclSid).getPrincipal()
            );
        }
    }
    // there a unsupported sids or its has tenant, compare its as usual objects
    return aclSid.equals(authSid);
}
 
Example 4
Source Project: haven-platform   Source File: MultiTenancySupport.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Fix null tenant for principals and validate.
 * @param sid
 * @param <T>
 * @return
 */
@SuppressWarnings("unchecked")
public static <T extends TenantSid> T fixTenant(T sid) {
    if(sid == null) {
        return sid;
    }
    final String tenant = sid.getTenant();
    if(sid instanceof GrantedAuthoritySid && tenant == null) {
        return sid;
    }
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    ExtendedUserDetails eud = (ExtendedUserDetails) auth.getPrincipal();
    final String authTenant = eud.getTenant();
    if(authTenant.equals(tenant)) {
        return sid;
    }
    if(tenant == null) {
        return (T) TenantPrincipalSid.from((PrincipalSid) sid);
    }
    if(!ROOT_TENANT.equals(authTenant)) {
        // we must check tenancy access through TenantHierarchy, but now we does not have any full tenancy support
        throw new IllegalArgumentException("Sid " + sid + " has incorrect tenant: " + tenant + " it allow only for root tenant.");
    }
    return sid;
}
 
Example 5
Source Project: kylin   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example 6
Source Project: kylin   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example 7
@BeforeEach
private void beforeMethod() {
  RSQLParser rsqlParser = new RSQLParser();
  PermissionsController controller =
      new PermissionsController(
          permissionsService, rsqlParser, objectIdentityService, userRoleTools, entityHelper);
  mockMvc =
      MockMvcBuilders.standaloneSetup(controller)
          .setMessageConverters(new FormHttpMessageConverter(), gsonHttpMessageConverter)
          .build();

  user1 = new PrincipalSid("user1");
  user2 = new PrincipalSid("user2");
  role1 = new GrantedAuthoritySid("ROLE_role1");
  role2 = new GrantedAuthoritySid("ROLE_role2");

  objectIdentity = new ObjectIdentityImpl("typeId", "identifier");
}
 
Example 8
Set<Sid> getAllAvailableSids() {
  Set<Sid> sids = new HashSet<>();
  if (userPermissionEvaluator.hasPermission(
      new EntityTypeIdentity(UserMetadata.USER), READ_DATA)) {
    sids =
        userService.getUsers().stream()
            .map(user -> new PrincipalSid(user.getUsername()))
            .collect(toSet());
  }
  if (userPermissionEvaluator.hasPermission(
      new EntityTypeIdentity(RoleMetadata.ROLE), READ_DATA)) {
    Set<Sid> roles =
        dataService
            .findAll(RoleMetadata.ROLE)
            .map(role -> new GrantedAuthoritySid(ROLE_PREFIX + role.getString(RoleMetadata.NAME)))
            .collect(toSet());

    sids.addAll(roles);
  }
  sids.add(SidUtils.createSecurityContextSid());

  return sids;
}
 
Example 9
@Test
void testGetInheritedPermissions() {
  Sid user = mock(PrincipalSid.class);
  Sid role1Sid = new GrantedAuthoritySid("ROLE_role1");
  Sid role2Sid = new GrantedAuthoritySid("ROLE_role2");
  Sid role3Sid = new GrantedAuthoritySid("ROLE_role3");

  // Acl setup
  Acl parentPackageAcl =
      PermissionTestUtils.getSinglePermissionAcl(role3Sid, 16, "parentPackageAcl");
  Acl packageAcl =
      PermissionTestUtils.getSinglePermissionAcl(user, 4, "packageAcl", parentPackageAcl);
  Acl entityAcl =
      PermissionTestUtils.getSinglePermissionAcl(role2Sid, 8, "entityAcl", packageAcl);

  doReturn(Arrays.asList(role1Sid, role2Sid)).when(userRoleTools).getRolesForSid(user);
  doReturn(singletonList(role3Sid)).when(userRoleTools).getRolesForSid(role1Sid);

  InheritedPermissionsResult expected =
      getInheritedPermissionsResult(packageAcl, parentPackageAcl, role1Sid, role2Sid, role3Sid);

  assertEquals(expected, resolver.getInheritedPermissionsResults(entityAcl, user));
}
 
Example 10
@Test
void testGetAllAvailableSids() {
  User user = mock(User.class);
  when(user.getUsername()).thenReturn("username");
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(UserMetadata.USER), READ_DATA);
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(RoleMetadata.ROLE), READ_DATA);
  when(userService.getUsers()).thenReturn(Collections.singletonList(user));

  Role role = mock(Role.class);
  when(role.getString(RoleMetadata.NAME)).thenReturn("role1");
  List<Entity> roles = Collections.singletonList(role);
  when(dataService.findAll(RoleMetadata.ROLE)).thenReturn(roles.stream());
  assertEquals(
      newHashSet(
          new GrantedAuthoritySid("ROLE_role1"),
          new GrantedAuthoritySid("ROLE_ANONYMOUS"),
          new PrincipalSid("username")),
      userRoleTools.getAllAvailableSids());
}
 
Example 11
@Test
void testGetSids() {
  List<Sid> expected =
      Arrays.asList(
          new PrincipalSid("user1"),
          new PrincipalSid("user2"),
          new GrantedAuthoritySid("ROLE_role1"),
          new GrantedAuthoritySid("ROLE_role2"));

  Query query = mock(Query.class);

  doReturn(query).when(query).eq(RoleMetadata.NAME, "role1");
  doReturn(query).when(query).eq(RoleMetadata.NAME, "role2");
  doReturn(mock(Role.class)).when(query).findOne();

  doReturn(mock(User.class)).when(userService).getUser("user1");
  doReturn(mock(User.class)).when(userService).getUser("user2");

  when(dataService.query(RoleMetadata.ROLE, Role.class)).thenReturn(query);
  when(query.findOne()).thenReturn(mock(Role.class));

  assertTrue(
      userRoleTools
          .getSids(Arrays.asList("user1", "user2"), Arrays.asList("role1", "role2"))
          .containsAll(expected));
}
 
Example 12
Source Project: kylin-on-parquet-v2   Source File: SidInfo.java    License: Apache License 2.0 5 votes vote down vote up
public SidInfo(Sid sid) {
    if (sid instanceof PrincipalSid) {
        this.sid = ((PrincipalSid) sid).getPrincipal();
        this.isPrincipal = true;
    } else if (sid instanceof GrantedAuthoritySid) {
        this.sid = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        this.isPrincipal = false;
    } else
        throw new IllegalStateException();
}
 
Example 13
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 5 votes vote down vote up
public Sid getSid(String sid, boolean isPrincepal) {
    if (isPrincepal) {
        return new PrincipalSid(sid);
    } else {
        return new GrantedAuthoritySid(sid);
    }
}
 
Example 14
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 5 votes vote down vote up
private static String getName(Sid sid) {
    if (sid instanceof PrincipalSid) {
        return ((PrincipalSid) sid).getPrincipal();
    } else {
        return ((GrantedAuthoritySid) sid).getGrantedAuthority();
    }
}
 
Example 15
Source Project: kylin-on-parquet-v2   Source File: ValidateUtil.java    License: Apache License 2.0 5 votes vote down vote up
private Set<String> getAuthoritiesInPrj(List<Sid> allSids) {
    Set<String> allAuthorities = new TreeSet<>();
    for (Sid sid : allSids) {
        if (sid instanceof GrantedAuthoritySid) {
            allAuthorities.add(((GrantedAuthoritySid) sid).getGrantedAuthority());
        }
    }
    return allAuthorities;
}
 
Example 16
/**
 * Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is
 * true.
 *
 * @param sid to find or create
 * @param allowCreate true if creation is permitted if not found
 *
 * @return the primary key or null if not found
 *
 * @throws IllegalArgumentException if the <tt>Sid</tt> is not a recognized implementation.
 */
protected AclSid createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
    Assert.notNull(sid, "Sid required");

    String sidName;
    boolean sidIsPrincipal = true;

    if (sid instanceof PrincipalSid) {
        sidName = ((PrincipalSid) sid).getPrincipal();
    } else if (sid instanceof GrantedAuthoritySid) {
        sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        sidIsPrincipal = false;
    } else {
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    List<AclSid> sidIds = aclDao.findAclSidList(Boolean.valueOf(sidIsPrincipal), sidName);

    if (!sidIds.isEmpty()) {
        return sidIds.get(0);
    }

    if (allowCreate) {
        AclSid sid2 = new AclSid();
        sid2.setSid(sidName);
        sid2.setPrincipal(Boolean.valueOf(sidIsPrincipal));
        return aclDao.createAclSid(sid2);
    }

    return null;
}
 
Example 17
/**
 * Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is
 * true.
 *
 * @param sid to find or create
 * @param allowCreate true if creation is permitted if not found
 *
 * @return the primary key or null if not found
 *
 * @throws IllegalArgumentException if the <tt>Sid</tt> is not a recognized implementation.
 */
protected AclSid createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
    Assert.notNull(sid, "Sid required");

    String sidName;
    boolean sidIsPrincipal = true;

    if (sid instanceof PrincipalSid) {
        sidName = ((PrincipalSid) sid).getPrincipal();
    } else if (sid instanceof GrantedAuthoritySid) {
        sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        sidIsPrincipal = false;
    } else {
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    List<AclSid> sidIds = aclDao.findAclSidList(Boolean.valueOf(sidIsPrincipal), sidName);

    if (!sidIds.isEmpty()) {
        return sidIds.get(0);
    }

    if (allowCreate) {
        AclSid sid2 = new AclSid();
        sid2.setSid(sidName);
        sid2.setPrincipal(Boolean.valueOf(sidIsPrincipal));
        return aclDao.createAclSid(sid2);
    }

    return null;
}
 
Example 18
/**
 * Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is
 * true.
 *
 * @param sid to find or create
 * @param allowCreate true if creation is permitted if not found
 *
 * @return the primary key or null if not found
 *
 * @throws IllegalArgumentException if the <tt>Sid</tt> is not a recognized implementation.
 */
protected AclSid createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
    Assert.notNull(sid, "Sid required");

    String sidName;
    boolean sidIsPrincipal = true;

    if (sid instanceof PrincipalSid) {
        sidName = ((PrincipalSid) sid).getPrincipal();
    } else if (sid instanceof GrantedAuthoritySid) {
        sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        sidIsPrincipal = false;
    } else {
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    List<AclSid> sidIds = aclDao.findAclSidList(Boolean.valueOf(sidIsPrincipal), sidName);

    if (!sidIds.isEmpty()) {
        return sidIds.get(0);
    }

    if (allowCreate) {
        AclSid sid2 = new AclSid();
        sid2.setSid(sidName);
        sid2.setPrincipal(Boolean.valueOf(sidIsPrincipal));
        return aclDao.createAclSid(sid2);
    }

    return null;
}
 
Example 19
/**
 * Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is
 * true.
 *
 * @param sid to find or create
 * @param allowCreate true if creation is permitted if not found
 *
 * @return the primary key or null if not found
 *
 * @throws IllegalArgumentException if the <tt>Sid</tt> is not a recognized implementation.
 */
protected AclSid createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
    Assert.notNull(sid, "Sid required");

    String sidName;
    boolean sidIsPrincipal = true;

    if (sid instanceof PrincipalSid) {
        sidName = ((PrincipalSid) sid).getPrincipal();
    } else if (sid instanceof GrantedAuthoritySid) {
        sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        sidIsPrincipal = false;
    } else {
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    List<AclSid> sidIds = aclDao.findAclSidList(Boolean.valueOf(sidIsPrincipal), sidName);

    if (!sidIds.isEmpty()) {
        return sidIds.get(0);
    }

    if (allowCreate) {
        AclSid sid2 = new AclSid();
        sid2.setSid(sidName);
        sid2.setPrincipal(Boolean.valueOf(sidIsPrincipal));
        return aclDao.createAclSid(sid2);
    }

    return null;
}
 
Example 20
/**
 * Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is
 * true.
 *
 * @param sid to find or create
 * @param allowCreate true if creation is permitted if not found
 *
 * @return the primary key or null if not found
 *
 * @throws IllegalArgumentException if the <tt>Sid</tt> is not a recognized implementation.
 */
protected AclSid createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
    Assert.notNull(sid, "Sid required");

    String sidName;
    boolean sidIsPrincipal = true;

    if (sid instanceof PrincipalSid) {
        sidName = ((PrincipalSid) sid).getPrincipal();
    } else if (sid instanceof GrantedAuthoritySid) {
        sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        sidIsPrincipal = false;
    } else {
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    List<AclSid> sidIds = aclDao.findAclSidList(Boolean.valueOf(sidIsPrincipal), sidName);

    if (!sidIds.isEmpty()) {
        return sidIds.get(0);
    }

    if (allowCreate) {
        AclSid sid2 = new AclSid();
        sid2.setSid(sidName);
        sid2.setPrincipal(Boolean.valueOf(sidIsPrincipal));
        return aclDao.createAclSid(sid2);
    }

    return null;
}
 
Example 21
@Override
    public PermissionData getPermission(PermissionGrantingContext context) {
        PermissionData.Builder pdb = PermissionData.builder();
        final Sid currSid = context.getCurrentSid();
        //by ADMIN authority
        if(currSid instanceof GrantedAuthoritySid && Authorities.ADMIN_ROLE.equals(((GrantedAuthoritySid)currSid).getGrantedAuthority())) {
            final String tenantId = MultiTenancySupport.getTenant(currSid);
            // if role.tenantId == (ROOT or owner.tenantId) or role not tenant the check principal and owner tenants
            if(isRootTenant(tenantId) ||
                (tenantId != MultiTenancySupport.NO_TENANT?
                tenantId.equals(context.getOwnerTenant()) :
                context.getCurrentTenants().contains(context.getOwnerTenant()))) {
                pdb.add(PermissionData.ALL);
            }
        }
        if(PermissionData.ALL.getMask() != pdb.getMask()) {
            if(isAllowByOwner(context)) {
                pdb.add(PermissionData.ALL);
            }
        }
        //below need some discussion
//        if(PermissionData.ALL.getMask() != pdb.getMask() && !context.isHasAces()) {
//            // tenant allow only read
//            if(isAllowByTenant(context)) {
//                pdb.add(Action.READ);
//            }
//        }
        return pdb.build();
    }
 
Example 22
Source Project: haven-platform   Source File: TenantSid.java    License: Apache License 2.0 5 votes vote down vote up
static TenantSid from(Sid sid) {
    if(sid == null) {
        return null;
    }
    if(sid instanceof TenantSid) {
        return (TenantSid) sid;
    } else if(sid instanceof PrincipalSid) {
        return TenantPrincipalSid.from((PrincipalSid) sid);
    } else if(sid instanceof GrantedAuthoritySid) {
        return TenantGrantedAuthoritySid.from((GrantedAuthoritySid) sid);
    } else {
        throw new IllegalArgumentException("Unsupported sid type: " + sid.getClass());
    }
}
 
Example 23
Source Project: kylin   Source File: SidInfo.java    License: Apache License 2.0 5 votes vote down vote up
public SidInfo(Sid sid) {
    if (sid instanceof PrincipalSid) {
        this.sid = ((PrincipalSid) sid).getPrincipal();
        this.isPrincipal = true;
    } else if (sid instanceof GrantedAuthoritySid) {
        this.sid = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        this.isPrincipal = false;
    } else
        throw new IllegalStateException();
}
 
Example 24
Source Project: kylin   Source File: AccessService.java    License: Apache License 2.0 5 votes vote down vote up
public Sid getSid(String sid, boolean isPrincepal) {
    if (isPrincepal) {
        return new PrincipalSid(sid);
    } else {
        return new GrantedAuthoritySid(sid);
    }
}
 
Example 25
Source Project: kylin   Source File: AccessService.java    License: Apache License 2.0 5 votes vote down vote up
private static String getName(Sid sid) {
    if (sid instanceof PrincipalSid) {
        return ((PrincipalSid) sid).getPrincipal();
    } else {
        return ((GrantedAuthoritySid) sid).getGrantedAuthority();
    }
}
 
Example 26
Source Project: kylin   Source File: ValidateUtil.java    License: Apache License 2.0 5 votes vote down vote up
private Set<String> getAuthoritiesInPrj(List<Sid> allSids) {
    Set<String> allAuthorities = new TreeSet<>();
    for (Sid sid : allSids) {
        if (sid instanceof GrantedAuthoritySid) {
            allAuthorities.add(((GrantedAuthoritySid) sid).getGrantedAuthority());
        }
    }
    return allAuthorities;
}
 
Example 27
Source Project: Kylin   Source File: AclService.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> aclMaps = new HashMap<ObjectIdentity, Acl>();
    HTableInterface htable = null;
    Result result = null;
    try {
        htable = HBaseConnection.get(hbaseUrl).getTable(aclTableName);

        for (ObjectIdentity oid : oids) {
            result = htable.get(new Get(Bytes.toBytes(String.valueOf(oid.getIdentifier()))));

            if (null != result && !result.isEmpty()) {
                SidInfo owner = sidSerializer.deserialize(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_OWNER_COLUMN)));
                Sid ownerSid = (null == owner) ? null : (owner.isPrincipal() ? new PrincipalSid(owner.getSid()) : new GrantedAuthoritySid(owner.getSid()));
                boolean entriesInheriting = Bytes.toBoolean(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN)));

                Acl parentAcl = null;
                DomainObjectInfo parentInfo = domainObjSerializer.deserialize(result.getValue(Bytes.toBytes(ACL_INFO_FAMILY), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN)));
                if (null != parentInfo) {
                    ObjectIdentity parentObj = new ObjectIdentityImpl(parentInfo.getType(), parentInfo.getId());
                    parentAcl = readAclById(parentObj, null);
                }

                AclImpl acl = new AclImpl(oid, oid.getIdentifier(), aclAuthorizationStrategy, permissionGrantingStrategy, parentAcl, null, entriesInheriting, ownerSid);
                genAces(sids, result, acl);

                aclMaps.put(oid, acl);
            } else {
                throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'");
            }
        }
    } catch (IOException e) {
        throw new RuntimeException(e.getMessage(), e);
    } finally {
        IOUtils.closeQuietly(htable);
    }

    return aclMaps;
}
 
Example 28
Source Project: Kylin   Source File: AclService.java    License: Apache License 2.0 5 votes vote down vote up
public SidInfo(Sid sid) {
    if (sid instanceof PrincipalSid) {
        this.sid = ((PrincipalSid) sid).getPrincipal();
        this.isPrincipal = true;
    } else if (sid instanceof GrantedAuthoritySid) {
        this.sid = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        this.isPrincipal = false;
    }
}
 
Example 29
Source Project: Kylin   Source File: AccessService.java    License: Apache License 2.0 5 votes vote down vote up
public Sid getSid(String sid, boolean isPrincepal) {
    if (isPrincepal) {
        return new PrincipalSid(sid);
    } else {
        return new GrantedAuthoritySid(sid);
    }
}
 
Example 30
Source Project: spring-data-rest-acl   Source File: BookHandler.java    License: Apache License 2.0 5 votes vote down vote up
private void addACL(AbstractSecuredEntity type) {
	if(type != null) {
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.ADMINISTRATION);
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.READ);
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.WRITE);
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.DELETE);
	
		securityACLDAO.addPermission(type, new GrantedAuthoritySid("ROLE_ADMIN"), BasePermission.ADMINISTRATION);
	}		
}