Java Code Examples for org.springframework.security.acls.domain.PrincipalSid

The following examples show how to use org.springframework.security.acls.domain.PrincipalSid. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: kylin-on-parquet-v2   Source File: AclServiceTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example 2
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
@Transactional
public MutableAclRecord init(AclEntity ae, Permission initPermission) {
    MutableAclRecord acl = null;
    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae);

    try {
        // Create acl record for secured domain object.
        acl = (MutableAclRecord) aclService.createAcl(objectIdentity);
    } catch (AlreadyExistsException e) {
        acl = aclService.readAcl(objectIdentity);
    }

    if (null != initPermission) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        PrincipalSid sid = new PrincipalSid(auth);
        acl = grant(ae, initPermission, sid);
    }

    return acl;
}
 
Example 3
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example 4
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example 5
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example 6
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example 7
@Test
void testAddStream() {
  EntityIdentity entityIdentity = new EntityIdentity("MyQuestionnaire", "id");
  when(entity.getString("owner")).thenReturn("username");
  when(entity.getIdValue()).thenReturn("id");
  when(entity.getEntityType()).thenReturn(entityType);
  when(entityType.getId()).thenReturn("MyQuestionnaire");
  AclImpl acl = new AclImpl(entityIdentity, 1, authorizationStrategy, auditLogger);
  acl.insertAce(0, PermissionSet.WRITE, new PrincipalSid("otheruser"), true);
  when(mutableAclService.readAclById(entityIdentity)).thenReturn(acl);

  ownershipDecorator.add(Stream.of(entity));

  verify(delegate).add(streamCaptor.capture());
  assertEquals(singletonList(entity), streamCaptor.getValue().collect(toList()));
  verify(mutableAclService).updateAcl(acl);
  PrincipalSid ownerSid = new PrincipalSid("username");
  assertEquals(ownerSid, acl.getOwner());
  assertEquals(1, acl.getEntries().size());
  AccessControlEntry ace = acl.getEntries().get(0);
  assertEquals(ownerSid, ace.getSid());
  assertEquals(WRITE, ace.getPermission());
  assertTrue(ace.isGranting());
}
 
Example 8
@Transactional
@Override
public int createEvent(Event event) {

    int result = eventDao.createEvent(event);
    event.setId(result);

    // Add new ACL Entry:
    MutableAcl acl = aclService.createAcl(new ObjectIdentityImpl(event));
    PrincipalSid sid = new PrincipalSid(userContext.getCurrentUser().getEmail());
    acl.setOwner(sid);
    acl.insertAce(0,  BasePermission.READ, sid, true);
    aclService.updateAcl(acl);

    return result;
}
 
Example 9
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example 10
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example 11
/**
 * Note that position of SIDs is important
 * @param authSid
 * @param aclSid
 * @return
 */
private boolean compareSids(Sid authSid, Sid aclSid) {
    if(MultiTenancySupport.isNoTenant(aclSid)) {
        // acl sid can has no tenant, we must consider this
        // not that null tenant mean that it common rule for any GrantedAuthorities of tenants
        if(authSid instanceof GrantedAuthoritySid) {
            return (aclSid instanceof GrantedAuthoritySid) && Objects.equals(
              ((GrantedAuthoritySid) authSid).getGrantedAuthority(),
              ((GrantedAuthoritySid) aclSid).getGrantedAuthority()
            );
        }
        if(authSid instanceof PrincipalSid) {
            return (aclSid instanceof PrincipalSid) && Objects.equals(
              ((PrincipalSid) authSid).getPrincipal(),
              ((PrincipalSid) aclSid).getPrincipal()
            );
        }
    }
    // there a unsupported sids or its has tenant, compare its as usual objects
    return aclSid.equals(authSid);
}
 
Example 12
Source Project: haven-platform   Source File: MultiTenancySupport.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Fix null tenant for principals and validate.
 * @param sid
 * @param <T>
 * @return
 */
@SuppressWarnings("unchecked")
public static <T extends TenantSid> T fixTenant(T sid) {
    if(sid == null) {
        return sid;
    }
    final String tenant = sid.getTenant();
    if(sid instanceof GrantedAuthoritySid && tenant == null) {
        return sid;
    }
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    ExtendedUserDetails eud = (ExtendedUserDetails) auth.getPrincipal();
    final String authTenant = eud.getTenant();
    if(authTenant.equals(tenant)) {
        return sid;
    }
    if(tenant == null) {
        return (T) TenantPrincipalSid.from((PrincipalSid) sid);
    }
    if(!ROOT_TENANT.equals(authTenant)) {
        // we must check tenancy access through TenantHierarchy, but now we does not have any full tenancy support
        throw new IllegalArgumentException("Sid " + sid + " has incorrect tenant: " + tenant + " it allow only for root tenant.");
    }
    return sid;
}
 
Example 13
Source Project: kylin   Source File: AclServiceTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example 14
Source Project: kylin   Source File: AccessService.java    License: Apache License 2.0 6 votes vote down vote up
@Transactional
public MutableAclRecord init(AclEntity ae, Permission initPermission) {
    MutableAclRecord acl = null;
    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae);

    try {
        // Create acl record for secured domain object.
        acl = (MutableAclRecord) aclService.createAcl(objectIdentity);
    } catch (AlreadyExistsException e) {
        acl = aclService.readAcl(objectIdentity);
    }

    if (null != initPermission) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        PrincipalSid sid = new PrincipalSid(auth);
        acl = grant(ae, initPermission, sid);
    }

    return acl;
}
 
Example 15
@Test
void testGetAllAvailableSids() {
  User user = mock(User.class);
  when(user.getUsername()).thenReturn("username");
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(UserMetadata.USER), READ_DATA);
  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(RoleMetadata.ROLE), READ_DATA);
  when(userService.getUsers()).thenReturn(Collections.singletonList(user));

  Role role = mock(Role.class);
  when(role.getString(RoleMetadata.NAME)).thenReturn("role1");
  List<Entity> roles = Collections.singletonList(role);
  when(dataService.findAll(RoleMetadata.ROLE)).thenReturn(roles.stream());
  assertEquals(
      newHashSet(
          new GrantedAuthoritySid("ROLE_role1"),
          new GrantedAuthoritySid("ROLE_ANONYMOUS"),
          new PrincipalSid("username")),
      userRoleTools.getAllAvailableSids());
}
 
Example 16
@Test
void testAdd() {
  EntityIdentity entityIdentity = new EntityIdentity("MyQuestionnaire", "id");
  when(entity.getString("owner")).thenReturn("username");
  when(entity.getIdValue()).thenReturn("id");
  when(entity.getEntityType()).thenReturn(entityType);
  when(entityType.getId()).thenReturn("MyQuestionnaire");
  AclImpl acl = new AclImpl(entityIdentity, 1, authorizationStrategy, auditLogger);
  acl.insertAce(0, PermissionSet.WRITE, new PrincipalSid("otheruser"), true);
  when(mutableAclService.readAclById(entityIdentity)).thenReturn(acl);

  ownershipDecorator.add(entity);

  verify(delegate).add(entity);
  verify(mutableAclService).updateAcl(acl);
  PrincipalSid ownerSid = new PrincipalSid("username");
  assertEquals(ownerSid, acl.getOwner());
  assertEquals(1, acl.getEntries().size());
  AccessControlEntry ace = acl.getEntries().get(0);
  assertEquals(ownerSid, ace.getSid());
  assertEquals(WRITE, ace.getPermission());
  assertTrue(ace.isGranting());
}
 
Example 17
@BeforeEach
private void beforeMethod() {
  RSQLParser rsqlParser = new RSQLParser();
  PermissionsController controller =
      new PermissionsController(
          permissionsService, rsqlParser, objectIdentityService, userRoleTools, entityHelper);
  mockMvc =
      MockMvcBuilders.standaloneSetup(controller)
          .setMessageConverters(new FormHttpMessageConverter(), gsonHttpMessageConverter)
          .build();

  user1 = new PrincipalSid("user1");
  user2 = new PrincipalSid("user2");
  role1 = new GrantedAuthoritySid("ROLE_role1");
  role2 = new GrantedAuthoritySid("ROLE_role2");

  objectIdentity = new ObjectIdentityImpl("typeId", "identifier");
}
 
Example 18
@Test
void testGetInheritedPermissions() {
  Sid user = mock(PrincipalSid.class);
  Sid role1Sid = new GrantedAuthoritySid("ROLE_role1");
  Sid role2Sid = new GrantedAuthoritySid("ROLE_role2");
  Sid role3Sid = new GrantedAuthoritySid("ROLE_role3");

  // Acl setup
  Acl parentPackageAcl =
      PermissionTestUtils.getSinglePermissionAcl(role3Sid, 16, "parentPackageAcl");
  Acl packageAcl =
      PermissionTestUtils.getSinglePermissionAcl(user, 4, "packageAcl", parentPackageAcl);
  Acl entityAcl =
      PermissionTestUtils.getSinglePermissionAcl(role2Sid, 8, "entityAcl", packageAcl);

  doReturn(Arrays.asList(role1Sid, role2Sid)).when(userRoleTools).getRolesForSid(user);
  doReturn(singletonList(role3Sid)).when(userRoleTools).getRolesForSid(role1Sid);

  InheritedPermissionsResult expected =
      getInheritedPermissionsResult(packageAcl, parentPackageAcl, role1Sid, role2Sid, role3Sid);

  assertEquals(expected, resolver.getInheritedPermissionsResults(entityAcl, user));
}
 
Example 19
@Test
void testGetSids() {
  List<Sid> expected =
      Arrays.asList(
          new PrincipalSid("user1"),
          new PrincipalSid("user2"),
          new GrantedAuthoritySid("ROLE_role1"),
          new GrantedAuthoritySid("ROLE_role2"));

  Query query = mock(Query.class);

  doReturn(query).when(query).eq(RoleMetadata.NAME, "role1");
  doReturn(query).when(query).eq(RoleMetadata.NAME, "role2");
  doReturn(mock(Role.class)).when(query).findOne();

  doReturn(mock(User.class)).when(userService).getUser("user1");
  doReturn(mock(User.class)).when(userService).getUser("user2");

  when(dataService.query(RoleMetadata.ROLE, Role.class)).thenReturn(query);
  when(query.findOne()).thenReturn(mock(Role.class));

  assertTrue(
      userRoleTools
          .getSids(Arrays.asList("user1", "user2"), Arrays.asList("role1", "role2"))
          .containsAll(expected));
}
 
Example 20
@Test
void testCreatePermission() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  permissionServiceDecorator.createPermission(permission);
  verify(permissionService).createPermission(permission);
  resetContext();
}
 
Example 21
@Test
void testCreatePermissions() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.createPermissions(Collections.singleton(permission));
  verify(permissionService).createPermissions(Collections.singleton(permission));
  resetContext();
}
 
Example 22
@Test
void testUpdatePermission() {
  setUser();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.updatePermission(permission);
  verify(permissionService).updatePermission(permission);
  resetContext();
}
 
Example 23
Source Project: kylin-on-parquet-v2   Source File: AccessServiceTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testRevokeProjectPermission() throws IOException {
    List<ProjectInstance> projects = projectService.listProjects(10000, 0);
    assertTrue(projects.size() > 0);
    ProjectInstance project = projects.get(0);
    PrincipalSid sid = new PrincipalSid("ANALYST");
    RootPersistentEntity ae = accessService.getAclEntity(PROJECT_INSTANCE, project.getUuid());
    accessService.grant(ae, AclPermission.ADMINISTRATION, sid);
    Assert.assertEquals(1, accessService.getAcl(ae).getEntries().size());
    accessService.revokeProjectPermission("ANALYST", MetadataConstants.TYPE_USER);
    Assert.assertEquals(0, accessService.getAcl(ae).getEntries().size());
}
 
Example 24
Source Project: kylin-on-parquet-v2   Source File: AccessServiceTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testBatchGrant() {
    AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    accessService.batchGrant(ae, sidToPerm);
    MutableAclRecord acl = accessService.getAcl(ae);
    List<AccessControlEntry> e = acl.getEntries();
    Assert.assertEquals(10, e.size());
    for (int i = 0; i < e.size(); i++) {
        Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
    }
}
 
Example 25
Source Project: kylin-on-parquet-v2   Source File: SidInfo.java    License: Apache License 2.0 5 votes vote down vote up
public SidInfo(Sid sid) {
    if (sid instanceof PrincipalSid) {
        this.sid = ((PrincipalSid) sid).getPrincipal();
        this.isPrincipal = true;
    } else if (sid instanceof GrantedAuthoritySid) {
        this.sid = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        this.isPrincipal = false;
    } else
        throw new IllegalStateException();
}
 
Example 26
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 5 votes vote down vote up
public Sid getSid(String sid, boolean isPrincepal) {
    if (isPrincepal) {
        return new PrincipalSid(sid);
    } else {
        return new GrantedAuthoritySid(sid);
    }
}
 
Example 27
Source Project: kylin-on-parquet-v2   Source File: AccessService.java    License: Apache License 2.0 5 votes vote down vote up
private static String getName(Sid sid) {
    if (sid instanceof PrincipalSid) {
        return ((PrincipalSid) sid).getPrincipal();
    } else {
        return ((GrantedAuthoritySid) sid).getGrantedAuthority();
    }
}
 
Example 28
Source Project: kylin-on-parquet-v2   Source File: ValidateUtil.java    License: Apache License 2.0 5 votes vote down vote up
private Set<String> getUsersInPrj(List<Sid> allSids) throws IOException {
    Set<String> allUsers = new TreeSet<>();
    for (Sid sid : allSids) {
        if (sid instanceof PrincipalSid) {
            allUsers.add(((PrincipalSid) sid).getPrincipal());
        }
    }
    return allUsers;
}
 
Example 29
/**
 * Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is
 * true.
 *
 * @param sid to find or create
 * @param allowCreate true if creation is permitted if not found
 *
 * @return the primary key or null if not found
 *
 * @throws IllegalArgumentException if the <tt>Sid</tt> is not a recognized implementation.
 */
protected AclSid createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) {
    Assert.notNull(sid, "Sid required");

    String sidName;
    boolean sidIsPrincipal = true;

    if (sid instanceof PrincipalSid) {
        sidName = ((PrincipalSid) sid).getPrincipal();
    } else if (sid instanceof GrantedAuthoritySid) {
        sidName = ((GrantedAuthoritySid) sid).getGrantedAuthority();
        sidIsPrincipal = false;
    } else {
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    List<AclSid> sidIds = aclDao.findAclSidList(Boolean.valueOf(sidIsPrincipal), sidName);

    if (!sidIds.isEmpty()) {
        return sidIds.get(0);
    }

    if (allowCreate) {
        AclSid sid2 = new AclSid();
        sid2.setSid(sidName);
        sid2.setPrincipal(Boolean.valueOf(sidIsPrincipal));
        return aclDao.createAclSid(sid2);
    }

    return null;
}
 
Example 30
/**
 * Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.
 *
 * @param acl containing the ACEs to insert
 */
protected void createEntries(final MutableAcl acl) {
    if(acl.getEntries().isEmpty()) {
        return;
    }
    AclImpl aclImpl = (AclImpl)acl;
    ObjectIdentityImpl objIdentity = (ObjectIdentityImpl) aclImpl.getObjectIdentity();
    List<AclEntry> entries = new ArrayList<>();
    for(int i=0;i<acl.getEntries().size();i++) {
        AccessControlEntryImpl entry = (AccessControlEntryImpl) acl.getEntries().get(i);
        AclEntry aclEntry = new AclEntry();
        aclEntry.setAclObjectIdentity(aclDao.getObjectIdentity(objIdentity.getType(), objIdentity.getIdentifier()));
        aclEntry.setAceOrder(i);
        PrincipalSid sid = (PrincipalSid) entry.getSid();
        AclSid aclSid = aclDao.findAclSid(sid.getPrincipal());
        if(aclSid==null) {
            aclSid = new AclSid();
            aclSid.setSid(sid.getPrincipal());
            aclSid.setPrincipal(true);
            aclSid = aclDao.createAclSid(aclSid);
        }
        aclEntry.setSid(aclSid);
        aclEntry.setMask(entry.getPermission().getMask());
        aclEntry.setGranting(entry.isGranting());
        aclEntry.setAuditSuccess(entry.isAuditSuccess());
        aclEntry.setAuditFailure(entry.isAuditFailure());
        entries.add(aclEntry);
    }
    aclDao.createEntries(entries);

}