org.springframework.security.acls.model.Permission Java Examples

The following examples show how to use org.springframework.security.acls.model.Permission. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AclPermissionFactory.java    From Kylin with Apache License 2.0 6 votes vote down vote up
public static Permission getPermission(String perName) {
    Field[] fields = AclPermission.class.getFields();

    for (Field field : fields) {
        try {
            Object fieldValue = field.get(null);

            if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
                // Found a Permission static field
                if (perName.equals(field.getName())) {
                    return (Permission) fieldValue;
                }
            }
        } catch (Exception ignore) {
        }
    }

    return null;
}
 
Example #2
Source File: AclPermissionFactory.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
public static Permission getPermission(String perName) {
    Field[] fields = AclPermission.class.getFields();

    for (Field field : fields) {
        try {
            Object fieldValue = field.get(null);

            if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
                // Found a Permission static field
                if (perName.equals(field.getName())) {
                    return (Permission) fieldValue;
                }
            }
        } catch (Exception ignore) {
            //ignore on purpose
        }
    }

    return null;
}
 
Example #3
Source File: AclPermissionFactory.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
public static List<Permission> getPermissions() {
    List<Permission> permissions = new ArrayList<Permission>();
    Field[] fields = AclPermission.class.getFields();

    for (Field field : fields) {
        try {
            Object fieldValue = field.get(null);

            if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
                Permission perm = (Permission) fieldValue;
                String permissionName = field.getName();
                if (permissionName.equals(AclPermissionType.ADMINISTRATION)
                        || permissionName.equals(AclPermissionType.MANAGEMENT)
                        || permissionName.equals(AclPermissionType.OPERATION)
                        || permissionName.equals(AclPermissionType.READ)) {
                    // Found a Permission static field
                    permissions.add(perm);
                }
            }
        } catch (Exception ignore) {
            //ignore on purpose
        }
    }

    return permissions;
}
 
Example #4
Source File: AclServiceTest.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example #5
Source File: NextServerPermission.java    From nextreports-server with Apache License 2.0 6 votes vote down vote up
public static Permission buildFromMask(int mask) {
    if (permissionsByInteger.containsKey(mask)) {
        return permissionsByInteger.get(mask);
    }

    // to get this far, we have to use a CumulativePermission
    CumulativePermission cumulativePermission = new CumulativePermission();
    for (int i = 0; i < 32; i++) {
        int permissionToCheck = 1 << i;
        if ((mask & permissionToCheck) == permissionToCheck) {
            Permission permission = permissionsByInteger.get(permissionToCheck);
            if (permission == null) {
            	System.out.println("Mask " + permissionToCheck + " does not have a corresponding static NextServerPermission");
            	continue;
            }
            cumulativePermission.set(permission);
        }
    }

    return cumulativePermission;
}
 
Example #6
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public MutableAclRecord grant(AclEntity ae, Permission permission, Sid sid) {
    Message msg = MsgPicker.getMsg();

    if (ae == null)
        throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
    if (permission == null)
        throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED());
    if (sid == null)
        throw new BadRequestException(msg.getSID_REQUIRED());

    MutableAclRecord acl = null;
    try {
        acl = aclService.readAcl(new ObjectIdentityImpl(ae));
    } catch (NotFoundException e) {
        acl = init(ae, null);
    }

    secureOwner(acl, sid);

    return aclService.upsertAce(acl, sid, permission);
}
 
Example #7
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public MutableAclRecord update(AclEntity ae, int accessEntryIndex, Permission newPermission) {
    Message msg = MsgPicker.getMsg();

    if (ae == null)
        throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
    if (newPermission == null)
        throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED());

    MutableAclRecord acl = aclService.readAcl(new ObjectIdentityImpl(ae));
    Sid sid = acl.getAclRecord().getAccessControlEntryAt(accessEntryIndex).getSid();

    secureOwner(acl, sid);

    return aclService.upsertAce(acl, sid, newPermission);
}
 
Example #8
Source File: AclPermissionFactory.java    From kylin with Apache License 2.0 6 votes vote down vote up
public static List<Permission> getPermissions() {
    List<Permission> permissions = new ArrayList<Permission>();
    Field[] fields = AclPermission.class.getFields();

    for (Field field : fields) {
        try {
            Object fieldValue = field.get(null);

            if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
                Permission perm = (Permission) fieldValue;
                String permissionName = field.getName();
                if (permissionName.equals(AclPermissionType.ADMINISTRATION)
                        || permissionName.equals(AclPermissionType.MANAGEMENT)
                        || permissionName.equals(AclPermissionType.OPERATION)
                        || permissionName.equals(AclPermissionType.READ)) {
                    // Found a Permission static field
                    permissions.add(perm);
                }
            }
        } catch (Exception ignore) {
            //ignore on purpose
        }
    }

    return permissions;
}
 
Example #9
Source File: AclPermissionFactory.java    From kylin with Apache License 2.0 6 votes vote down vote up
public static Permission getPermission(String perName) {
    Field[] fields = AclPermission.class.getFields();

    for (Field field : fields) {
        try {
            Object fieldValue = field.get(null);

            if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
                // Found a Permission static field
                if (perName.equals(field.getName())) {
                    return (Permission) fieldValue;
                }
            }
        } catch (Exception ignore) {
            //ignore on purpose
        }
    }

    return null;
}
 
Example #10
Source File: AclRecord.java    From kylin with Apache License 2.0 6 votes vote down vote up
public void upsertAce(Permission permission, Sid sid) {
    Assert.notNull(sid, "Sid required");

    AceImpl ace = new AceImpl(sid, permission);
    synchronized (entries) {
        int p = Collections.binarySearch(entries, ace, AceImpl.SID_ORDER);
        if (p >= 0) {
            if (permission == null) // null permission means delete
                entries.remove(p);
            else
                entries.get(p).setPermission(permission);
        } else {
            if (permission != null) { // if not delete
                ace.init(this, entries.size());
                entries.add(-p - 1, ace);
            }
        }
    }
}
 
Example #11
Source File: AccessController.java    From kylin with Apache License 2.0 6 votes vote down vote up
/**
 * Batch API.Grant a new access on a domain object to a user/role
 */
@RequestMapping(value = "batch/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public void batchGrant(@PathVariable String type, @PathVariable String uuid,
        @RequestBody List<Object[]> reqs) throws IOException {
    Map<Sid, Permission> sidToPerm = new HashMap<>();
    AclEntity ae = accessService.getAclEntity(type, uuid);
    for (Object[] req : reqs) {
        Preconditions.checkArgument(req.length == 3, "error access requests.");
        String name = (String) req[0];
        boolean isPrincipal = (boolean) req[1];
        validateUtil.checkIdentifiersExists(name, isPrincipal);

        Sid sid = accessService.getSid(name, isPrincipal);
        Permission permission = AclPermissionFactory.getPermission((String) req[2]);
        sidToPerm.put(sid, permission);
    }
    accessService.batchGrant(ae, sidToPerm);
}
 
Example #12
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Transactional
public MutableAclRecord init(AclEntity ae, Permission initPermission) {
    MutableAclRecord acl = null;
    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae);

    try {
        // Create acl record for secured domain object.
        acl = (MutableAclRecord) aclService.createAcl(objectIdentity);
    } catch (AlreadyExistsException e) {
        acl = aclService.readAcl(objectIdentity);
    }

    if (null != initPermission) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        PrincipalSid sid = new PrincipalSid(auth);
        acl = grant(ae, initPermission, sid);
    }

    return acl;
}
 
Example #13
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public MutableAclRecord grant(AclEntity ae, Permission permission, Sid sid) {
    Message msg = MsgPicker.getMsg();

    if (ae == null)
        throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
    if (permission == null)
        throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED());
    if (sid == null)
        throw new BadRequestException(msg.getSID_REQUIRED());

    MutableAclRecord acl = null;
    try {
        acl = aclService.readAcl(new ObjectIdentityImpl(ae));
    } catch (NotFoundException e) {
        acl = init(ae, null);
    }

    secureOwner(acl, sid);

    return aclService.upsertAce(acl, sid, permission);
}
 
Example #14
Source File: RangerKylinAuthorizer.java    From ranger with Apache License 2.0 6 votes vote down vote up
@Override
public boolean checkPermission(String user, List<String> groups, String entityType, String entityUuid,
		Permission permission) {
	boolean ret = false;

	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerKylinAuthorizer.checkPermission()");
	}

	try {
		activatePluginClassLoader();

		ret = externalAclProvider.checkPermission(user, groups, entityType, entityUuid, permission);
	} finally {
		deactivatePluginClassLoader();
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerKylinAuthorizer.checkPermission()");
	}

	return ret;
}
 
Example #15
Source File: AclPermissionFactory.java    From Kylin with Apache License 2.0 6 votes vote down vote up
public static List<Permission> getPermissions() {
    List<Permission> permissions = new ArrayList<Permission>();
    Field[] fields = AclPermission.class.getFields();

    for (Field field : fields) {
        try {
            Object fieldValue = field.get(null);

            if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
                // Found a Permission static field
                permissions.add((Permission) fieldValue);
            }
        } catch (Exception ignore) {
        }
    }

    return permissions;
}
 
Example #16
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 
Example #17
Source File: BitMaskPermissionGrantingStrategyTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@ParameterizedTest
@MethodSource("permissionsMatchProvider")
void testPermissionsMatch(Permission acePermission, Permission testedPermission) {
  assertTrue(
      BitMaskPermissionGrantingStrategy.containsPermission(
          acePermission.getMask(), testedPermission.getMask()),
      format(
          "combined ACE permission %s should match tested permission %s",
          acePermission, testedPermission));
}
 
Example #18
Source File: PermissionTestUtils.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
public static Acl getSinglePermissionAcl(Sid sid, int mask, String name, Acl parentAcl) {
  Acl acl = mock(Acl.class, name);
  AccessControlEntry ace = mock(AccessControlEntry.class);
  when(ace.getSid()).thenReturn(sid);
  Permission permission = mock(Permission.class);
  when(permission.getMask()).thenReturn(mask);
  when(ace.getPermission()).thenReturn(permission);
  when(acl.getEntries()).thenReturn(Collections.singletonList(ace));
  if (parentAcl != null) {
    when(acl.getParentAcl()).thenReturn(parentAcl);
  }
  return acl;
}
 
Example #19
Source File: AclService.java    From kylin with Apache License 2.0 5 votes vote down vote up
MutableAclRecord upsertAce(MutableAclRecord acl, final Sid sid, final Permission perm) {
    return updateAclWithRetry(acl, new AclRecordUpdater() {
        @Override
        public void update(AclRecord record) {
            record.upsertAce(perm, sid);
        }
    });
}
 
Example #20
Source File: AclRecord.java    From kylin with Apache License 2.0 5 votes vote down vote up
@Override
public void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting)
        throws NotFoundException {
    Assert.state(granting, "Granting must be true");

    // entries are strictly ordered, given index is ignored
    upsertAce(permission, sid);
}
 
Example #21
Source File: AceImpl.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@Override
public Permission getPermission() {
    if (perm == null) {
        perm = acl.aclPermissionFactory.buildFromMask(permissionMask);
    }
    return perm;
}
 
Example #22
Source File: AclRecord.java    From kylin with Apache License 2.0 5 votes vote down vote up
public Permission getPermission(Sid sid) {
    synchronized (entries) {
        int p = Collections.binarySearch(entries, new AceImpl(sid, null), AceImpl.SID_ORDER);
        if (p >= 0) {
            return entries.get(p).getPermission();
        }
        return null;
    }
}
 
Example #23
Source File: AceImpl.java    From kylin with Apache License 2.0 5 votes vote down vote up
@Override
public Permission getPermission() {
    if (perm == null) {
        perm = acl.aclPermissionFactory.buildFromMask(permissionMask);
    }
    return perm;
}
 
Example #24
Source File: AclRecord.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
public Permission getPermission(Sid sid) {
    synchronized (entries) {
        int p = Collections.binarySearch(entries, new AceImpl(sid, null), AceImpl.SID_ORDER);
        if (p >= 0) {
            return entries.get(p).getPermission();
        }
        return null;
    }
}
 
Example #25
Source File: ExternalAclProvider.java    From kylin with Apache License 2.0 5 votes vote down vote up
public static String transformPermission(Permission p) {
    String permString = null;
    if (AclPermission.ADMINISTRATION.equals(p)) {
        permString = ADMINISTRATION;
    } else if (AclPermission.MANAGEMENT.equals(p)) {
        permString = MANAGEMENT;
    } else if (AclPermission.OPERATION.equals(p)) {
        permString = OPERATION;
    } else if (AclPermission.READ.equals(p)) {
        permString = READ;
    } else {
        permString = p.getPattern();
    }
    return permString;
}
 
Example #26
Source File: AclRecord.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@Override
public void updateAce(int aceIndex, Permission permission) throws NotFoundException {
    verifyAceIndexExists(aceIndex);

    synchronized (entries) {
        AceImpl ace = entries.get(aceIndex);
        ace.setPermission(permission);
    }
}
 
Example #27
Source File: AccessServiceTest.java    From kylin with Apache License 2.0 5 votes vote down vote up
@Test
public void testBatchGrant() {
    AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    accessService.batchGrant(ae, sidToPerm);
    MutableAclRecord acl = accessService.getAcl(ae);
    List<AccessControlEntry> e = acl.getEntries();
    Assert.assertEquals(10, e.size());
    for (int i = 0; i < e.size(); i++) {
        Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
    }
}
 
Example #28
Source File: PermissionData.java    From haven-platform with Apache License 2.0 5 votes vote down vote up
public final boolean equals(Object obj) {
    if (obj == null) {
        return false;
    }
    if (!(obj instanceof Permission)) {
        return false;
    }
    Permission permission = (Permission) obj;
    return (this.mask == permission.getMask());
}
 
Example #29
Source File: PermissionData.java    From haven-platform with Apache License 2.0 5 votes vote down vote up
public final boolean equals(Object obj) {
    if (obj == null) {
        return false;
    }
    if (!(obj instanceof Permission)) {
        return false;
    }
    Permission permission = (Permission) obj;
    return (this.mask == permission.getMask());
}
 
Example #30
Source File: AccessEntryResponse.java    From Kylin with Apache License 2.0 5 votes vote down vote up
public AccessEntryResponse(Serializable id, Sid sid, Permission permission, boolean granting) {
    Assert.notNull(sid, "Sid required");
    Assert.notNull(permission, "Permission required");
    this.id = id;
    this.sid = sid;
    this.permission = permission;
    this.granting = granting;
}