Java Code Examples for org.springframework.security.acls.model.Acl#getEntries()
The following examples show how to use
org.springframework.security.acls.model.Acl#getEntries() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg, boolean isCaseSensitive) { if (null == acl) { return Collections.emptyList(); } List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); for (AccessControlEntry ace : acl.getEntries()) { if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) { continue; } result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } return result; }
Example 2
Source File: PermissionServiceImpl.java From molgenis with GNU Lesser General Public License v3.0 | 6 votes |
private void getPermissionResponsesForSingleSid( Acl acl, boolean isReturnInheritedPermissions, Set<LabelledPermission> result, Sid sid) { PermissionSet ownPermission = null; for (AccessControlEntry ace : acl.getEntries()) { if (sid.equals(ace.getSid())) { ownPermission = PermissionSetUtils.getPermissionSet(ace); } } Set<LabelledPermission> inheritedPermissions = new LinkedHashSet<>(); if (isReturnInheritedPermissions) { inheritedPermissions.addAll(inheritanceResolver.getInheritedPermissions(acl, sid)); } if (ownPermission != null || !inheritedPermissions.isEmpty()) { inheritedPermissions = inheritedPermissions.isEmpty() ? null : inheritedPermissions; result.add( LabelledPermission.create( sid, entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()), ownPermission, inheritedPermissions)); } }
Example 3
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
private Map<String, Integer> getProjectPermission(String project) { Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid(); AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid); Acl acl = getAcl(ae); if (acl != null && acl.getEntries() != null) { List<AccessControlEntry> aces = acl.getEntries(); for (AccessControlEntry ace : aces) { Sid sid = ace.getSid(); if (sid instanceof PrincipalSid) { String principal = ((PrincipalSid) sid).getPrincipal(); SidWithPermission.put(principal, ace.getPermission().getMask()); } if (sid instanceof GrantedAuthoritySid) { String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority(); SidWithPermission.put(grantedAuthority, ace.getPermission().getMask()); } } } return SidWithPermission; }
Example 4
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
public List<String> getAllAclSids(Acl acl, String type) { if (null == acl) { return Collections.emptyList(); } List<String> result = new ArrayList<>(); for (AccessControlEntry ace : acl.getEntries()) { String name = null; if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) { name = ((PrincipalSid) ace.getSid()).getPrincipal(); } if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) { name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority(); } if (!StringUtils.isBlank(name)) { result.add(name); } } return result; }
Example 5
Source File: AclServiceTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
@Test public void testBatchUpsertAce() { switchToAdmin(); ObjectIdentity oid = oid("acl"); MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid); final Map<Sid, Permission> sidToPerm = new HashMap<>(); for (int i = 0; i < 10; i++) { sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION); } aclService.batchUpsertAce(acl, sidToPerm); for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) { List<AccessControlEntry> e = a.getEntries(); Assert.assertEquals(10, e.size()); for (int i = 0; i < e.size(); i++) { Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid()); } } }
Example 6
Source File: MigrationService.java From kylin with Apache License 2.0 | 6 votes |
public List<String> getCubeAdmins(CubeInstance cubeInstance) { ProjectInstance prjInstance = cubeInstance.getProjectInstance(); AclEntity ae = accessService.getAclEntity("ProjectInstance", prjInstance.getUuid()); logger.info("ProjectUUID : " + prjInstance.getUuid()); Acl acl = accessService.getAcl(ae); String mailSuffix = KylinConfig.getInstanceFromEnv().getNotificationMailSuffix(); List<String> cubeAdmins = Lists.newArrayList(); if (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { if (ace.getPermission().getMask() == 16) { PrincipalSid ps = (PrincipalSid) ace.getSid(); cubeAdmins.add(ps.getPrincipal() + mailSuffix); } } } if (cubeAdmins.isEmpty()) { throw new BadRequestException("Cube access list is null, please add at least one role in it."); } return cubeAdmins; }
Example 7
Source File: AclServiceTest.java From kylin with Apache License 2.0 | 6 votes |
@Test public void testBatchUpsertAce() { switchToAdmin(); ObjectIdentity oid = oid("acl"); MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid); final Map<Sid, Permission> sidToPerm = new HashMap<>(); for (int i = 0; i < 10; i++) { sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION); } aclService.batchUpsertAce(acl, sidToPerm); for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) { List<AccessControlEntry> e = a.getEntries(); Assert.assertEquals(10, e.size()); for (int i = 0; i < e.size(); i++) { Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid()); } } }
Example 8
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
private Map<String, Integer> getProjectPermission(String project) { Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid(); AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid); Acl acl = getAcl(ae); if (acl != null && acl.getEntries() != null) { List<AccessControlEntry> aces = acl.getEntries(); for (AccessControlEntry ace : aces) { Sid sid = ace.getSid(); if (sid instanceof PrincipalSid) { String principal = ((PrincipalSid) sid).getPrincipal(); SidWithPermission.put(principal, ace.getPermission().getMask()); } if (sid instanceof GrantedAuthoritySid) { String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority(); SidWithPermission.put(grantedAuthority, ace.getPermission().getMask()); } } } return SidWithPermission; }
Example 9
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
public List<String> getAllAclSids(Acl acl, String type) { if (null == acl) { return Collections.emptyList(); } List<String> result = new ArrayList<>(); for (AccessControlEntry ace : acl.getEntries()) { String name = null; if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) { name = ((PrincipalSid) ace.getSid()).getPrincipal(); } if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) { name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority(); } if (!StringUtils.isBlank(name)) { result.add(name); } } return result; }
Example 10
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg, boolean isCaseSensitive) { if (null == acl) { return Collections.emptyList(); } List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); for (AccessControlEntry ace : acl.getEntries()) { if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) { continue; } result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } return result; }
Example 11
Source File: ValidateUtil.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
private List<Sid> getAllSids(String project) { List<Sid> allSids = new ArrayList<>(); ProjectInstance prj = projectService.getProjectManager().getProject(project); AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid()); Acl acl = accessService.getAcl(ae); if (acl != null && acl.getEntries() != null) { for (AccessControlEntry ace : acl.getEntries()) { allSids.add(ace.getSid()); } } return allSids; }
Example 12
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
public Object generateAllAceResponses(Acl acl) { List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); while (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } acl = acl.getParentAcl(); } return result; }
Example 13
Source File: AccessService.java From kylin with Apache License 2.0 | 5 votes |
public Object generateAllAceResponses(Acl acl) { List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); while (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } acl = acl.getParentAcl(); } return result; }
Example 14
Source File: ValidateUtil.java From kylin with Apache License 2.0 | 5 votes |
private List<Sid> getAllSids(String project) { List<Sid> allSids = new ArrayList<>(); ProjectInstance prj = projectService.getProjectManager().getProject(project); AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid()); Acl acl = accessService.getAcl(ae); if (acl != null && acl.getEntries() != null) { for (AccessControlEntry ace : acl.getEntries()) { allSids.add(ace.getSid()); } } return allSids; }
Example 15
Source File: AccessService.java From Kylin with Apache License 2.0 | 5 votes |
public List<AccessEntryResponse> generateAceResponses(Acl acl) { if (null == acl) { return Collections.emptyList(); } List<AccessEntryResponse> accessControlEntities = new ArrayList<AccessEntryResponse>(); // Cause there is a circle reference in AccessControlEntry, it needs to // set acl to null as a workaround. for (AccessControlEntry ace : acl.getEntries()) { accessControlEntities.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } return accessControlEntities; }
Example 16
Source File: PermissionInheritanceResolver.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
private PermissionSet getPermissionsForAcl(Acl acl, Sid sid) { PermissionSet ownPermission = null; for (AccessControlEntry ace : acl.getEntries()) { if (ace.getSid().equals(sid)) { ownPermission = PermissionSetUtils.getPermissionSet(ace); } } return ownPermission; }
Example 17
Source File: TenantBasedPermissionGrantedStrategy.java From haven-platform with Apache License 2.0 | 4 votes |
@Override public PermissionData getPermission(Acl acl, List<Sid> sids) { Assert.notNull(tenantsService, "tenantsService is null"); Assert.notNull(userDetailsService, "userDetailsService is null"); final Sid ownerSid = acl.getOwner(); final String ownerTenantId = getTenantFromSid(ownerSid); if(ownerTenantId == MultiTenancySupport.NO_TENANT) { throw new RuntimeException("Can not retrieve tenant from acl owner: acl.objectIdentity=" + acl.getObjectIdentity().getIdentifier()); } final String currentPrincipalTenant = getPrincipalSidTenant(sids); PermissionGrantingContext pgc = new PermissionGrantingContext(this, ownerSid, currentPrincipalTenant); // below code based on DefaultPermissionGrantingStrategy final List<AccessControlEntry> aces = acl.getEntries(); pgc.setHasAces(!aces.isEmpty()); PermissionData.Builder pb = PermissionData.builder(); pb.add(defaultBehavior.getPermission(pgc)); // !! not use foreach here for(int aceIndex = 0; aceIndex < aces.size(); ++ aceIndex) { AccessControlEntry ace = aces.get(aceIndex); Sid aceSid = ace.getSid(); final String aceTenant = getTenantFromSid(aceSid); for(int sidIndex = 0; sidIndex < sids.size(); ++sidIndex) { final Sid sid = sids.get(sidIndex); pgc.setCurrentSid(sid); //root SIDs consume all ACE if(aceTenant != null && !pgc.getCurrentTenants().contains(aceTenant)) { continue; } if(!compareSids(sid, aceSid)) { continue; } Permission acep = ace.getPermission(); if(ace.isGranting()) { pb.add(acep); } else { pb.remove(acep); } } } //TODO handle ACL inheriting return pb.build(); }
Example 18
Source File: BitMaskPermissionGrantingStrategy.java From molgenis with GNU Lesser General Public License v3.0 | 4 votes |
public boolean isGranted( Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); AccessControlEntry firstRejection = null; for (Permission p : permission) { for (Sid sid : sids) { // Attempt to find exact match for this permission mask and SID boolean scanNextSid = true; for (AccessControlEntry ace : aces) { if (containsPermission(ace.getPermission().getMask(), p.getMask()) && ace.getSid().equals(sid)) { // Found a matching ACE, so its authorization decision will // prevail if (ace.isGranting()) { // Success if (!administrativeMode) { auditLogger.logIfNeeded(true, ace); } return true; } // Failure for this permission, so stop search // We will see if they have a different permission // (this permission is 100% rejected for this SID) if (firstRejection == null) { // Store first rejection for auditing reasons firstRejection = ace; } scanNextSid = false; // helps break the loop break; // exit aces loop } } if (!scanNextSid) { break; // exit SID for loop (now try next permission) } } } if (firstRejection != null) { // We found an ACE to reject the request at this point, as no // other ACEs were found that granted a different permission if (!administrativeMode) { auditLogger.logIfNeeded(false, firstRejection); } return false; } // No matches have been found so far if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { // We have a parent, so let them try to find a matching ACE return acl.getParentAcl().isGranted(permission, sids, false); } else { // We either have no parent, or we're the uppermost parent throw new NotFoundException( "Unable to locate a matching ACE for passed permissions and SIDs"); } }