Package org.springframework.security.acls.domain

Examples of org.springframework.security.acls.domain.PrincipalSid

143
144
145
146
147
148
149
150
        assertDoestNotContainContact(5, contacts);

        Contact c1 = contactManager.getById(new Long(4));

        contactManager.deletePermission(c1, new PrincipalSid("bob"), BasePermission.ADMINISTRATION);
        contactManager.addPermission(c1, new PrincipalSid("bob"), BasePermission.ADMINISTRATION);
    }
View Full Code Here
51
52
53
54
55
56
57
58
59
        if (element.getParent() != null) {
            ObjectIdentity parentIdentity = new ObjectIdentityImpl(element.getParent());
            MutableAcl aclParent = (MutableAcl) mutableAclService.readAclById(parentIdentity);
            acl.setParent(aclParent);
        }
        acl.insertAce(acl.getEntries().size(), BasePermission.ADMINISTRATION, new PrincipalSid(SecurityContextHolder.getContext().getAuthentication()), true);

        mutableAclService.updateAcl(acl);
    }
View Full Code Here
42
43
44
45
46
47
48
49
50
51
52
        // We need to construct an ACL-specific Sid. Note the prefix contract is defined on the superclass method's JavaDocs
        Sid sid = null;
        if (recipient.startsWith("ROLE_")) {
            sid = new GrantedAuthoritySid(recipient);
        } else {
            sid = new PrincipalSid(recipient);
        }

        // We need to identify the target domain object and create an ObjectIdentity for it
        // This works because AbstractElement has a "getId()" method
        ObjectIdentity identity = new ObjectIdentityImpl(element);
View Full Code Here
41
42
43
44
45
46
47
48
49
    @Test(expected = NotFoundException.class)
    public void readAclByIdMissingAcl() {
        Map<ObjectIdentity, Acl> result = new HashMap<ObjectIdentity, Acl>();
        when(lookupStrategy.readAclsById(anyListOf(ObjectIdentity.class), anyListOf(Sid.class))).thenReturn(result);
        ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1);
        List<Sid> sids = Arrays.<Sid> asList(new PrincipalSid("user"));

        aclService.readAclById(objectIdentity, sids);
    }
View Full Code Here
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
        // Specify the inheritance hierarchy
        middleParent.setParent(topParent);
        child.setParent(middleParent);

        // Now let's add a couple of permissions
        topParent.insertAce(0, BasePermission.READ, new PrincipalSid(auth), true);
        topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(auth), false);
        middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), true);
        child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false);

        // Explicitly save the changed ACL
        jdbcMutableAclService.updateAcl(topParent);
        jdbcMutableAclService.updateAcl(middleParent);
        jdbcMutableAclService.updateAcl(child);

        // Let's check if we can read them back correctly
        Map<ObjectIdentity, Acl> map = jdbcMutableAclService.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid));
        assertEquals(3, map.size());

        // Replace our current objects with their retrieved versions
        topParent = (MutableAcl) map.get(topParentOid);
        middleParent = (MutableAcl) map.get(middleParentOid);
        child = (MutableAcl) map.get(childOid);

        // Check the retrieved versions has IDs
        assertNotNull(topParent.getId());
        assertNotNull(middleParent.getId());
        assertNotNull(child.getId());

        // Check their parents were correctly persisted
        assertNull(topParent.getParentAcl());
        assertEquals(topParentOid, middleParent.getParentAcl().getObjectIdentity());
        assertEquals(middleParentOid, child.getParentAcl().getObjectIdentity());

        // Check their ACEs were correctly persisted
        assertEquals(2, topParent.getEntries().size());
        assertEquals(1, middleParent.getEntries().size());
        assertEquals(1, child.getEntries().size());

        // Check the retrieved rights are correct
        List<Permission> read = Arrays.asList(BasePermission.READ);
        List<Permission> write = Arrays.asList(BasePermission.WRITE);
        List<Permission> delete = Arrays.asList(BasePermission.DELETE);
        List<Sid> pSid = Arrays.asList((Sid)new PrincipalSid(auth));


        assertTrue(topParent.isGranted(read, pSid, false));
        assertFalse(topParent.isGranted(write, pSid, false));
        assertTrue(middleParent.isGranted(delete, pSid, false));
        assertFalse(child.isGranted(delete, pSid, false));

        try {
            child.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false);
            fail("Should have thrown NotFoundException");
        } catch (NotFoundException expected) {
            assertTrue(true);
        }

        // Now check the inherited rights (when not explicitly overridden) also look OK
        assertTrue(child.isGranted(read, pSid, false));
        assertFalse(child.isGranted(write, pSid, false));
        assertFalse(child.isGranted(delete, pSid, false));

        // Next change the child so it doesn't inherit permissions from above
        child.setEntriesInheriting(false);
        jdbcMutableAclService.updateAcl(child);
        child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
        assertFalse(child.isEntriesInheriting());

        // Check the child permissions no longer inherit
        assertFalse(child.isGranted(delete, pSid, true));

        try {
            child.isGranted(read, pSid, true);
            fail("Should have thrown NotFoundException");
        } catch (NotFoundException expected) {
            assertTrue(true);
        }

        try {
            child.isGranted(write, pSid, true);
            fail("Should have thrown NotFoundException");
        } catch (NotFoundException expected) {
            assertTrue(true);
        }

        // Let's add an identical permission to the child, but it'll appear AFTER the current permission, so has no impact
        child.insertAce(1, BasePermission.DELETE, new PrincipalSid(auth), true);

        // Let's also add another permission to the child
        child.insertAce(2, BasePermission.CREATE, new PrincipalSid(auth), true);

        // Save the changed child
        jdbcMutableAclService.updateAcl(child);
        child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
        assertEquals(3, child.getEntries().size());

        // Output permissions
        for (int i = 0; i < child.getEntries().size(); i++) {
            System.out.println(child.getEntries().get(i));
        }

        // Check the permissions are as they should be
        assertFalse(child.isGranted(delete, pSid, true)); // as earlier permission overrode
        assertTrue(child.isGranted(Arrays.asList(BasePermission.CREATE), pSid, true));

        // Now check the first ACE (index 0) really is DELETE for our Sid and is non-granting
        AccessControlEntry entry = child.getEntries().get(0);
        assertEquals(BasePermission.DELETE.getMask(), entry.getPermission().getMask());
        assertEquals(new PrincipalSid(auth), entry.getSid());
        assertFalse(entry.isGranting());
        assertNotNull(entry.getId());

        // Now delete that first ACE
        child.deleteAce(0);
View Full Code Here
368
369
370
371
372
373
374
375
376
377
378
    @Test
    @Transactional
    public void deleteAclRemovesRowsFromDatabase() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(auth);
        MutableAcl child = jdbcMutableAclService.createAcl(childOid);
        child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false);
        jdbcMutableAclService.updateAcl(child);

        // Remove the child and check all related database rows were removed accordingly
        jdbcMutableAclService.deleteAcl(childOid, false);
        assertEquals(1, jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[] {TARGET_CLASS} ).size());
View Full Code Here
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
        child.setParent(parent);
        jdbcMutableAclService.updateAcl(child);

        parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
        parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true);
        jdbcMutableAclService.updateAcl(parent);

        parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
        parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true);
        jdbcMutableAclService.updateAcl(parent);

        child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
        parent = (MutableAcl) child.getParentAcl();

        assertEquals("Fails because child has a stale reference to its parent", 2, parent.getEntries().size());
        assertEquals(1, parent.getEntries().get(0).getPermission().getMask());
        assertEquals(new PrincipalSid("ben"), parent.getEntries().get(0).getSid());
        assertEquals(1, parent.getEntries().get(1).getPermission().getMask());
        assertEquals(new PrincipalSid("scott"), parent.getEntries().get(1).getSid());
    }
View Full Code Here
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
        jdbcMutableAclService.updateAcl(child);

        parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true);
        jdbcMutableAclService.updateAcl(parent);

        parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true);
        jdbcMutableAclService.updateAcl(parent);

        child = (MutableAcl) jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2)));

        parent = (MutableAcl) child.getParentAcl();

        assertEquals(2, parent.getEntries().size());
        assertEquals(16, parent.getEntries().get(0).getPermission().getMask());
        assertEquals(new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), parent.getEntries().get(0).getSid());
        assertEquals(8, parent.getEntries().get(1).getPermission().getMask());
        assertEquals(new PrincipalSid("terry"), parent.getEntries().get(1).getSid());
    }
View Full Code Here
475
476
477
478
479
480
481
482
483
484
485
       MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);

       // Add an ACE permission entry
       Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
       assertEquals(17, cm.getMask());
       Sid benSid = new PrincipalSid(auth);
       topParent.insertAce(0, cm, benSid, true);
       assertEquals(1, topParent.getEntries().size());

       // Explicitly save the changed ACL
       topParent = jdbcMutableAclService.updateAcl(topParent);
View Full Code Here
99
100
101
102
103
104
105
106
107
108
109
            throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
        }

        // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        PrincipalSid sid = new PrincipalSid(auth);

        // Create the acl_object_identity row
        createObjectIdentity(objectIdentity, sid);

        // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
View Full Code Here
TOP

Related Classes of org.springframework.security.acls.domain.PrincipalSid

  • org.springframework.security.acls.jdbc.BasicLookupStrategy$ProcessResultSet
  • org.springframework.security.acls.jdbc.BasicLookupStrategyTests
  • org.springframework.security.acls.jdbc.JdbcAclServiceTests
  • org.springframework.security.acls.jdbc.JdbcMutableAclService
  • org.springframework.security.acls.jdbc.JdbcMutableAclServiceTests
  • org.springframework.security.acls.sid.SidTests
  • sample.contact.AdminPermissionController
  • sample.contact.ContactManagerBackend
  • sample.contact.ContactManagerTests
  • sample.contact.DataSourcePopulator
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.