Example 6 with GrantedAuthoritySid
use of org.springframework.security.acls.domain.GrantedAuthoritySid in project spring-security by spring-projects.
the class SidTests method testGetters.
@Test
public void testGetters() throws Exception {
Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
PrincipalSid principalSid = new PrincipalSid(authentication);
GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST");
GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga);
assertThat("johndoe".equals(principalSid.getPrincipal())).isTrue();
assertThat("scott".equals(principalSid.getPrincipal())).isFalse();
assertThat("ROLE_TEST".equals(gaSid.getGrantedAuthority())).isTrue();
assertThat("ROLE_TEST2".equals(gaSid.getGrantedAuthority())).isFalse();
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid)
Authentication(org.springframework.security.core.Authentication)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)
Test(org.junit.Test)
Example 7 with GrantedAuthoritySid
use of org.springframework.security.acls.domain.GrantedAuthoritySid in project spring-security by spring-projects.
the class SidRetrievalStrategyTests method correctSidsAreRetrieved.
// ~ Methods
// ========================================================================================================
@Test
public void correctSidsAreRetrieved() throws Exception {
SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl();
List<Sid> sids = retrStrategy.getSids(authentication);
assertThat(sids).isNotNull();
assertThat(sids).hasSize(4);
assertThat(sids.get(0)).isNotNull();
assertThat(sids.get(0) instanceof PrincipalSid).isTrue();
for (int i = 1; i < sids.size(); i++) {
assertThat(sids.get(i) instanceof GrantedAuthoritySid).isTrue();
}
assertThat(((PrincipalSid) sids.get(0)).getPrincipal()).isEqualTo("scott");
assertThat(((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()).isEqualTo("A");
assertThat(((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority()).isEqualTo("B");
assertThat(((GrantedAuthoritySid) sids.get(3)).getGrantedAuthority()).isEqualTo("C");
}
Also used :
SidRetrievalStrategyImpl(org.springframework.security.acls.domain.SidRetrievalStrategyImpl)
GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid)
PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)
SidRetrievalStrategy(org.springframework.security.acls.model.SidRetrievalStrategy)
Sid(org.springframework.security.acls.model.Sid)
GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid)
PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)
Test(org.junit.Test)
Example 8 with GrantedAuthoritySid
use of org.springframework.security.acls.domain.GrantedAuthoritySid in project spring-security by spring-projects.
the class SecureDataSourcePopulator method addPermission.
protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {
Assert.notNull(documentDao, "DocumentDao required");
Assert.isInstanceOf(SecureDocumentDao.class, documentDao, "DocumentDao should have been a SecureDocumentDao");
Assert.notNull(element, "Element required");
Assert.hasText(recipient, "Recipient required");
Assert.notNull(SecurityContextHolder.getContext().getAuthentication(), "SecurityContextHolder must contain an Authentication");
// We need SecureDocumentDao to assign different permissions
// SecureDocumentDao dao = (SecureDocumentDao) documentDao;
// We need to construct an ACL-specific Sid. Note the prefix contract is defined
// on the superclass method's JavaDocs
Sid sid = null;
if (recipient.startsWith("ROLE_")) {
sid = new GrantedAuthoritySid(recipient);
} else {
sid = new PrincipalSid(recipient);
}
// We need to identify the target domain object and create an ObjectIdentity for
// it
// This works because AbstractElement has a "getId()" method
ObjectIdentity identity = new ObjectIdentityImpl(element);
// ObjectIdentity identity = new ObjectIdentityImpl(element.getClass(),
// element.getId()); // equivalent
// Next we need to create a Permission
Permission permission = null;
if (level == LEVEL_NEGATE_READ || level == LEVEL_GRANT_READ) {
permission = BasePermission.READ;
} else if (level == LEVEL_GRANT_WRITE) {
permission = BasePermission.WRITE;
} else if (level == LEVEL_GRANT_ADMIN) {
permission = BasePermission.ADMINISTRATION;
} else {
throw new IllegalArgumentException("Unsupported LEVEL_");
}
// Attempt to retrieve the existing ACL, creating an ACL if it doesn't already
// exist for this ObjectIdentity
MutableAcl acl = null;
try {
acl = (MutableAcl) aclService.readAclById(identity);
} catch (NotFoundException nfe) {
acl = aclService.createAcl(identity);
Assert.notNull(acl, "Acl could not be retrieved or created");
}
// Now we have an ACL, add another ACE to it
if (level == LEVEL_NEGATE_READ) {
// not
acl.insertAce(acl.getEntries().size(), permission, sid, false);
// granting
} else {
// granting
acl.insertAce(acl.getEntries().size(), permission, sid, true);
}
// Finally, persist the modified ACL
aclService.updateAcl(acl);
}
Also used :
ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity)
GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid)
ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl)
Permission(org.springframework.security.acls.model.Permission)
BasePermission(org.springframework.security.acls.domain.BasePermission)
NotFoundException(org.springframework.security.acls.model.NotFoundException)
MutableAcl(org.springframework.security.acls.model.MutableAcl)
PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)
Sid(org.springframework.security.acls.model.Sid)
GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid)
PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)
Aggregations
GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)8
Test (org.junit.Test)7
PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)7
Sid (org.springframework.security.acls.model.Sid)5
GrantedAuthority (org.springframework.security.core.GrantedAuthority)4
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)4
ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)2
SidRetrievalStrategyImpl (org.springframework.security.acls.domain.SidRetrievalStrategyImpl)2
MutableAcl (org.springframework.security.acls.model.MutableAcl)2
SidRetrievalStrategy (org.springframework.security.acls.model.SidRetrievalStrategy)2
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2
Authentication (org.springframework.security.core.Authentication)2
List (java.util.List)1
RoleHierarchy (org.springframework.security.access.hierarchicalroles.RoleHierarchy)1
BasePermission (org.springframework.security.acls.domain.BasePermission)1
NotFoundException (org.springframework.security.acls.model.NotFoundException)1
ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)1
Permission (org.springframework.security.acls.model.Permission)1
Transactional (org.springframework.transaction.annotation.Transactional)1
