Example 1 with AclImpl
use of org.springframework.security.acls.domain.AclImpl in project spring-security by spring-projects.
the class BasicLookupStrategy method lookupObjectIdentities.
/**
* Looks up a batch of <code>ObjectIdentity</code>s directly from the database.
* <p>
* The caller is responsible for optimization issues, such as selecting the identities
* to lookup, ensuring the cache doesn't contain them already, and adding the returned
* elements to the cache etc.
* <p>
* This subclass is required to return fully valid <code>Acl</code>s, including
* properly-configured parent ACLs.
*/
private Map<ObjectIdentity, Acl> lookupObjectIdentities(final Collection<ObjectIdentity> objectIdentities, List<Sid> sids) {
Assert.notEmpty(objectIdentities, "Must provide identities to lookup");
// contains Acls with StubAclParents
Map<Serializable, Acl> acls = new HashMap<>();
// Make the "acls" map contain all requested objectIdentities
// (including markers to each parent in the hierarchy)
String sql = computeRepeatingSql(this.lookupObjectIdentitiesWhereClause, objectIdentities.size());
Set<Long> parentsToLookup = this.jdbcTemplate.query(sql, (ps) -> setupLookupObjectIdentitiesStatement(ps, objectIdentities), new ProcessResultSet(acls, sids));
// connection (SEC-547)
if (parentsToLookup.size() > 0) {
lookupPrimaryKeys(acls, parentsToLookup, sids);
}
// Finally, convert our "acls" containing StubAclParents into true Acls
Map<ObjectIdentity, Acl> resultMap = new HashMap<>();
for (Acl inputAcl : acls.values()) {
Assert.isInstanceOf(AclImpl.class, inputAcl, "Map should have contained an AclImpl");
Assert.isInstanceOf(Long.class, ((AclImpl) inputAcl).getId(), "Acl.getId() must be Long");
Acl result = convert(acls, (Long) ((AclImpl) inputAcl).getId());
resultMap.put(result.getObjectIdentity(), result);
}
return resultMap;
}
Also used :
Serializable(java.io.Serializable)
ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity)
AclImpl(org.springframework.security.acls.domain.AclImpl)
HashMap(java.util.HashMap)
MutableAcl(org.springframework.security.acls.model.MutableAcl)
Acl(org.springframework.security.acls.model.Acl)
Example 2 with AclImpl
use of org.springframework.security.acls.domain.AclImpl in project spring-security by spring-projects.
the class SpringCacheBasedAclCacheTests method cacheOperationsAclWithParent.
@SuppressWarnings("rawtypes")
@Test
public void cacheOperationsAclWithParent() throws Exception {
Cache cache = getCache();
Map realCache = (Map) cache.getNativeCache();
Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 1L);
ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L);
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
AuditLogger auditLogger = new ConsoleAuditLogger();
PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy, aclAuthorizationStrategy);
MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger);
MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, auditLogger);
acl.setParent(parentAcl);
assertThat(realCache).isEmpty();
myCache.putInCache(acl);
assertThat(4).isEqualTo(realCache.size());
// Check we can get from cache the same objects we put in
AclImpl aclFromCache = (AclImpl) myCache.getFromCache(1L);
assertThat(aclFromCache).isEqualTo(acl);
// SEC-951 check transient fields are set on parent
assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "aclAuthorizationStrategy")).isNotNull();
assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "permissionGrantingStrategy")).isNotNull();
assertThat(myCache.getFromCache(identity)).isEqualTo(acl);
assertThat(FieldUtils.getFieldValue(aclFromCache, "aclAuthorizationStrategy")).isNotNull();
AclImpl parentAclFromCache = (AclImpl) myCache.getFromCache(2L);
assertThat(parentAclFromCache).isEqualTo(parentAcl);
assertThat(FieldUtils.getFieldValue(parentAclFromCache, "aclAuthorizationStrategy")).isNotNull();
assertThat(myCache.getFromCache(identityParent)).isEqualTo(parentAcl);
}
Also used :
AclAuthorizationStrategyImpl(org.springframework.security.acls.domain.AclAuthorizationStrategyImpl)
DefaultPermissionGrantingStrategy(org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy)
SpringCacheBasedAclCache(org.springframework.security.acls.domain.SpringCacheBasedAclCache)
ConsoleAuditLogger(org.springframework.security.acls.domain.ConsoleAuditLogger)
AuditLogger(org.springframework.security.acls.domain.AuditLogger)
ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl)
AclAuthorizationStrategy(org.springframework.security.acls.domain.AclAuthorizationStrategy)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
DefaultPermissionGrantingStrategy(org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy)
PermissionGrantingStrategy(org.springframework.security.acls.model.PermissionGrantingStrategy)
ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity)
AclImpl(org.springframework.security.acls.domain.AclImpl)
Authentication(org.springframework.security.core.Authentication)
ConsoleAuditLogger(org.springframework.security.acls.domain.ConsoleAuditLogger)
MutableAcl(org.springframework.security.acls.model.MutableAcl)
Map(java.util.Map)
Cache(org.springframework.cache.Cache)
SpringCacheBasedAclCache(org.springframework.security.acls.domain.SpringCacheBasedAclCache)
Test(org.junit.jupiter.api.Test)
Example 3 with AclImpl
use of org.springframework.security.acls.domain.AclImpl in project spring-security by spring-projects.
the class DataSourcePopulator method changeOwner.
private void changeOwner(int contactNumber, String newOwnerUsername) {
AclImpl acl = (AclImpl) mutableAclService.readAclById(new ObjectIdentityImpl(Contact.class, new Long(contactNumber)));
acl.setOwner(new PrincipalSid(newOwnerUsername));
updateAclInTransaction(acl);
}
Also used :
AclImpl(org.springframework.security.acls.domain.AclImpl)
ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl)
PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)
Example 4 with AclImpl
use of org.springframework.security.acls.domain.AclImpl in project spring-security by spring-projects.
the class DataSourcePopulator method grantPermissions.
private void grantPermissions(int contactNumber, String recipientUsername, Permission permission) {
AclImpl acl = (AclImpl) mutableAclService.readAclById(new ObjectIdentityImpl(Contact.class, new Long(contactNumber)));
acl.insertAce(acl.getEntries().size(), permission, new PrincipalSid(recipientUsername), true);
updateAclInTransaction(acl);
}
Also used :
AclImpl(org.springframework.security.acls.domain.AclImpl)
ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl)
PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)
Example 5 with AclImpl
use of org.springframework.security.acls.domain.AclImpl in project spring-security by spring-projects.
the class BasicLookupStrategy method convert.
/**
* The final phase of converting the <code>Map</code> of <code>AclImpl</code>
* instances which contain <code>StubAclParent</code>s into proper, valid
* <code>AclImpl</code>s with correct ACL parents.
* @param inputMap the unconverted <code>AclImpl</code>s
* @param currentIdentity the current<code>Acl</code> that we wish to convert (this
* may be
*/
private AclImpl convert(Map<Serializable, Acl> inputMap, Long currentIdentity) {
Assert.notEmpty(inputMap, "InputMap required");
Assert.notNull(currentIdentity, "CurrentIdentity required");
// Retrieve this Acl from the InputMap
Acl uncastAcl = inputMap.get(currentIdentity);
Assert.isInstanceOf(AclImpl.class, uncastAcl, "The inputMap contained a non-AclImpl");
AclImpl inputAcl = (AclImpl) uncastAcl;
Acl parent = inputAcl.getParentAcl();
if ((parent != null) && parent instanceof StubAclParent) {
// Lookup the parent
StubAclParent stubAclParent = (StubAclParent) parent;
parent = convert(inputMap, stubAclParent.getId());
}
// Now we have the parent (if there is one), create the true AclImpl
AclImpl result = new AclImpl(inputAcl.getObjectIdentity(), inputAcl.getId(), this.aclAuthorizationStrategy, this.grantingStrategy, parent, null, inputAcl.isEntriesInheriting(), inputAcl.getOwner());
// Copy the "aces" from the input to the destination
// Obtain the "aces" from the input ACL
List<AccessControlEntryImpl> aces = readAces(inputAcl);
// Create a list in which to store the "aces" for the "result" AclImpl instance
List<AccessControlEntryImpl> acesNew = new ArrayList<>();
// This ensures StubAclParent instances are removed, as per SEC-951
for (AccessControlEntryImpl ace : aces) {
setAclOnAce(ace, result);
acesNew.add(ace);
}
// Finally, now that the "aces" have been converted to have the "result" AclImpl
// instance, modify the "result" AclImpl instance
setAces(result, acesNew);
return result;
}
Also used :
AccessControlEntryImpl(org.springframework.security.acls.domain.AccessControlEntryImpl)
AclImpl(org.springframework.security.acls.domain.AclImpl)
ArrayList(java.util.ArrayList)
MutableAcl(org.springframework.security.acls.model.MutableAcl)
Acl(org.springframework.security.acls.model.Acl)
Aggregations
AclImpl (org.springframework.security.acls.domain.AclImpl)6
ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)4
MutableAcl (org.springframework.security.acls.model.MutableAcl)4
ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)3
Map (java.util.Map)2
Test (org.junit.jupiter.api.Test)2
Cache (org.springframework.cache.Cache)2
AclAuthorizationStrategy (org.springframework.security.acls.domain.AclAuthorizationStrategy)2
AclAuthorizationStrategyImpl (org.springframework.security.acls.domain.AclAuthorizationStrategyImpl)2
AuditLogger (org.springframework.security.acls.domain.AuditLogger)2
ConsoleAuditLogger (org.springframework.security.acls.domain.ConsoleAuditLogger)2
DefaultPermissionGrantingStrategy (org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy)2
PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)2
SpringCacheBasedAclCache (org.springframework.security.acls.domain.SpringCacheBasedAclCache)2
Acl (org.springframework.security.acls.model.Acl)2
PermissionGrantingStrategy (org.springframework.security.acls.model.PermissionGrantingStrategy)2
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)2
Serializable (java.io.Serializable)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
