Search in sources :

Example 6 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class JdbcMutableAclService method createAcl.

// ~ Methods
// ========================================================================================================
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");
    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }
    // Need to retrieve the current principal, in order to know who "owns" this ACL
    // (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);
    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);
    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval
    // etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");
    return (MutableAcl) acl;
}
Also used : AlreadyExistsException(org.springframework.security.acls.model.AlreadyExistsException) Authentication(org.springframework.security.core.Authentication) MutableAcl(org.springframework.security.acls.model.MutableAcl) Acl(org.springframework.security.acls.model.Acl) MutableAcl(org.springframework.security.acls.model.MutableAcl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)

Example 7 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method childrenAreClearedFromCacheWhenParentisUpdated2.

/**
	 * SEC-655
	 */
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentisUpdated2() throws Exception {
    Authentication auth = new TestingAuthenticationToken("system", "secret", "ROLE_IGNORED");
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(1));
    MutableAcl parent = jdbcMutableAclService.createAcl(rootObject);
    MutableAcl child = jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2)));
    child.setParent(parent);
    jdbcMutableAclService.updateAcl(child);
    parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true);
    jdbcMutableAclService.updateAcl(parent);
    parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true);
    jdbcMutableAclService.updateAcl(parent);
    child = (MutableAcl) jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2)));
    parent = (MutableAcl) child.getParentAcl();
    assertThat(parent.getEntries()).hasSize(2);
    assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(16);
    assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_ADMINISTRATOR"));
    assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(8);
    assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("terry"));
}
Also used : GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 8 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method childrenAreClearedFromCacheWhenParentIsUpdated.

/**
	 * SEC-655
	 */
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentIsUpdated() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(104));
    ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(105));
    MutableAcl parent = jdbcMutableAclService.createAcl(parentOid);
    MutableAcl child = jdbcMutableAclService.createAcl(childOid);
    child.setParent(parent);
    jdbcMutableAclService.updateAcl(child);
    parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true);
    jdbcMutableAclService.updateAcl(parent);
    parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true);
    jdbcMutableAclService.updateAcl(parent);
    child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
    parent = (MutableAcl) child.getParentAcl();
    assertThat(parent.getEntries()).hasSize(2).withFailMessage("Fails because child has a stale reference to its parent");
    assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new PrincipalSid("ben"));
    assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("scott"));
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 9 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method cumulativePermissions.

@Test
@Transactional
public void cumulativePermissions() {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(110));
    MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
    // Add an ACE permission entry
    Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
    assertThat(cm.getMask()).isEqualTo(17);
    Sid benSid = new PrincipalSid(auth);
    topParent.insertAce(0, cm, benSid, true);
    assertThat(topParent.getEntries()).hasSize(1);
    // Explicitly save the changed ACL
    topParent = jdbcMutableAclService.updateAcl(topParent);
    // Check the mask was retrieved correctly
    assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17);
    assertThat(topParent.isGranted(Arrays.asList(cm), Arrays.asList(benSid), true)).isTrue();
    SecurityContextHolder.clearContext();
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Permission(org.springframework.security.acls.model.Permission) BasePermission(org.springframework.security.acls.domain.BasePermission) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) CustomSid(org.springframework.security.acls.sid.CustomSid) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 10 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class SidRetrievalStrategyTests method roleHierarchyIsUsedWhenSet.

@Test
public void roleHierarchyIsUsedWhenSet() throws Exception {
    RoleHierarchy rh = mock(RoleHierarchy.class);
    List rhAuthorities = AuthorityUtils.createAuthorityList("D");
    when(rh.getReachableGrantedAuthorities(anyCollection())).thenReturn(rhAuthorities);
    SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh);
    List<Sid> sids = strat.getSids(authentication);
    assertThat(sids).hasSize(2);
    assertThat(sids.get(0)).isNotNull();
    assertThat(sids.get(0) instanceof PrincipalSid).isTrue();
    assertThat(((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()).isEqualTo("D");
}
Also used : SidRetrievalStrategyImpl(org.springframework.security.acls.domain.SidRetrievalStrategyImpl) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) RoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy) List(java.util.List) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) SidRetrievalStrategy(org.springframework.security.acls.model.SidRetrievalStrategy) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test)

Aggregations

PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)21 Test (org.junit.Test)13 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)9 Sid (org.springframework.security.acls.model.Sid)9 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)8 MutableAcl (org.springframework.security.acls.model.MutableAcl)8 Authentication (org.springframework.security.core.Authentication)8 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)7 ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)6 BasePermission (org.springframework.security.acls.domain.BasePermission)5 Permission (org.springframework.security.acls.model.Permission)5 Transactional (org.springframework.transaction.annotation.Transactional)5 Acl (org.springframework.security.acls.model.Acl)3 HashMap (java.util.HashMap)2 AclImpl (org.springframework.security.acls.domain.AclImpl)2 CumulativePermission (org.springframework.security.acls.domain.CumulativePermission)2 SidRetrievalStrategyImpl (org.springframework.security.acls.domain.SidRetrievalStrategyImpl)2 NotFoundException (org.springframework.security.acls.model.NotFoundException)2 SidRetrievalStrategy (org.springframework.security.acls.model.SidRetrievalStrategy)2 CustomSid (org.springframework.security.acls.sid.CustomSid)2