Examples with PrincipalSid org.springframework.security.acls.domain.PrincipalSid used on opensource projects

Example 11 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class SidTests method testPrincipalSidConstructorsRequiredFields.

// ~ Methods
// ========================================================================================================
@Test
public void testPrincipalSidConstructorsRequiredFields() throws Exception {
    // Check one String-argument constructor
    try {
        String string = null;
        new PrincipalSid(string);
        fail("It should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
    }
    try {
        new PrincipalSid("");
        fail("It should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
    }
    new PrincipalSid("johndoe");
    // Check one Authentication-argument constructor
    try {
        Authentication authentication = null;
        new PrincipalSid(authentication);
        fail("It should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
    }
    try {
        Authentication authentication = new TestingAuthenticationToken(null, "password");
        new PrincipalSid(authentication);
        fail("It should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
    }
    Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
    new PrincipalSid(authentication);
// throws no exception
}

Example 12 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class SidTests method testPrincipalSidEquals.

@Test
public void testPrincipalSidEquals() throws Exception {
    Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
    Sid principalSid = new PrincipalSid(authentication);
    assertThat(principalSid.equals(null)).isFalse();
    assertThat(principalSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse();
    assertThat(principalSid.equals(principalSid)).isTrue();
    assertThat(principalSid.equals(new PrincipalSid(authentication))).isTrue();
    assertThat(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("johndoe", null)))).isTrue();
    assertThat(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("scott", null)))).isFalse();
    assertThat(principalSid.equals(new PrincipalSid("johndoe"))).isTrue();
    assertThat(principalSid.equals(new PrincipalSid("scott"))).isFalse();
}

Example 13 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class SidTests method testGetters.

@Test
public void testGetters() throws Exception {
    Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
    PrincipalSid principalSid = new PrincipalSid(authentication);
    GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST");
    GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga);
    assertThat("johndoe".equals(principalSid.getPrincipal())).isTrue();
    assertThat("scott".equals(principalSid.getPrincipal())).isFalse();
    assertThat("ROLE_TEST".equals(gaSid.getGrantedAuthority())).isTrue();
    assertThat("ROLE_TEST2".equals(gaSid.getGrantedAuthority())).isFalse();
}

Example 14 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class SidTests method testPrincipalSidHashCode.

@Test
public void testPrincipalSidHashCode() throws Exception {
    Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
    Sid principalSid = new PrincipalSid(authentication);
    assertThat(principalSid.hashCode()).isEqualTo("johndoe".hashCode());
    assertThat(principalSid.hashCode()).isEqualTo(new PrincipalSid("johndoe").hashCode());
    assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid("scott").hashCode());
    assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid(new TestingAuthenticationToken("scott", "password")).hashCode());
}

Example 15 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method testLifecycle.

@Test
@Transactional
public void testLifecycle() {
    SecurityContextHolder.getContext().setAuthentication(auth);
    MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
    MutableAcl middleParent = jdbcMutableAclService.createAcl(middleParentOid);
    MutableAcl child = jdbcMutableAclService.createAcl(childOid);
    // Specify the inheritance hierarchy
    middleParent.setParent(topParent);
    child.setParent(middleParent);
    // Now let's add a couple of permissions
    topParent.insertAce(0, BasePermission.READ, new PrincipalSid(auth), true);
    topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(auth), false);
    middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), true);
    child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false);
    // Explicitly save the changed ACL
    jdbcMutableAclService.updateAcl(topParent);
    jdbcMutableAclService.updateAcl(middleParent);
    jdbcMutableAclService.updateAcl(child);
    // Let's check if we can read them back correctly
    Map<ObjectIdentity, Acl> map = jdbcMutableAclService.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid));
    assertThat(map).hasSize(3);
    // Replace our current objects with their retrieved versions
    topParent = (MutableAcl) map.get(topParentOid);
    middleParent = (MutableAcl) map.get(middleParentOid);
    child = (MutableAcl) map.get(childOid);
    // Check the retrieved versions has IDs
    assertThat(topParent.getId()).isNotNull();
    assertThat(middleParent.getId()).isNotNull();
    assertThat(child.getId()).isNotNull();
    // Check their parents were correctly persisted
    assertThat(topParent.getParentAcl()).isNull();
    assertThat(middleParent.getParentAcl().getObjectIdentity()).isEqualTo(topParentOid);
    assertThat(child.getParentAcl().getObjectIdentity()).isEqualTo(middleParentOid);
    // Check their ACEs were correctly persisted
    assertThat(topParent.getEntries()).hasSize(2);
    assertThat(middleParent.getEntries()).hasSize(1);
    assertThat(child.getEntries()).hasSize(1);
    // Check the retrieved rights are correct
    List<Permission> read = Arrays.asList(BasePermission.READ);
    List<Permission> write = Arrays.asList(BasePermission.WRITE);
    List<Permission> delete = Arrays.asList(BasePermission.DELETE);
    List<Sid> pSid = Arrays.asList((Sid) new PrincipalSid(auth));
    assertThat(topParent.isGranted(read, pSid, false)).isTrue();
    assertThat(topParent.isGranted(write, pSid, false)).isFalse();
    assertThat(middleParent.isGranted(delete, pSid, false)).isTrue();
    assertThat(child.isGranted(delete, pSid, false)).isFalse();
    try {
        child.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false);
        fail("Should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    // Now check the inherited rights (when not explicitly overridden) also look OK
    assertThat(child.isGranted(read, pSid, false)).isTrue();
    assertThat(child.isGranted(write, pSid, false)).isFalse();
    assertThat(child.isGranted(delete, pSid, false)).isFalse();
    // Next change the child so it doesn't inherit permissions from above
    child.setEntriesInheriting(false);
    jdbcMutableAclService.updateAcl(child);
    child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
    assertThat(child.isEntriesInheriting()).isFalse();
    // Check the child permissions no longer inherit
    assertThat(child.isGranted(delete, pSid, true)).isFalse();
    try {
        child.isGranted(read, pSid, true);
        fail("Should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    try {
        child.isGranted(write, pSid, true);
        fail("Should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    // Let's add an identical permission to the child, but it'll appear AFTER the
    // current permission, so has no impact
    child.insertAce(1, BasePermission.DELETE, new PrincipalSid(auth), true);
    // Let's also add another permission to the child
    child.insertAce(2, BasePermission.CREATE, new PrincipalSid(auth), true);
    // Save the changed child
    jdbcMutableAclService.updateAcl(child);
    child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
    assertThat(child.getEntries()).hasSize(3);
    // Output permissions
    for (int i = 0; i < child.getEntries().size(); i++) {
        System.out.println(child.getEntries().get(i));
    }
    // Check the permissions are as they should be
    // as earlier permission
    assertThat(child.isGranted(delete, pSid, true)).isFalse();
    // overrode
    assertThat(child.isGranted(Arrays.asList(BasePermission.CREATE), pSid, true)).isTrue();
    // Now check the first ACE (index 0) really is DELETE for our Sid and is
    // non-granting
    AccessControlEntry entry = child.getEntries().get(0);
    assertThat(entry.getPermission().getMask()).isEqualTo(BasePermission.DELETE.getMask());
    assertThat(entry.getSid()).isEqualTo(new PrincipalSid(auth));
    assertThat(entry.isGranting()).isFalse();
    assertThat(entry.getId()).isNotNull();
    // Now delete that first ACE
    child.deleteAce(0);
    // Save and check it worked
    child = jdbcMutableAclService.updateAcl(child);
    assertThat(child.getEntries()).hasSize(2);
    assertThat(child.isGranted(delete, pSid, false)).isTrue();
    SecurityContextHolder.clearContext();
}