Search in sources :

Example 16 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class SidRetrievalStrategyTests method correctSidsAreRetrieved.

// ~ Methods
// ========================================================================================================
@Test
public void correctSidsAreRetrieved() throws Exception {
    SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl();
    List<Sid> sids = retrStrategy.getSids(authentication);
    assertThat(sids).isNotNull();
    assertThat(sids).hasSize(4);
    assertThat(sids.get(0)).isNotNull();
    assertThat(sids.get(0) instanceof PrincipalSid).isTrue();
    for (int i = 1; i < sids.size(); i++) {
        assertThat(sids.get(i) instanceof GrantedAuthoritySid).isTrue();
    }
    assertThat(((PrincipalSid) sids.get(0)).getPrincipal()).isEqualTo("scott");
    assertThat(((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()).isEqualTo("A");
    assertThat(((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority()).isEqualTo("B");
    assertThat(((GrantedAuthoritySid) sids.get(3)).getGrantedAuthority()).isEqualTo("C");
}
Also used : SidRetrievalStrategyImpl(org.springframework.security.acls.domain.SidRetrievalStrategyImpl) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) SidRetrievalStrategy(org.springframework.security.acls.model.SidRetrievalStrategy) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test)

Example 17 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class DataSourcePopulator method changeOwner.

private void changeOwner(int contactNumber, String newOwnerUsername) {
    AclImpl acl = (AclImpl) mutableAclService.readAclById(new ObjectIdentityImpl(Contact.class, new Long(contactNumber)));
    acl.setOwner(new PrincipalSid(newOwnerUsername));
    updateAclInTransaction(acl);
}
Also used : AclImpl(org.springframework.security.acls.domain.AclImpl) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)

Example 18 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class DataSourcePopulator method grantPermissions.

private void grantPermissions(int contactNumber, String recipientUsername, Permission permission) {
    AclImpl acl = (AclImpl) mutableAclService.readAclById(new ObjectIdentityImpl(Contact.class, new Long(contactNumber)));
    acl.insertAce(acl.getEntries().size(), permission, new PrincipalSid(recipientUsername), true);
    updateAclInTransaction(acl);
}
Also used : AclImpl(org.springframework.security.acls.domain.AclImpl) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)

Example 19 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class ContactManagerTests method testrod.

@Test
public void testrod() {
    // has ROLE_SUPERVISOR
    makeActiveUser("rod");
    List<Contact> contacts = contactManager.getAll();
    assertThat(contacts).hasSize(4);
    assertContainsContact(1, contacts);
    assertContainsContact(2, contacts);
    assertContainsContact(3, contacts);
    assertContainsContact(4, contacts);
    assertDoestNotContainContact(5, contacts);
    Contact c1 = contactManager.getById(new Long(4));
    contactManager.deletePermission(c1, new PrincipalSid("bob"), BasePermission.ADMINISTRATION);
    contactManager.addPermission(c1, new PrincipalSid("bob"), BasePermission.ADMINISTRATION);
}
Also used : PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test)

Example 20 with PrincipalSid

use of org.springframework.security.acls.domain.PrincipalSid in project spring-security by spring-projects.

the class SecureDataSourcePopulator method addPermission.

protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {
    Assert.notNull(documentDao, "DocumentDao required");
    Assert.isInstanceOf(SecureDocumentDao.class, documentDao, "DocumentDao should have been a SecureDocumentDao");
    Assert.notNull(element, "Element required");
    Assert.hasText(recipient, "Recipient required");
    Assert.notNull(SecurityContextHolder.getContext().getAuthentication(), "SecurityContextHolder must contain an Authentication");
    // We need SecureDocumentDao to assign different permissions
    // SecureDocumentDao dao = (SecureDocumentDao) documentDao;
    // We need to construct an ACL-specific Sid. Note the prefix contract is defined
    // on the superclass method's JavaDocs
    Sid sid = null;
    if (recipient.startsWith("ROLE_")) {
        sid = new GrantedAuthoritySid(recipient);
    } else {
        sid = new PrincipalSid(recipient);
    }
    // We need to identify the target domain object and create an ObjectIdentity for
    // it
    // This works because AbstractElement has a "getId()" method
    ObjectIdentity identity = new ObjectIdentityImpl(element);
    // ObjectIdentity identity = new ObjectIdentityImpl(element.getClass(),
    // element.getId()); // equivalent
    // Next we need to create a Permission
    Permission permission = null;
    if (level == LEVEL_NEGATE_READ || level == LEVEL_GRANT_READ) {
        permission = BasePermission.READ;
    } else if (level == LEVEL_GRANT_WRITE) {
        permission = BasePermission.WRITE;
    } else if (level == LEVEL_GRANT_ADMIN) {
        permission = BasePermission.ADMINISTRATION;
    } else {
        throw new IllegalArgumentException("Unsupported LEVEL_");
    }
    // Attempt to retrieve the existing ACL, creating an ACL if it doesn't already
    // exist for this ObjectIdentity
    MutableAcl acl = null;
    try {
        acl = (MutableAcl) aclService.readAclById(identity);
    } catch (NotFoundException nfe) {
        acl = aclService.createAcl(identity);
        Assert.notNull(acl, "Acl could not be retrieved or created");
    }
    // Now we have an ACL, add another ACE to it
    if (level == LEVEL_NEGATE_READ) {
        // not
        acl.insertAce(acl.getEntries().size(), permission, sid, false);
    // granting
    } else {
        // granting
        acl.insertAce(acl.getEntries().size(), permission, sid, true);
    }
    // Finally, persist the modified ACL
    aclService.updateAcl(acl);
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Permission(org.springframework.security.acls.model.Permission) BasePermission(org.springframework.security.acls.domain.BasePermission) NotFoundException(org.springframework.security.acls.model.NotFoundException) MutableAcl(org.springframework.security.acls.model.MutableAcl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)

Aggregations

PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)21 Test (org.junit.Test)13 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)9 Sid (org.springframework.security.acls.model.Sid)9 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)8 MutableAcl (org.springframework.security.acls.model.MutableAcl)8 Authentication (org.springframework.security.core.Authentication)8 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)7 ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)6 BasePermission (org.springframework.security.acls.domain.BasePermission)5 Permission (org.springframework.security.acls.model.Permission)5 Transactional (org.springframework.transaction.annotation.Transactional)5 Acl (org.springframework.security.acls.model.Acl)3 HashMap (java.util.HashMap)2 AclImpl (org.springframework.security.acls.domain.AclImpl)2 CumulativePermission (org.springframework.security.acls.domain.CumulativePermission)2 SidRetrievalStrategyImpl (org.springframework.security.acls.domain.SidRetrievalStrategyImpl)2 NotFoundException (org.springframework.security.acls.model.NotFoundException)2 SidRetrievalStrategy (org.springframework.security.acls.model.SidRetrievalStrategy)2 CustomSid (org.springframework.security.acls.sid.CustomSid)2