Examples with MutableAcl org.springframework.security.acls.model.MutableAcl used on opensource projects

Search in sources :

Example 16 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method childrenAreClearedFromCacheWhenParentisUpdated2.

/**
	 * SEC-655
	 */
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentisUpdated2() throws Exception {
    Authentication auth = new TestingAuthenticationToken("system", "secret", "ROLE_IGNORED");
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(1));
    MutableAcl parent = jdbcMutableAclService.createAcl(rootObject);
    MutableAcl child = jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2)));
    child.setParent(parent);
    jdbcMutableAclService.updateAcl(child);
    parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true);
    jdbcMutableAclService.updateAcl(parent);
    parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true);
    jdbcMutableAclService.updateAcl(parent);
    child = (MutableAcl) jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2)));
    parent = (MutableAcl) child.getParentAcl();
    assertThat(parent.getEntries()).hasSize(2);
    assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(16);
    assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_ADMINISTRATOR"));
    assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(8);
    assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("terry"));
}
Also used : GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 17 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method childrenAreClearedFromCacheWhenParentIsUpdated.

/**
	 * SEC-655
	 */
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentIsUpdated() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(104));
    ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(105));
    MutableAcl parent = jdbcMutableAclService.createAcl(parentOid);
    MutableAcl child = jdbcMutableAclService.createAcl(childOid);
    child.setParent(parent);
    jdbcMutableAclService.updateAcl(child);
    parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true);
    jdbcMutableAclService.updateAcl(parent);
    parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true);
    jdbcMutableAclService.updateAcl(parent);
    child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
    parent = (MutableAcl) child.getParentAcl();
    assertThat(parent.getEntries()).hasSize(2).withFailMessage("Fails because child has a stale reference to its parent");
    assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new PrincipalSid("ben"));
    assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("scott"));
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 18 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method cumulativePermissions.

@Test
@Transactional
public void cumulativePermissions() {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(110));
    MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
    // Add an ACE permission entry
    Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
    assertThat(cm.getMask()).isEqualTo(17);
    Sid benSid = new PrincipalSid(auth);
    topParent.insertAce(0, cm, benSid, true);
    assertThat(topParent.getEntries()).hasSize(1);
    // Explicitly save the changed ACL
    topParent = jdbcMutableAclService.updateAcl(topParent);
    // Check the mask was retrieved correctly
    assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17);
    assertThat(topParent.isGranted(Arrays.asList(cm), Arrays.asList(benSid), true)).isTrue();
    SecurityContextHolder.clearContext();
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Permission(org.springframework.security.acls.model.Permission) BasePermission(org.springframework.security.acls.domain.BasePermission) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) CustomSid(org.springframework.security.acls.sid.CustomSid) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 19 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class SpringCacheBasedAclCacheTests method cacheOperationsAclWithParent.

@SuppressWarnings("rawtypes")
@Test
public void cacheOperationsAclWithParent() throws Exception {
    Cache cache = getCache();
    Map realCache = (Map) cache.getNativeCache();
    Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(1));
    ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2));
    AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
    AuditLogger auditLogger = new ConsoleAuditLogger();
    PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
    SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy, aclAuthorizationStrategy);
    MutableAcl acl = new AclImpl(identity, Long.valueOf(1), aclAuthorizationStrategy, auditLogger);
    MutableAcl parentAcl = new AclImpl(identityParent, Long.valueOf(2), aclAuthorizationStrategy, auditLogger);
    acl.setParent(parentAcl);
    assertThat(realCache).isEmpty();
    myCache.putInCache(acl);
    assertThat(4).isEqualTo(realCache.size());
    // Check we can get from cache the same objects we put in
    AclImpl aclFromCache = (AclImpl) myCache.getFromCache(Long.valueOf(1));
    assertThat(aclFromCache).isEqualTo(acl);
    // SEC-951 check transient fields are set on parent
    assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "aclAuthorizationStrategy")).isNotNull();
    assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "permissionGrantingStrategy")).isNotNull();
    assertThat(myCache.getFromCache(identity)).isEqualTo(acl);
    assertThat(FieldUtils.getFieldValue(aclFromCache, "aclAuthorizationStrategy")).isNotNull();
    AclImpl parentAclFromCache = (AclImpl) myCache.getFromCache(Long.valueOf(2));
    assertThat(parentAclFromCache).isEqualTo(parentAcl);
    assertThat(FieldUtils.getFieldValue(parentAclFromCache, "aclAuthorizationStrategy")).isNotNull();
    assertThat(myCache.getFromCache(identityParent)).isEqualTo(parentAcl);
}
Also used : TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) PermissionGrantingStrategy(org.springframework.security.acls.model.PermissionGrantingStrategy) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) MutableAcl(org.springframework.security.acls.model.MutableAcl) Map(java.util.Map) Cache(org.springframework.cache.Cache) Test(org.junit.Test)

Example 20 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class EhCacheBasedAclCacheTests method getFromCacheSerializablePopulatesTransient.

@Test
public void getFromCacheSerializablePopulatesTransient() throws Exception {
    when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
    myCache.putInCache(acl);
    ReflectionTestUtils.setField(acl, "permissionGrantingStrategy", null);
    ReflectionTestUtils.setField(acl, "aclAuthorizationStrategy", null);
    MutableAcl fromCache = myCache.getFromCache(acl.getId());
    assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
    assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
}
Also used : Element(net.sf.ehcache.Element) MutableAcl(org.springframework.security.acls.model.MutableAcl) Test(org.junit.Test)

Aggregations

MutableAcl (org.springframework.security.acls.model.MutableAcl)27 Test (org.junit.Test)14 ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)13 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)8 Authentication (org.springframework.security.core.Authentication)8 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)7 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)7 Transactional (org.springframework.transaction.annotation.Transactional)7 NotFoundException (org.springframework.security.acls.model.NotFoundException)6 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)5 Element (net.sf.ehcache.Element)4 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)4 BasePermission (org.springframework.security.acls.domain.BasePermission)3 Acl (org.springframework.security.acls.model.Acl)3 Permission (org.springframework.security.acls.model.Permission)3 Sid (org.springframework.security.acls.model.Sid)3 Map (java.util.Map)2 Cache (org.springframework.cache.Cache)2 CumulativePermission (org.springframework.security.acls.domain.CumulativePermission)2 AccessControlEntry (org.springframework.security.acls.model.AccessControlEntry)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial