Search in sources :

Example 26 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class SecureDataSourcePopulator method addPermission.

protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {
    Assert.notNull(documentDao, "DocumentDao required");
    Assert.isInstanceOf(SecureDocumentDao.class, documentDao, "DocumentDao should have been a SecureDocumentDao");
    Assert.notNull(element, "Element required");
    Assert.hasText(recipient, "Recipient required");
    Assert.notNull(SecurityContextHolder.getContext().getAuthentication(), "SecurityContextHolder must contain an Authentication");
    // We need SecureDocumentDao to assign different permissions
    // SecureDocumentDao dao = (SecureDocumentDao) documentDao;
    // We need to construct an ACL-specific Sid. Note the prefix contract is defined
    // on the superclass method's JavaDocs
    Sid sid = null;
    if (recipient.startsWith("ROLE_")) {
        sid = new GrantedAuthoritySid(recipient);
    } else {
        sid = new PrincipalSid(recipient);
    }
    // We need to identify the target domain object and create an ObjectIdentity for
    // it
    // This works because AbstractElement has a "getId()" method
    ObjectIdentity identity = new ObjectIdentityImpl(element);
    // ObjectIdentity identity = new ObjectIdentityImpl(element.getClass(),
    // element.getId()); // equivalent
    // Next we need to create a Permission
    Permission permission = null;
    if (level == LEVEL_NEGATE_READ || level == LEVEL_GRANT_READ) {
        permission = BasePermission.READ;
    } else if (level == LEVEL_GRANT_WRITE) {
        permission = BasePermission.WRITE;
    } else if (level == LEVEL_GRANT_ADMIN) {
        permission = BasePermission.ADMINISTRATION;
    } else {
        throw new IllegalArgumentException("Unsupported LEVEL_");
    }
    // Attempt to retrieve the existing ACL, creating an ACL if it doesn't already
    // exist for this ObjectIdentity
    MutableAcl acl = null;
    try {
        acl = (MutableAcl) aclService.readAclById(identity);
    } catch (NotFoundException nfe) {
        acl = aclService.createAcl(identity);
        Assert.notNull(acl, "Acl could not be retrieved or created");
    }
    // Now we have an ACL, add another ACE to it
    if (level == LEVEL_NEGATE_READ) {
        // not
        acl.insertAce(acl.getEntries().size(), permission, sid, false);
    // granting
    } else {
        // granting
        acl.insertAce(acl.getEntries().size(), permission, sid, true);
    }
    // Finally, persist the modified ACL
    aclService.updateAcl(acl);
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Permission(org.springframework.security.acls.model.Permission) BasePermission(org.springframework.security.acls.domain.BasePermission) NotFoundException(org.springframework.security.acls.model.NotFoundException) MutableAcl(org.springframework.security.acls.model.MutableAcl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)

Example 27 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class SecureDocumentDaoImpl method create.

public void create(AbstractElement element) {
    super.create(element);
    // Create an ACL identity for this element
    ObjectIdentity identity = new ObjectIdentityImpl(element);
    MutableAcl acl = mutableAclService.createAcl(identity);
    // already exist)
    if (element.getParent() != null) {
        ObjectIdentity parentIdentity = new ObjectIdentityImpl(element.getParent());
        MutableAcl aclParent = (MutableAcl) mutableAclService.readAclById(parentIdentity);
        acl.setParent(aclParent);
    }
    acl.insertAce(acl.getEntries().size(), BasePermission.ADMINISTRATION, new PrincipalSid(SecurityContextHolder.getContext().getAuthentication()), true);
    mutableAclService.updateAcl(acl);
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)

Aggregations

MutableAcl (org.springframework.security.acls.model.MutableAcl)27 Test (org.junit.Test)14 ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)13 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)8 Authentication (org.springframework.security.core.Authentication)8 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)7 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)7 Transactional (org.springframework.transaction.annotation.Transactional)7 NotFoundException (org.springframework.security.acls.model.NotFoundException)6 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)5 Element (net.sf.ehcache.Element)4 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)4 BasePermission (org.springframework.security.acls.domain.BasePermission)3 Acl (org.springframework.security.acls.model.Acl)3 Permission (org.springframework.security.acls.model.Permission)3 Sid (org.springframework.security.acls.model.Sid)3 Map (java.util.Map)2 Cache (org.springframework.cache.Cache)2 CumulativePermission (org.springframework.security.acls.domain.CumulativePermission)2 AccessControlEntry (org.springframework.security.acls.model.AccessControlEntry)2