Search in sources :

Example 31 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method deleteAclRemovesRowsFromDatabase.

@Test
@Transactional
public void deleteAclRemovesRowsFromDatabase() {
    SecurityContextHolder.getContext().setAuthentication(this.auth);
    MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid());
    child.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false);
    this.jdbcMutableAclService.updateAcl(child);
    // Remove the child and check all related database rows were removed accordingly
    this.jdbcMutableAclService.deleteAcl(getChildOid(), false);
    assertThat(this.jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[] { getTargetClass() })).hasSize(1);
    assertThat(this.jdbcTemplate.queryForList("select * from acl_object_identity")).isEmpty();
    assertThat(this.jdbcTemplate.queryForList("select * from acl_entry")).isEmpty();
    // Check the cache
    assertThat(this.aclCache.getFromCache(getChildOid())).isNull();
    assertThat(this.aclCache.getFromCache(102L)).isNull();
}
Also used : MutableAcl(org.springframework.security.acls.model.MutableAcl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.jupiter.api.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 32 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method deleteAclAlsoDeletesChildren.

/**
 * Test method that demonstrates eviction failure from cache - SEC-676
 */
@Test
@Transactional
public void deleteAclAlsoDeletesChildren() {
    SecurityContextHolder.getContext().setAuthentication(this.auth);
    this.jdbcMutableAclService.createAcl(getTopParentOid());
    MutableAcl middleParent = this.jdbcMutableAclService.createAcl(getMiddleParentOid());
    MutableAcl child = this.jdbcMutableAclService.createAcl(getChildOid());
    child.setParent(middleParent);
    this.jdbcMutableAclService.updateAcl(middleParent);
    this.jdbcMutableAclService.updateAcl(child);
    // Check the childOid really is a child of middleParentOid
    Acl childAcl = this.jdbcMutableAclService.readAclById(getChildOid());
    assertThat(childAcl.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid());
    // Delete the mid-parent and test if the child was deleted, as well
    this.jdbcMutableAclService.deleteAcl(getMiddleParentOid(), true);
    assertThatExceptionOfType(NotFoundException.class).isThrownBy(() -> this.jdbcMutableAclService.readAclById(getMiddleParentOid()));
    assertThatExceptionOfType(NotFoundException.class).isThrownBy(() -> this.jdbcMutableAclService.readAclById(getChildOid()));
    Acl acl = this.jdbcMutableAclService.readAclById(getTopParentOid());
    assertThat(acl).isNotNull();
    assertThat(getTopParentOid()).isEqualTo(acl.getObjectIdentity());
}
Also used : NotFoundException(org.springframework.security.acls.model.NotFoundException) MutableAcl(org.springframework.security.acls.model.MutableAcl) MutableAcl(org.springframework.security.acls.model.MutableAcl) Acl(org.springframework.security.acls.model.Acl) Test(org.junit.jupiter.api.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 33 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method childrenAreClearedFromCacheWhenParentIsUpdated.

/**
 * SEC-655
 */
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentIsUpdated() {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
    ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 105L);
    MutableAcl parent = this.jdbcMutableAclService.createAcl(parentOid);
    MutableAcl child = this.jdbcMutableAclService.createAcl(childOid);
    child.setParent(parent);
    this.jdbcMutableAclService.updateAcl(child);
    parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true);
    this.jdbcMutableAclService.updateAcl(parent);
    parent = (AclImpl) this.jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true);
    this.jdbcMutableAclService.updateAcl(parent);
    child = (MutableAcl) this.jdbcMutableAclService.readAclById(childOid);
    parent = (MutableAcl) child.getParentAcl();
    assertThat(parent.getEntries()).hasSize(2).withFailMessage("Fails because child has a stale reference to its parent");
    assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new PrincipalSid("ben"));
    assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("scott"));
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.jupiter.api.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 34 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class SpringCacheBasedAclCacheTests method cacheOperationsAclWithParent.

@SuppressWarnings("rawtypes")
@Test
public void cacheOperationsAclWithParent() throws Exception {
    Cache cache = getCache();
    Map realCache = (Map) cache.getNativeCache();
    Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 1L);
    ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, 2L);
    AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
    AuditLogger auditLogger = new ConsoleAuditLogger();
    PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
    SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy, aclAuthorizationStrategy);
    MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy, auditLogger);
    MutableAcl parentAcl = new AclImpl(identityParent, 2L, aclAuthorizationStrategy, auditLogger);
    acl.setParent(parentAcl);
    assertThat(realCache).isEmpty();
    myCache.putInCache(acl);
    assertThat(4).isEqualTo(realCache.size());
    // Check we can get from cache the same objects we put in
    AclImpl aclFromCache = (AclImpl) myCache.getFromCache(1L);
    assertThat(aclFromCache).isEqualTo(acl);
    // SEC-951 check transient fields are set on parent
    assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "aclAuthorizationStrategy")).isNotNull();
    assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "permissionGrantingStrategy")).isNotNull();
    assertThat(myCache.getFromCache(identity)).isEqualTo(acl);
    assertThat(FieldUtils.getFieldValue(aclFromCache, "aclAuthorizationStrategy")).isNotNull();
    AclImpl parentAclFromCache = (AclImpl) myCache.getFromCache(2L);
    assertThat(parentAclFromCache).isEqualTo(parentAcl);
    assertThat(FieldUtils.getFieldValue(parentAclFromCache, "aclAuthorizationStrategy")).isNotNull();
    assertThat(myCache.getFromCache(identityParent)).isEqualTo(parentAcl);
}
Also used : AclAuthorizationStrategyImpl(org.springframework.security.acls.domain.AclAuthorizationStrategyImpl) DefaultPermissionGrantingStrategy(org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy) SpringCacheBasedAclCache(org.springframework.security.acls.domain.SpringCacheBasedAclCache) ConsoleAuditLogger(org.springframework.security.acls.domain.ConsoleAuditLogger) AuditLogger(org.springframework.security.acls.domain.AuditLogger) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) AclAuthorizationStrategy(org.springframework.security.acls.domain.AclAuthorizationStrategy) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) DefaultPermissionGrantingStrategy(org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy) PermissionGrantingStrategy(org.springframework.security.acls.model.PermissionGrantingStrategy) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) AclImpl(org.springframework.security.acls.domain.AclImpl) Authentication(org.springframework.security.core.Authentication) ConsoleAuditLogger(org.springframework.security.acls.domain.ConsoleAuditLogger) MutableAcl(org.springframework.security.acls.model.MutableAcl) Map(java.util.Map) Cache(org.springframework.cache.Cache) SpringCacheBasedAclCache(org.springframework.security.acls.domain.SpringCacheBasedAclCache) Test(org.junit.jupiter.api.Test)

Example 35 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class EhCacheBasedAclCacheTests method getFromCacheSerializablePopulatesTransient.

@Test
public void getFromCacheSerializablePopulatesTransient() throws Exception {
    when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
    myCache.putInCache(acl);
    ReflectionTestUtils.setField(acl, "permissionGrantingStrategy", null);
    ReflectionTestUtils.setField(acl, "aclAuthorizationStrategy", null);
    MutableAcl fromCache = myCache.getFromCache(acl.getId());
    assertThat(ReflectionTestUtils.getField(fromCache, "aclAuthorizationStrategy")).isNotNull();
    assertThat(ReflectionTestUtils.getField(fromCache, "permissionGrantingStrategy")).isNotNull();
}
Also used : Element(net.sf.ehcache.Element) MutableAcl(org.springframework.security.acls.model.MutableAcl) Test(org.junit.Test)

Aggregations

MutableAcl (org.springframework.security.acls.model.MutableAcl)58 Test (org.junit.jupiter.api.Test)23 ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)20 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)17 Sid (org.springframework.security.acls.model.Sid)14 Authentication (org.springframework.security.core.Authentication)12 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)11 NotFoundException (org.springframework.security.acls.model.NotFoundException)10 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)9 EntityTypeIdentity (org.molgenis.data.security.EntityTypeIdentity)8 Transactional (org.springframework.transaction.annotation.Transactional)8 Test (org.testng.annotations.Test)8 Test (org.junit.Test)7 PackageIdentity (org.molgenis.data.security.PackageIdentity)6 CumulativePermission (org.springframework.security.acls.domain.CumulativePermission)6 WithMockUser (org.springframework.security.test.context.support.WithMockUser)6 Package (org.molgenis.data.meta.model.Package)5 Acl (org.springframework.security.acls.model.Acl)5 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)5 File (java.io.File)4