Search in sources :

Example 36 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class EhCacheBasedAclCacheTests method testDiskSerializationOfMutableAclObjectInstance.

// SEC-527
@Test
public void testDiskSerializationOfMutableAclObjectInstance() throws Exception {
    // Serialization test
    File file = File.createTempFile("SEC_TEST", ".object");
    FileOutputStream fos = new FileOutputStream(file);
    ObjectOutputStream oos = new ObjectOutputStream(fos);
    oos.writeObject(acl);
    oos.close();
    FileInputStream fis = new FileInputStream(file);
    ObjectInputStream ois = new ObjectInputStream(fis);
    MutableAcl retrieved = (MutableAcl) ois.readObject();
    ois.close();
    assertThat(retrieved).isEqualTo(acl);
    Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved);
    assertThat(retrieved1).isEqualTo(null);
    Object retrieved2 = FieldUtils.getProtectedFieldValue("permissionGrantingStrategy", retrieved);
    assertThat(retrieved2).isEqualTo(null);
}
Also used : FileOutputStream(java.io.FileOutputStream) MutableAcl(org.springframework.security.acls.model.MutableAcl) ObjectOutputStream(java.io.ObjectOutputStream) File(java.io.File) FileInputStream(java.io.FileInputStream) ObjectInputStream(java.io.ObjectInputStream) Test(org.junit.Test)

Example 37 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class ContactManagerBackend method deletePermission.

public void deletePermission(Contact contact, Sid recipient, Permission permission) {
    ObjectIdentity oid = new ObjectIdentityImpl(Contact.class, contact.getId());
    MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);
    // Remove all permissions associated with this particular recipient (string
    // equality to KISS)
    List<AccessControlEntry> entries = acl.getEntries();
    for (int i = 0; i < entries.size(); i++) {
        if (entries.get(i).getSid().equals(recipient) && entries.get(i).getPermission().equals(permission)) {
            acl.deleteAce(i);
        }
    }
    mutableAclService.updateAcl(acl);
    if (logger.isDebugEnabled()) {
        logger.debug("Deleted contact " + contact + " ACL permissions for recipient " + recipient);
    }
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) AccessControlEntry(org.springframework.security.acls.model.AccessControlEntry) MutableAcl(org.springframework.security.acls.model.MutableAcl)

Example 38 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class SecureDataSourcePopulator method addPermission.

protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {
    Assert.notNull(documentDao, "DocumentDao required");
    Assert.isInstanceOf(SecureDocumentDao.class, documentDao, "DocumentDao should have been a SecureDocumentDao");
    Assert.notNull(element, "Element required");
    Assert.hasText(recipient, "Recipient required");
    Assert.notNull(SecurityContextHolder.getContext().getAuthentication(), "SecurityContextHolder must contain an Authentication");
    // We need SecureDocumentDao to assign different permissions
    // SecureDocumentDao dao = (SecureDocumentDao) documentDao;
    // We need to construct an ACL-specific Sid. Note the prefix contract is defined
    // on the superclass method's JavaDocs
    Sid sid = null;
    if (recipient.startsWith("ROLE_")) {
        sid = new GrantedAuthoritySid(recipient);
    } else {
        sid = new PrincipalSid(recipient);
    }
    // We need to identify the target domain object and create an ObjectIdentity for
    // it
    // This works because AbstractElement has a "getId()" method
    ObjectIdentity identity = new ObjectIdentityImpl(element);
    // ObjectIdentity identity = new ObjectIdentityImpl(element.getClass(),
    // element.getId()); // equivalent
    // Next we need to create a Permission
    Permission permission = null;
    if (level == LEVEL_NEGATE_READ || level == LEVEL_GRANT_READ) {
        permission = BasePermission.READ;
    } else if (level == LEVEL_GRANT_WRITE) {
        permission = BasePermission.WRITE;
    } else if (level == LEVEL_GRANT_ADMIN) {
        permission = BasePermission.ADMINISTRATION;
    } else {
        throw new IllegalArgumentException("Unsupported LEVEL_");
    }
    // Attempt to retrieve the existing ACL, creating an ACL if it doesn't already
    // exist for this ObjectIdentity
    MutableAcl acl = null;
    try {
        acl = (MutableAcl) aclService.readAclById(identity);
    } catch (NotFoundException nfe) {
        acl = aclService.createAcl(identity);
        Assert.notNull(acl, "Acl could not be retrieved or created");
    }
    // Now we have an ACL, add another ACE to it
    if (level == LEVEL_NEGATE_READ) {
        // not
        acl.insertAce(acl.getEntries().size(), permission, sid, false);
    // granting
    } else {
        // granting
        acl.insertAce(acl.getEntries().size(), permission, sid, true);
    }
    // Finally, persist the modified ACL
    aclService.updateAcl(acl);
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Permission(org.springframework.security.acls.model.Permission) BasePermission(org.springframework.security.acls.domain.BasePermission) NotFoundException(org.springframework.security.acls.model.NotFoundException) MutableAcl(org.springframework.security.acls.model.MutableAcl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)

Example 39 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.

the class SecureDocumentDaoImpl method create.

public void create(AbstractElement element) {
    super.create(element);
    // Create an ACL identity for this element
    ObjectIdentity identity = new ObjectIdentityImpl(element);
    MutableAcl acl = mutableAclService.createAcl(identity);
    // already exist)
    if (element.getParent() != null) {
        ObjectIdentity parentIdentity = new ObjectIdentityImpl(element.getParent());
        MutableAcl aclParent = (MutableAcl) mutableAclService.readAclById(parentIdentity);
        acl.setParent(aclParent);
    }
    acl.insertAce(acl.getEntries().size(), BasePermission.ADMINISTRATION, new PrincipalSid(SecurityContextHolder.getContext().getAuthentication()), true);
    mutableAclService.updateAcl(acl);
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid)

Example 40 with MutableAcl

use of org.springframework.security.acls.model.MutableAcl in project Gemma by PavlidisLab.

the class SecurityServiceTest method testDuplicateAcesNotAddedOnPrivateExpressionExperiment.

/*
     * Tests that the same ACE can not be added twice to a securable object.
     */
@Test
public void testDuplicateAcesNotAddedOnPrivateExpressionExperiment() {
    // make private experiment
    ExpressionExperiment ee = super.getTestPersistentBasicExpressionExperiment();
    this.securityService.makePrivate(ee);
    // add user and add the user to the group
    String username = "salmonid" + this.randomName();
    String groupName = "fish" + this.randomName();
    this.makeUser(username);
    this.securityService.makeOwnedByUser(ee, username);
    assertTrue(this.securityService.isEditableByUser(ee, username));
    this.runAsUser(username);
    this.securityService.createGroup(groupName);
    MutableAcl acl = aclTestUtils.getAcl(ee);
    int numberOfAces = acl.getEntries().size();
    this.securityService.makeReadableByGroup(ee, groupName);
    MutableAcl aclAfterReadableAdded = aclTestUtils.getAcl(ee);
    assertEquals(numberOfAces + 1, aclAfterReadableAdded.getEntries().size());
    this.securityService.makeWriteableByGroup(ee, groupName);
    MutableAcl aclAfterWritableAdded = aclTestUtils.getAcl(ee);
    assertEquals(numberOfAces + 2, aclAfterWritableAdded.getEntries().size());
    // this time the acl there and should not be added again
    this.securityService.makeReadableByGroup(ee, groupName);
    MutableAcl aclAfterReadableAddedAgain = aclTestUtils.getAcl(ee);
    assertEquals(numberOfAces + 2, aclAfterReadableAddedAgain.getEntries().size());
    // check writable too
    this.securityService.makeWriteableByGroup(ee, groupName);
    MutableAcl aclAfterWritableAddedAgain = aclTestUtils.getAcl(ee);
    assertEquals(numberOfAces + 2, aclAfterWritableAddedAgain.getEntries().size());
}
Also used : MutableAcl(org.springframework.security.acls.model.MutableAcl) ExpressionExperiment(ubic.gemma.model.expression.experiment.ExpressionExperiment) BaseSpringContextTest(ubic.gemma.core.testing.BaseSpringContextTest) Test(org.junit.Test)

Aggregations

MutableAcl (org.springframework.security.acls.model.MutableAcl)58 Test (org.junit.jupiter.api.Test)23 ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)20 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)17 Sid (org.springframework.security.acls.model.Sid)14 Authentication (org.springframework.security.core.Authentication)12 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)11 NotFoundException (org.springframework.security.acls.model.NotFoundException)10 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)9 EntityTypeIdentity (org.molgenis.data.security.EntityTypeIdentity)8 Transactional (org.springframework.transaction.annotation.Transactional)8 Test (org.testng.annotations.Test)8 Test (org.junit.Test)7 PackageIdentity (org.molgenis.data.security.PackageIdentity)6 CumulativePermission (org.springframework.security.acls.domain.CumulativePermission)6 WithMockUser (org.springframework.security.test.context.support.WithMockUser)6 Package (org.molgenis.data.meta.model.Package)5 Acl (org.springframework.security.acls.model.Acl)5 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)5 File (java.io.File)4