use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.
the class EhCacheBasedAclCacheTests method testDiskSerializationOfMutableAclObjectInstance.
// SEC-527
@Test
public void testDiskSerializationOfMutableAclObjectInstance() throws Exception {
// Serialization test
File file = File.createTempFile("SEC_TEST", ".object");
FileOutputStream fos = new FileOutputStream(file);
ObjectOutputStream oos = new ObjectOutputStream(fos);
oos.writeObject(acl);
oos.close();
FileInputStream fis = new FileInputStream(file);
ObjectInputStream ois = new ObjectInputStream(fis);
MutableAcl retrieved = (MutableAcl) ois.readObject();
ois.close();
assertThat(retrieved).isEqualTo(acl);
Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved);
assertThat(retrieved1).isEqualTo(null);
Object retrieved2 = FieldUtils.getProtectedFieldValue("permissionGrantingStrategy", retrieved);
assertThat(retrieved2).isEqualTo(null);
}
use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.
the class ContactManagerBackend method deletePermission.
public void deletePermission(Contact contact, Sid recipient, Permission permission) {
ObjectIdentity oid = new ObjectIdentityImpl(Contact.class, contact.getId());
MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);
// Remove all permissions associated with this particular recipient (string
// equality to KISS)
List<AccessControlEntry> entries = acl.getEntries();
for (int i = 0; i < entries.size(); i++) {
if (entries.get(i).getSid().equals(recipient) && entries.get(i).getPermission().equals(permission)) {
acl.deleteAce(i);
}
}
mutableAclService.updateAcl(acl);
if (logger.isDebugEnabled()) {
logger.debug("Deleted contact " + contact + " ACL permissions for recipient " + recipient);
}
}
use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.
the class SecureDataSourcePopulator method addPermission.
protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {
Assert.notNull(documentDao, "DocumentDao required");
Assert.isInstanceOf(SecureDocumentDao.class, documentDao, "DocumentDao should have been a SecureDocumentDao");
Assert.notNull(element, "Element required");
Assert.hasText(recipient, "Recipient required");
Assert.notNull(SecurityContextHolder.getContext().getAuthentication(), "SecurityContextHolder must contain an Authentication");
// We need SecureDocumentDao to assign different permissions
// SecureDocumentDao dao = (SecureDocumentDao) documentDao;
// We need to construct an ACL-specific Sid. Note the prefix contract is defined
// on the superclass method's JavaDocs
Sid sid = null;
if (recipient.startsWith("ROLE_")) {
sid = new GrantedAuthoritySid(recipient);
} else {
sid = new PrincipalSid(recipient);
}
// We need to identify the target domain object and create an ObjectIdentity for
// it
// This works because AbstractElement has a "getId()" method
ObjectIdentity identity = new ObjectIdentityImpl(element);
// ObjectIdentity identity = new ObjectIdentityImpl(element.getClass(),
// element.getId()); // equivalent
// Next we need to create a Permission
Permission permission = null;
if (level == LEVEL_NEGATE_READ || level == LEVEL_GRANT_READ) {
permission = BasePermission.READ;
} else if (level == LEVEL_GRANT_WRITE) {
permission = BasePermission.WRITE;
} else if (level == LEVEL_GRANT_ADMIN) {
permission = BasePermission.ADMINISTRATION;
} else {
throw new IllegalArgumentException("Unsupported LEVEL_");
}
// Attempt to retrieve the existing ACL, creating an ACL if it doesn't already
// exist for this ObjectIdentity
MutableAcl acl = null;
try {
acl = (MutableAcl) aclService.readAclById(identity);
} catch (NotFoundException nfe) {
acl = aclService.createAcl(identity);
Assert.notNull(acl, "Acl could not be retrieved or created");
}
// Now we have an ACL, add another ACE to it
if (level == LEVEL_NEGATE_READ) {
// not
acl.insertAce(acl.getEntries().size(), permission, sid, false);
// granting
} else {
// granting
acl.insertAce(acl.getEntries().size(), permission, sid, true);
}
// Finally, persist the modified ACL
aclService.updateAcl(acl);
}
use of org.springframework.security.acls.model.MutableAcl in project spring-security by spring-projects.
the class SecureDocumentDaoImpl method create.
public void create(AbstractElement element) {
super.create(element);
// Create an ACL identity for this element
ObjectIdentity identity = new ObjectIdentityImpl(element);
MutableAcl acl = mutableAclService.createAcl(identity);
// already exist)
if (element.getParent() != null) {
ObjectIdentity parentIdentity = new ObjectIdentityImpl(element.getParent());
MutableAcl aclParent = (MutableAcl) mutableAclService.readAclById(parentIdentity);
acl.setParent(aclParent);
}
acl.insertAce(acl.getEntries().size(), BasePermission.ADMINISTRATION, new PrincipalSid(SecurityContextHolder.getContext().getAuthentication()), true);
mutableAclService.updateAcl(acl);
}
use of org.springframework.security.acls.model.MutableAcl in project Gemma by PavlidisLab.
the class SecurityServiceTest method testDuplicateAcesNotAddedOnPrivateExpressionExperiment.
/*
* Tests that the same ACE can not be added twice to a securable object.
*/
@Test
public void testDuplicateAcesNotAddedOnPrivateExpressionExperiment() {
// make private experiment
ExpressionExperiment ee = super.getTestPersistentBasicExpressionExperiment();
this.securityService.makePrivate(ee);
// add user and add the user to the group
String username = "salmonid" + this.randomName();
String groupName = "fish" + this.randomName();
this.makeUser(username);
this.securityService.makeOwnedByUser(ee, username);
assertTrue(this.securityService.isEditableByUser(ee, username));
this.runAsUser(username);
this.securityService.createGroup(groupName);
MutableAcl acl = aclTestUtils.getAcl(ee);
int numberOfAces = acl.getEntries().size();
this.securityService.makeReadableByGroup(ee, groupName);
MutableAcl aclAfterReadableAdded = aclTestUtils.getAcl(ee);
assertEquals(numberOfAces + 1, aclAfterReadableAdded.getEntries().size());
this.securityService.makeWriteableByGroup(ee, groupName);
MutableAcl aclAfterWritableAdded = aclTestUtils.getAcl(ee);
assertEquals(numberOfAces + 2, aclAfterWritableAdded.getEntries().size());
// this time the acl there and should not be added again
this.securityService.makeReadableByGroup(ee, groupName);
MutableAcl aclAfterReadableAddedAgain = aclTestUtils.getAcl(ee);
assertEquals(numberOfAces + 2, aclAfterReadableAddedAgain.getEntries().size());
// check writable too
this.securityService.makeWriteableByGroup(ee, groupName);
MutableAcl aclAfterWritableAddedAgain = aclTestUtils.getAcl(ee);
assertEquals(numberOfAces + 2, aclAfterWritableAddedAgain.getEntries().size());
}
Aggregations