Examples with NotFoundException org.springframework.security.acls.model.NotFoundException used on opensource projects

Example 6 with NotFoundException

use of org.springframework.security.acls.model.NotFoundException in project spring-security by spring-projects.

the class AclEntryVoter method vote.

public int vote(Authentication authentication, MethodInvocation object, Collection<ConfigAttribute> attributes) {
    for (ConfigAttribute attr : attributes) {
        if (!this.supports(attr)) {
            continue;
        }
        // Need to make an access decision on this invocation
        // Attempt to locate the domain object instance to process
        Object domainObject = getDomainObjectInstance(object);
        // If domain object is null, vote to abstain
        if (domainObject == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Voting to abstain - domainObject is null");
            }
            return ACCESS_ABSTAIN;
        }
        // Evaluate if we are required to use an inner domain object
        if (StringUtils.hasText(internalMethod)) {
            try {
                Class<?> clazz = domainObject.getClass();
                Method method = clazz.getMethod(internalMethod, new Class[0]);
                domainObject = method.invoke(domainObject);
            } catch (NoSuchMethodException nsme) {
                throw new AuthorizationServiceException("Object of class '" + domainObject.getClass() + "' does not provide the requested internalMethod: " + internalMethod);
            } catch (IllegalAccessException iae) {
                logger.debug("IllegalAccessException", iae);
                throw new AuthorizationServiceException("Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject);
            } catch (InvocationTargetException ite) {
                logger.debug("InvocationTargetException", ite);
                throw new AuthorizationServiceException("Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject);
            }
        }
        // Obtain the OID applicable to the domain object
        ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
        // Obtain the SIDs applicable to the principal
        List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
        Acl acl;
        try {
            // Lookup only ACLs for SIDs we're interested in
            acl = aclService.readAclById(objectIdentity, sids);
        } catch (NotFoundException nfe) {
            if (logger.isDebugEnabled()) {
                logger.debug("Voting to deny access - no ACLs apply for this principal");
            }
            return ACCESS_DENIED;
        }
        try {
            if (acl.isGranted(requirePermission, sids, false)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Voting to grant access");
                }
                return ACCESS_GRANTED;
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("Voting to deny access - ACLs returned, but insufficient permissions for this principal");
                }
                return ACCESS_DENIED;
            }
        } catch (NotFoundException nfe) {
            if (logger.isDebugEnabled()) {
                logger.debug("Voting to deny access - no ACLs apply for this principal");
            }
            return ACCESS_DENIED;
        }
    }
    // No configuration attribute matched, so abstain
    return ACCESS_ABSTAIN;
}

Example 7 with NotFoundException

use of org.springframework.security.acls.model.NotFoundException in project spring-security by spring-projects.

the class AclPermissionEvaluator method checkPermission.

private boolean checkPermission(Authentication authentication, ObjectIdentity oid, Object permission) {
    // Obtain the SIDs applicable to the principal
    List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
    List<Permission> requiredPermission = resolvePermission(permission);
    final boolean debug = logger.isDebugEnabled();
    if (debug) {
        logger.debug("Checking permission '" + permission + "' for object '" + oid + "'");
    }
    try {
        // Lookup only ACLs for SIDs we're interested in
        Acl acl = aclService.readAclById(oid, sids);
        if (acl.isGranted(requiredPermission, sids, false)) {
            if (debug) {
                logger.debug("Access is granted");
            }
            return true;
        }
        if (debug) {
            logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
        }
    } catch (NotFoundException nfe) {
        if (debug) {
            logger.debug("Returning false - no ACLs apply for this principal");
        }
    }
    return false;
}

Example 8 with NotFoundException

use of org.springframework.security.acls.model.NotFoundException in project spring-security by spring-projects.

the class BasicLookupStrategyTests method testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached.

/**
	 * Test created from SEC-590.
	 */
@Test
public void testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached() throws Exception {
    String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,104,null,1,1);" + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (5,2,105,4,1,1);" + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,106,4,1,1);" + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (7,2,107,5,1,1);" + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (5,4,0,1,1,1,0,0)";
    jdbcTemplate.execute(query);
    ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(104));
    ObjectIdentity parent1Oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(105));
    ObjectIdentity parent2Oid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(106));
    ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(107));
    // First lookup only child, thus populating the cache with grandParent,
    // parent1
    // and child
    List<Permission> checkPermission = Arrays.asList(BasePermission.READ);
    List<Sid> sids = Arrays.asList(BEN_SID);
    List<ObjectIdentity> childOids = Arrays.asList(childOid);
    strategy.setBatchSize(6);
    Map<ObjectIdentity, Acl> foundAcls = strategy.readAclsById(childOids, sids);
    Acl foundChildAcl = foundAcls.get(childOid);
    assertThat(foundChildAcl).isNotNull();
    assertThat(foundChildAcl.isGranted(checkPermission, sids, false)).isTrue();
    // Search for object identities has to be done in the following order:
    // last
    // element have to be one which
    // is already in cache and the element before it must not be stored in
    // cache
    List<ObjectIdentity> allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid);
    try {
        foundAcls = strategy.readAclsById(allOids, sids);
    } catch (NotFoundException notExpected) {
        fail("It shouldn't have thrown NotFoundException");
    }
    Acl foundParent2Acl = foundAcls.get(parent2Oid);
    assertThat(foundParent2Acl).isNotNull();
    assertThat(foundParent2Acl.isGranted(checkPermission, sids, false)).isTrue();
}

Example 9 with NotFoundException

use of org.springframework.security.acls.model.NotFoundException in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method deleteAclAlsoDeletesChildren.

/**
	 * Test method that demonstrates eviction failure from cache - SEC-676
	 */
@Test
@Transactional
public void deleteAclAlsoDeletesChildren() throws Exception {
    SecurityContextHolder.getContext().setAuthentication(auth);
    jdbcMutableAclService.createAcl(topParentOid);
    MutableAcl middleParent = jdbcMutableAclService.createAcl(middleParentOid);
    MutableAcl child = jdbcMutableAclService.createAcl(childOid);
    child.setParent(middleParent);
    jdbcMutableAclService.updateAcl(middleParent);
    jdbcMutableAclService.updateAcl(child);
    // Check the childOid really is a child of middleParentOid
    Acl childAcl = jdbcMutableAclService.readAclById(childOid);
    assertThat(childAcl.getParentAcl().getObjectIdentity()).isEqualTo(middleParentOid);
    // Delete the mid-parent and test if the child was deleted, as well
    jdbcMutableAclService.deleteAcl(middleParentOid, true);
    try {
        jdbcMutableAclService.readAclById(middleParentOid);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    try {
        jdbcMutableAclService.readAclById(childOid);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    Acl acl = jdbcMutableAclService.readAclById(topParentOid);
    assertThat(acl).isNotNull();
    assertThat(topParentOid).isEqualTo(((MutableAcl) acl).getObjectIdentity());
}

Example 10 with NotFoundException

use of org.springframework.security.acls.model.NotFoundException in project spring-security by spring-projects.

the class AbstractAclProvider method hasPermission.

protected boolean hasPermission(Authentication authentication, Object domainObject) {
    // Obtain the OID applicable to the domain object
    ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
    // Obtain the SIDs applicable to the principal
    List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
    try {
        // Lookup only ACLs for SIDs we're interested in
        Acl acl = aclService.readAclById(objectIdentity, sids);
        return acl.isGranted(requirePermission, sids, false);
    } catch (NotFoundException ignore) {
        return false;
    }
}