Examples with NotFoundException org.springframework.security.acls.model.NotFoundException used on opensource projects

Example 11 with NotFoundException

use of org.springframework.security.acls.model.NotFoundException in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method testLifecycle.

@Test
@Transactional
public void testLifecycle() {
    SecurityContextHolder.getContext().setAuthentication(auth);
    MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
    MutableAcl middleParent = jdbcMutableAclService.createAcl(middleParentOid);
    MutableAcl child = jdbcMutableAclService.createAcl(childOid);
    // Specify the inheritance hierarchy
    middleParent.setParent(topParent);
    child.setParent(middleParent);
    // Now let's add a couple of permissions
    topParent.insertAce(0, BasePermission.READ, new PrincipalSid(auth), true);
    topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(auth), false);
    middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), true);
    child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false);
    // Explicitly save the changed ACL
    jdbcMutableAclService.updateAcl(topParent);
    jdbcMutableAclService.updateAcl(middleParent);
    jdbcMutableAclService.updateAcl(child);
    // Let's check if we can read them back correctly
    Map<ObjectIdentity, Acl> map = jdbcMutableAclService.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid));
    assertThat(map).hasSize(3);
    // Replace our current objects with their retrieved versions
    topParent = (MutableAcl) map.get(topParentOid);
    middleParent = (MutableAcl) map.get(middleParentOid);
    child = (MutableAcl) map.get(childOid);
    // Check the retrieved versions has IDs
    assertThat(topParent.getId()).isNotNull();
    assertThat(middleParent.getId()).isNotNull();
    assertThat(child.getId()).isNotNull();
    // Check their parents were correctly persisted
    assertThat(topParent.getParentAcl()).isNull();
    assertThat(middleParent.getParentAcl().getObjectIdentity()).isEqualTo(topParentOid);
    assertThat(child.getParentAcl().getObjectIdentity()).isEqualTo(middleParentOid);
    // Check their ACEs were correctly persisted
    assertThat(topParent.getEntries()).hasSize(2);
    assertThat(middleParent.getEntries()).hasSize(1);
    assertThat(child.getEntries()).hasSize(1);
    // Check the retrieved rights are correct
    List<Permission> read = Arrays.asList(BasePermission.READ);
    List<Permission> write = Arrays.asList(BasePermission.WRITE);
    List<Permission> delete = Arrays.asList(BasePermission.DELETE);
    List<Sid> pSid = Arrays.asList((Sid) new PrincipalSid(auth));
    assertThat(topParent.isGranted(read, pSid, false)).isTrue();
    assertThat(topParent.isGranted(write, pSid, false)).isFalse();
    assertThat(middleParent.isGranted(delete, pSid, false)).isTrue();
    assertThat(child.isGranted(delete, pSid, false)).isFalse();
    try {
        child.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false);
        fail("Should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    // Now check the inherited rights (when not explicitly overridden) also look OK
    assertThat(child.isGranted(read, pSid, false)).isTrue();
    assertThat(child.isGranted(write, pSid, false)).isFalse();
    assertThat(child.isGranted(delete, pSid, false)).isFalse();
    // Next change the child so it doesn't inherit permissions from above
    child.setEntriesInheriting(false);
    jdbcMutableAclService.updateAcl(child);
    child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
    assertThat(child.isEntriesInheriting()).isFalse();
    // Check the child permissions no longer inherit
    assertThat(child.isGranted(delete, pSid, true)).isFalse();
    try {
        child.isGranted(read, pSid, true);
        fail("Should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    try {
        child.isGranted(write, pSid, true);
        fail("Should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    // Let's add an identical permission to the child, but it'll appear AFTER the
    // current permission, so has no impact
    child.insertAce(1, BasePermission.DELETE, new PrincipalSid(auth), true);
    // Let's also add another permission to the child
    child.insertAce(2, BasePermission.CREATE, new PrincipalSid(auth), true);
    // Save the changed child
    jdbcMutableAclService.updateAcl(child);
    child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
    assertThat(child.getEntries()).hasSize(3);
    // Output permissions
    for (int i = 0; i < child.getEntries().size(); i++) {
        System.out.println(child.getEntries().get(i));
    }
    // Check the permissions are as they should be
    // as earlier permission
    assertThat(child.isGranted(delete, pSid, true)).isFalse();
    // overrode
    assertThat(child.isGranted(Arrays.asList(BasePermission.CREATE), pSid, true)).isTrue();
    // Now check the first ACE (index 0) really is DELETE for our Sid and is
    // non-granting
    AccessControlEntry entry = child.getEntries().get(0);
    assertThat(entry.getPermission().getMask()).isEqualTo(BasePermission.DELETE.getMask());
    assertThat(entry.getSid()).isEqualTo(new PrincipalSid(auth));
    assertThat(entry.isGranting()).isFalse();
    assertThat(entry.getId()).isNotNull();
    // Now delete that first ACE
    child.deleteAce(0);
    // Save and check it worked
    child = jdbcMutableAclService.updateAcl(child);
    assertThat(child.getEntries()).hasSize(2);
    assertThat(child.isGranted(delete, pSid, false)).isTrue();
    SecurityContextHolder.clearContext();
}

Example 12 with NotFoundException

use of org.springframework.security.acls.model.NotFoundException in project spring-security by spring-projects.

the class JdbcMutableAclService method updateObjectIdentity.

/**
	 * Updates an existing acl_object_identity row, with new information presented in the
	 * passed MutableAcl object. Also will create an acl_sid entry if needed for the Sid
	 * that owns the MutableAcl.
	 *
	 * @param acl to modify (a row must already exist in acl_object_identity)
	 *
	 * @throws NotFoundException if the ACL could not be found to update.
	 */
protected void updateObjectIdentity(MutableAcl acl) {
    Long parentId = null;
    if (acl.getParentAcl() != null) {
        Assert.isInstanceOf(ObjectIdentityImpl.class, acl.getParentAcl().getObjectIdentity(), "Implementation only supports ObjectIdentityImpl");
        ObjectIdentityImpl oii = (ObjectIdentityImpl) acl.getParentAcl().getObjectIdentity();
        parentId = retrieveObjectIdentityPrimaryKey(oii);
    }
    Assert.notNull(acl.getOwner(), "Owner is required in this implementation");
    Long ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true);
    int count = jdbcTemplate.update(updateObjectIdentity, parentId, ownerSid, Boolean.valueOf(acl.isEntriesInheriting()), acl.getId());
    if (count != 1) {
        throw new NotFoundException("Unable to locate ACL to update");
    }
}

Example 13 with NotFoundException

use of org.springframework.security.acls.model.NotFoundException in project spring-security by spring-projects.

the class AclImplementationSecurityCheckTests method testSecurityCheckNoACEs.

@Test
public void testSecurityCheckNoACEs() throws Exception {
    Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL", "ROLE_AUDITING", "ROLE_OWNERSHIP");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
    AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
    Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
    aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
    aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
    aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
    // Create another authorization strategy
    AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"), new SimpleGrantedAuthority("ROLE_THREE"));
    Acl acl2 = new AclImpl(identity, new Long(1), aclAuthorizationStrategy2, new ConsoleAuditLogger());
    // Check access in case the principal has no authorization rights
    try {
        aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    try {
        aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    try {
        aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
}

Example 14 with NotFoundException

use of org.springframework.security.acls.model.NotFoundException in project spring-security by spring-projects.

the class SecureDataSourcePopulator method addPermission.

protected void addPermission(DocumentDao documentDao, AbstractElement element, String recipient, int level) {
    Assert.notNull(documentDao, "DocumentDao required");
    Assert.isInstanceOf(SecureDocumentDao.class, documentDao, "DocumentDao should have been a SecureDocumentDao");
    Assert.notNull(element, "Element required");
    Assert.hasText(recipient, "Recipient required");
    Assert.notNull(SecurityContextHolder.getContext().getAuthentication(), "SecurityContextHolder must contain an Authentication");
    // We need SecureDocumentDao to assign different permissions
    // SecureDocumentDao dao = (SecureDocumentDao) documentDao;
    // We need to construct an ACL-specific Sid. Note the prefix contract is defined
    // on the superclass method's JavaDocs
    Sid sid = null;
    if (recipient.startsWith("ROLE_")) {
        sid = new GrantedAuthoritySid(recipient);
    } else {
        sid = new PrincipalSid(recipient);
    }
    // We need to identify the target domain object and create an ObjectIdentity for
    // it
    // This works because AbstractElement has a "getId()" method
    ObjectIdentity identity = new ObjectIdentityImpl(element);
    // ObjectIdentity identity = new ObjectIdentityImpl(element.getClass(),
    // element.getId()); // equivalent
    // Next we need to create a Permission
    Permission permission = null;
    if (level == LEVEL_NEGATE_READ || level == LEVEL_GRANT_READ) {
        permission = BasePermission.READ;
    } else if (level == LEVEL_GRANT_WRITE) {
        permission = BasePermission.WRITE;
    } else if (level == LEVEL_GRANT_ADMIN) {
        permission = BasePermission.ADMINISTRATION;
    } else {
        throw new IllegalArgumentException("Unsupported LEVEL_");
    }
    // Attempt to retrieve the existing ACL, creating an ACL if it doesn't already
    // exist for this ObjectIdentity
    MutableAcl acl = null;
    try {
        acl = (MutableAcl) aclService.readAclById(identity);
    } catch (NotFoundException nfe) {
        acl = aclService.createAcl(identity);
        Assert.notNull(acl, "Acl could not be retrieved or created");
    }
    // Now we have an ACL, add another ACE to it
    if (level == LEVEL_NEGATE_READ) {
        // not
        acl.insertAce(acl.getEntries().size(), permission, sid, false);
    // granting
    } else {
        // granting
        acl.insertAce(acl.getEntries().size(), permission, sid, true);
    }
    // Finally, persist the modified ACL
    aclService.updateAcl(acl);
}