Search in sources :

Example 6 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class BasicLookupStrategyTests method testAclsRetrievalFromCacheOnly.

@Test
public void testAclsRetrievalFromCacheOnly() throws Exception {
    ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(100));
    ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(101));
    ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
    // Objects were put in cache
    strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
    // Let's empty the database to force acls retrieval from cache
    emptyDatabase();
    Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
    checkEntries(topParentOid, middleParentOid, childOid, map);
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Acl(org.springframework.security.acls.model.Acl) MutableAcl(org.springframework.security.acls.model.MutableAcl)

Example 7 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class EhCacheBasedAclCacheTests method putInCacheAclWithParent.

@Test
public void putInCacheAclWithParent() throws Exception {
    Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2));
    AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
    MutableAcl parentAcl = new AclImpl(identityParent, Long.valueOf(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
    acl.setParent(parentAcl);
    myCache.putInCache(acl);
    verify(cache, times(4)).put(element.capture());
    List<Element> allValues = element.getAllValues();
    assertThat(allValues.get(0).getKey()).isEqualTo(parentAcl.getObjectIdentity());
    assertThat(allValues.get(0).getObjectValue()).isEqualTo(parentAcl);
    assertThat(allValues.get(1).getKey()).isEqualTo(parentAcl.getId());
    assertThat(allValues.get(1).getObjectValue()).isEqualTo(parentAcl);
    assertThat(allValues.get(2).getKey()).isEqualTo(acl.getObjectIdentity());
    assertThat(allValues.get(2).getObjectValue()).isEqualTo(acl);
    assertThat(allValues.get(3).getKey()).isEqualTo(acl.getId());
    assertThat(allValues.get(3).getObjectValue()).isEqualTo(acl);
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) Element(net.sf.ehcache.Element) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.Test)

Example 8 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class EhCacheBasedAclCacheTests method methodsRejectNullParameters.

@Test
public void methodsRejectNullParameters() throws Exception {
    try {
        Serializable id = null;
        myCache.evictFromCache(id);
        fail("It should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
    }
    try {
        ObjectIdentity obj = null;
        myCache.evictFromCache(obj);
        fail("It should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
    }
    try {
        Serializable id = null;
        myCache.getFromCache(id);
        fail("It should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
    }
    try {
        ObjectIdentity obj = null;
        myCache.getFromCache(obj);
        fail("It should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
    }
    try {
        MutableAcl acl = null;
        myCache.putInCache(acl);
        fail("It should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
    }
}
Also used : Serializable(java.io.Serializable) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) MutableAcl(org.springframework.security.acls.model.MutableAcl) Test(org.junit.Test)

Example 9 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class JdbcAclServiceTests method readAclByIdMissingAcl.

// SEC-1898
@Test(expected = NotFoundException.class)
public void readAclByIdMissingAcl() {
    Map<ObjectIdentity, Acl> result = new HashMap<ObjectIdentity, Acl>();
    when(lookupStrategy.readAclsById(anyListOf(ObjectIdentity.class), anyListOf(Sid.class))).thenReturn(result);
    ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1);
    List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid("user"));
    aclService.readAclById(objectIdentity, sids);
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) HashMap(java.util.HashMap) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Acl(org.springframework.security.acls.model.Acl) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Sid(org.springframework.security.acls.model.Sid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test)

Example 10 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class AclEntryVoter method vote.

public int vote(Authentication authentication, MethodInvocation object, Collection<ConfigAttribute> attributes) {
    for (ConfigAttribute attr : attributes) {
        if (!this.supports(attr)) {
            continue;
        }
        // Need to make an access decision on this invocation
        // Attempt to locate the domain object instance to process
        Object domainObject = getDomainObjectInstance(object);
        // If domain object is null, vote to abstain
        if (domainObject == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Voting to abstain - domainObject is null");
            }
            return ACCESS_ABSTAIN;
        }
        // Evaluate if we are required to use an inner domain object
        if (StringUtils.hasText(internalMethod)) {
            try {
                Class<?> clazz = domainObject.getClass();
                Method method = clazz.getMethod(internalMethod, new Class[0]);
                domainObject = method.invoke(domainObject);
            } catch (NoSuchMethodException nsme) {
                throw new AuthorizationServiceException("Object of class '" + domainObject.getClass() + "' does not provide the requested internalMethod: " + internalMethod);
            } catch (IllegalAccessException iae) {
                logger.debug("IllegalAccessException", iae);
                throw new AuthorizationServiceException("Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject);
            } catch (InvocationTargetException ite) {
                logger.debug("InvocationTargetException", ite);
                throw new AuthorizationServiceException("Problem invoking internalMethod: " + internalMethod + " for object: " + domainObject);
            }
        }
        // Obtain the OID applicable to the domain object
        ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
        // Obtain the SIDs applicable to the principal
        List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
        Acl acl;
        try {
            // Lookup only ACLs for SIDs we're interested in
            acl = aclService.readAclById(objectIdentity, sids);
        } catch (NotFoundException nfe) {
            if (logger.isDebugEnabled()) {
                logger.debug("Voting to deny access - no ACLs apply for this principal");
            }
            return ACCESS_DENIED;
        }
        try {
            if (acl.isGranted(requirePermission, sids, false)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Voting to grant access");
                }
                return ACCESS_GRANTED;
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("Voting to deny access - ACLs returned, but insufficient permissions for this principal");
                }
                return ACCESS_DENIED;
            }
        } catch (NotFoundException nfe) {
            if (logger.isDebugEnabled()) {
                logger.debug("Voting to deny access - no ACLs apply for this principal");
            }
            return ACCESS_DENIED;
        }
    }
    // No configuration attribute matched, so abstain
    return ACCESS_ABSTAIN;
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) NotFoundException(org.springframework.security.acls.model.NotFoundException) Method(java.lang.reflect.Method) Acl(org.springframework.security.acls.model.Acl) InvocationTargetException(java.lang.reflect.InvocationTargetException) Sid(org.springframework.security.acls.model.Sid) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) AuthorizationServiceException(org.springframework.security.access.AuthorizationServiceException)

Aggregations

ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)46 MutableAcl (org.springframework.security.acls.model.MutableAcl)22 Test (org.junit.Test)21 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)19 Acl (org.springframework.security.acls.model.Acl)16 Authentication (org.springframework.security.core.Authentication)12 Sid (org.springframework.security.acls.model.Sid)11 NotFoundException (org.springframework.security.acls.model.NotFoundException)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)8 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)8 Permission (org.springframework.security.acls.model.Permission)7 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)6 Transactional (org.springframework.transaction.annotation.Transactional)5 BasePermission (org.springframework.security.acls.domain.BasePermission)4 ObjectIdentityRetrievalStrategy (org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy)4 HashMap (java.util.HashMap)3 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)3 AccessControlEntry (org.springframework.security.acls.model.AccessControlEntry)3 AclService (org.springframework.security.acls.model.AclService)3 SidRetrievalStrategy (org.springframework.security.acls.model.SidRetrievalStrategy)3