Search in sources :

Example 16 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class BasicLookupStrategyTests method testAclsRetrievalWithCustomBatchSize.

@Test
public void testAclsRetrievalWithCustomBatchSize() throws Exception {
    ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
    ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(101));
    ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
    // Set a batch size to allow multiple database queries in order to
    // retrieve all
    // acls
    this.strategy.setBatchSize(1);
    Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
    checkEntries(topParentOid, middleParentOid, childOid, map);
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Acl(org.springframework.security.acls.model.Acl) MutableAcl(org.springframework.security.acls.model.MutableAcl)

Example 17 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class BasicLookupStrategy method lookupObjectIdentities.

/**
	 * Looks up a batch of <code>ObjectIdentity</code>s directly from the database.
	 * <p>
	 * The caller is responsible for optimization issues, such as selecting the identities
	 * to lookup, ensuring the cache doesn't contain them already, and adding the returned
	 * elements to the cache etc.
	 * <p>
	 * This subclass is required to return fully valid <code>Acl</code>s, including
	 * properly-configured parent ACLs.
	 *
	 */
private Map<ObjectIdentity, Acl> lookupObjectIdentities(final Collection<ObjectIdentity> objectIdentities, List<Sid> sids) {
    Assert.notEmpty(objectIdentities, "Must provide identities to lookup");
    // contains
    final Map<Serializable, Acl> acls = new HashMap<Serializable, Acl>();
    // Acls
    // with
    // StubAclParents
    // Make the "acls" map contain all requested objectIdentities
    // (including markers to each parent in the hierarchy)
    String sql = computeRepeatingSql(lookupObjectIdentitiesWhereClause, objectIdentities.size());
    Set<Long> parentsToLookup = jdbcTemplate.query(sql, new PreparedStatementSetter() {

        public void setValues(PreparedStatement ps) throws SQLException {
            int i = 0;
            for (ObjectIdentity oid : objectIdentities) {
                // Determine prepared statement values for this iteration
                String type = oid.getType();
                // No need to check for nulls, as guaranteed non-null by
                // ObjectIdentity.getIdentifier() interface contract
                String identifier = oid.getIdentifier().toString();
                long id = (Long.valueOf(identifier)).longValue();
                // Inject values
                ps.setLong((2 * i) + 1, id);
                ps.setString((2 * i) + 2, type);
                i++;
            }
        }
    }, new ProcessResultSet(acls, sids));
    // connection (SEC-547)
    if (parentsToLookup.size() > 0) {
        lookupPrimaryKeys(acls, parentsToLookup, sids);
    }
    // Finally, convert our "acls" containing StubAclParents into true Acls
    Map<ObjectIdentity, Acl> resultMap = new HashMap<ObjectIdentity, Acl>();
    for (Acl inputAcl : acls.values()) {
        Assert.isInstanceOf(AclImpl.class, inputAcl, "Map should have contained an AclImpl");
        Assert.isInstanceOf(Long.class, ((AclImpl) inputAcl).getId(), "Acl.getId() must be Long");
        Acl result = convert(acls, (Long) ((AclImpl) inputAcl).getId());
        resultMap.put(result.getObjectIdentity(), result);
    }
    return resultMap;
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) SQLException(java.sql.SQLException) PreparedStatementSetter(org.springframework.jdbc.core.PreparedStatementSetter) PreparedStatement(java.sql.PreparedStatement) MutableAcl(org.springframework.security.acls.model.MutableAcl) Acl(org.springframework.security.acls.model.Acl) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) AclImpl(org.springframework.security.acls.domain.AclImpl)

Example 18 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class BasicLookupStrategy method readAclsById.

/**
	 * The main method.
	 * <p>
	 * WARNING: This implementation completely disregards the "sids" argument! Every item
	 * in the cache is expected to contain all SIDs. If you have serious performance needs
	 * (e.g. a very large number of SIDs per object identity), you'll probably want to
	 * develop a custom {@link LookupStrategy} implementation instead.
	 * <p>
	 * The implementation works in batch sizes specified by {@link #batchSize}.
	 *
	 * @param objects the identities to lookup (required)
	 * @param sids the SIDs for which identities are required (ignored by this
	 * implementation)
	 *
	 * @return a <tt>Map</tt> where keys represent the {@link ObjectIdentity} of the
	 * located {@link Acl} and values are the located {@link Acl} (never <tt>null</tt>
	 * although some entries may be missing; this method should not throw
	 * {@link NotFoundException}, as a chain of {@link LookupStrategy}s may be used to
	 * automatically create entries if required)
	 */
public final Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) {
    Assert.isTrue(batchSize >= 1, "BatchSize must be >= 1");
    Assert.notEmpty(objects, "Objects to lookup required");
    // Map<ObjectIdentity,Acl>
    // contains
    Map<ObjectIdentity, Acl> result = new HashMap<ObjectIdentity, Acl>();
    // FULLY
    // loaded
    // Acl
    // objects
    Set<ObjectIdentity> currentBatchToLoad = new HashSet<ObjectIdentity>();
    for (int i = 0; i < objects.size(); i++) {
        final ObjectIdentity oid = objects.get(i);
        boolean aclFound = false;
        // Check we don't already have this ACL in the results
        if (result.containsKey(oid)) {
            aclFound = true;
        }
        // Check cache for the present ACL entry
        if (!aclFound) {
            Acl acl = aclCache.getFromCache(oid);
            // (they should always, as our base impl doesn't filter on SID)
            if (acl != null) {
                if (acl.isSidLoaded(sids)) {
                    result.put(acl.getObjectIdentity(), acl);
                    aclFound = true;
                } else {
                    throw new IllegalStateException("Error: SID-filtered element detected when implementation does not perform SID filtering " + "- have you added something to the cache manually?");
                }
            }
        }
        // Load the ACL from the database
        if (!aclFound) {
            currentBatchToLoad.add(oid);
        }
        // Is it time to load from JDBC the currentBatchToLoad?
        if ((currentBatchToLoad.size() == this.batchSize) || ((i + 1) == objects.size())) {
            if (currentBatchToLoad.size() > 0) {
                Map<ObjectIdentity, Acl> loadedBatch = lookupObjectIdentities(currentBatchToLoad, sids);
                // Add loaded batch (all elements 100% initialized) to results
                result.putAll(loadedBatch);
                for (Acl loadedAcl : loadedBatch.values()) {
                    aclCache.putInCache((AclImpl) loadedAcl);
                }
                currentBatchToLoad.clear();
            }
        }
    }
    return result;
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) HashMap(java.util.HashMap) MutableAcl(org.springframework.security.acls.model.MutableAcl) Acl(org.springframework.security.acls.model.Acl) HashSet(java.util.HashSet)

Example 19 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class JdbcAclService method findChildren.

// ~ Methods
// ========================================================================================================
public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
    Object[] args = { parentIdentity.getIdentifier(), parentIdentity.getType() };
    List<ObjectIdentity> objects = jdbcTemplate.query(findChildrenSql, args, new RowMapper<ObjectIdentity>() {

        public ObjectIdentity mapRow(ResultSet rs, int rowNum) throws SQLException {
            String javaType = rs.getString("class");
            Long identifier = new Long(rs.getLong("obj_id"));
            return new ObjectIdentityImpl(javaType, identifier);
        }
    });
    if (objects.size() == 0) {
        return null;
    }
    return objects;
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) SQLException(java.sql.SQLException) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) ResultSet(java.sql.ResultSet)

Example 20 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class AclPermissionCacheOptimizerTests method eagerlyLoadsRequiredAcls.

@Test
public void eagerlyLoadsRequiredAcls() throws Exception {
    AclService service = mock(AclService.class);
    AclPermissionCacheOptimizer pco = new AclPermissionCacheOptimizer(service);
    ObjectIdentityRetrievalStrategy oidStrat = mock(ObjectIdentityRetrievalStrategy.class);
    SidRetrievalStrategy sidStrat = mock(SidRetrievalStrategy.class);
    pco.setObjectIdentityRetrievalStrategy(oidStrat);
    pco.setSidRetrievalStrategy(sidStrat);
    Object[] dos = { new Object(), null, new Object() };
    ObjectIdentity[] oids = { new ObjectIdentityImpl("A", "1"), new ObjectIdentityImpl("A", "2") };
    when(oidStrat.getObjectIdentity(dos[0])).thenReturn(oids[0]);
    when(oidStrat.getObjectIdentity(dos[2])).thenReturn(oids[1]);
    pco.cachePermissionsFor(mock(Authentication.class), Arrays.asList(dos));
    // AclService should be invoked with the list of required Oids
    verify(service).readAclsById(eq(Arrays.asList(oids)), any(List.class));
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) List(java.util.List) ObjectIdentityRetrievalStrategy(org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy) AclService(org.springframework.security.acls.model.AclService) SidRetrievalStrategy(org.springframework.security.acls.model.SidRetrievalStrategy) Test(org.junit.Test)

Aggregations

ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)46 MutableAcl (org.springframework.security.acls.model.MutableAcl)22 Test (org.junit.Test)21 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)19 Acl (org.springframework.security.acls.model.Acl)16 Authentication (org.springframework.security.core.Authentication)12 Sid (org.springframework.security.acls.model.Sid)11 NotFoundException (org.springframework.security.acls.model.NotFoundException)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)8 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)8 Permission (org.springframework.security.acls.model.Permission)7 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)6 Transactional (org.springframework.transaction.annotation.Transactional)5 BasePermission (org.springframework.security.acls.domain.BasePermission)4 ObjectIdentityRetrievalStrategy (org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy)4 HashMap (java.util.HashMap)3 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)3 AccessControlEntry (org.springframework.security.acls.model.AccessControlEntry)3 AclService (org.springframework.security.acls.model.AclService)3 SidRetrievalStrategy (org.springframework.security.acls.model.SidRetrievalStrategy)3