Search in sources :

Example 21 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class AclPermissionEvaluatorTests method hasPermissionReturnsTrueIfAclGrantsPermission.

@Test
public void hasPermissionReturnsTrueIfAclGrantsPermission() throws Exception {
    AclService service = mock(AclService.class);
    AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
    ObjectIdentity oid = mock(ObjectIdentity.class);
    ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
    when(oidStrategy.getObjectIdentity(anyObject())).thenReturn(oid);
    pe.setObjectIdentityRetrievalStrategy(oidStrategy);
    pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
    Acl acl = mock(Acl.class);
    when(service.readAclById(any(ObjectIdentity.class), anyListOf(Sid.class))).thenReturn(acl);
    when(acl.isGranted(anyListOf(Permission.class), anyListOf(Sid.class), eq(false))).thenReturn(true);
    assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "READ")).isTrue();
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) Permission(org.springframework.security.acls.model.Permission) ObjectIdentityRetrievalStrategy(org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy) Acl(org.springframework.security.acls.model.Acl) AclService(org.springframework.security.acls.model.AclService) SidRetrievalStrategy(org.springframework.security.acls.model.SidRetrievalStrategy) Sid(org.springframework.security.acls.model.Sid) Test(org.junit.Test)

Example 22 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method createAclForADuplicateDomainObject.

@Test
@Transactional
public void createAclForADuplicateDomainObject() throws Exception {
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity duplicateOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(100));
    jdbcMutableAclService.createAcl(duplicateOid);
    // Try to add the same object second time
    try {
        jdbcMutableAclService.createAcl(duplicateOid);
        fail("It should have thrown AlreadyExistsException");
    } catch (AlreadyExistsException expected) {
    }
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) AlreadyExistsException(org.springframework.security.acls.model.AlreadyExistsException) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 23 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method identityWithIntegerIdIsSupportedByCreateAcl.

/** SEC-1107 */
@Test
@Transactional
public void identityWithIntegerIdIsSupportedByCreateAcl() throws Exception {
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(101));
    jdbcMutableAclService.createAcl(oid);
    assertThat(jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(101)))).isNotNull();
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 24 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method childrenAreClearedFromCacheWhenParentIsUpdated.

/**
	 * SEC-655
	 */
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentIsUpdated() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(104));
    ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(105));
    MutableAcl parent = jdbcMutableAclService.createAcl(parentOid);
    MutableAcl child = jdbcMutableAclService.createAcl(childOid);
    child.setParent(parent);
    jdbcMutableAclService.updateAcl(child);
    parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true);
    jdbcMutableAclService.updateAcl(parent);
    parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true);
    jdbcMutableAclService.updateAcl(parent);
    child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
    parent = (MutableAcl) child.getParentAcl();
    assertThat(parent.getEntries()).hasSize(2).withFailMessage("Fails because child has a stale reference to its parent");
    assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new PrincipalSid("ben"));
    assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("scott"));
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 25 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method cumulativePermissions.

@Test
@Transactional
public void cumulativePermissions() {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(110));
    MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
    // Add an ACE permission entry
    Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
    assertThat(cm.getMask()).isEqualTo(17);
    Sid benSid = new PrincipalSid(auth);
    topParent.insertAce(0, cm, benSid, true);
    assertThat(topParent.getEntries()).hasSize(1);
    // Explicitly save the changed ACL
    topParent = jdbcMutableAclService.updateAcl(topParent);
    // Check the mask was retrieved correctly
    assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17);
    assertThat(topParent.isGranted(Arrays.asList(cm), Arrays.asList(benSid), true)).isTrue();
    SecurityContextHolder.clearContext();
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Permission(org.springframework.security.acls.model.Permission) BasePermission(org.springframework.security.acls.domain.BasePermission) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) CustomSid(org.springframework.security.acls.sid.CustomSid) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)46 MutableAcl (org.springframework.security.acls.model.MutableAcl)22 Test (org.junit.Test)21 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)19 Acl (org.springframework.security.acls.model.Acl)16 Authentication (org.springframework.security.core.Authentication)12 Sid (org.springframework.security.acls.model.Sid)11 NotFoundException (org.springframework.security.acls.model.NotFoundException)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)8 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)8 Permission (org.springframework.security.acls.model.Permission)7 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)6 Transactional (org.springframework.transaction.annotation.Transactional)5 BasePermission (org.springframework.security.acls.domain.BasePermission)4 ObjectIdentityRetrievalStrategy (org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy)4 HashMap (java.util.HashMap)3 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)3 AccessControlEntry (org.springframework.security.acls.model.AccessControlEntry)3 AclService (org.springframework.security.acls.model.AclService)3 SidRetrievalStrategy (org.springframework.security.acls.model.SidRetrievalStrategy)3