Search in sources :

Example 26 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class SpringCacheBasedAclCacheTests method cacheOperationsAclWithParent.

@SuppressWarnings("rawtypes")
@Test
public void cacheOperationsAclWithParent() throws Exception {
    Cache cache = getCache();
    Map realCache = (Map) cache.getNativeCache();
    Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(1));
    ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2));
    AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
    AuditLogger auditLogger = new ConsoleAuditLogger();
    PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
    SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy, aclAuthorizationStrategy);
    MutableAcl acl = new AclImpl(identity, Long.valueOf(1), aclAuthorizationStrategy, auditLogger);
    MutableAcl parentAcl = new AclImpl(identityParent, Long.valueOf(2), aclAuthorizationStrategy, auditLogger);
    acl.setParent(parentAcl);
    assertThat(realCache).isEmpty();
    myCache.putInCache(acl);
    assertThat(4).isEqualTo(realCache.size());
    // Check we can get from cache the same objects we put in
    AclImpl aclFromCache = (AclImpl) myCache.getFromCache(Long.valueOf(1));
    assertThat(aclFromCache).isEqualTo(acl);
    // SEC-951 check transient fields are set on parent
    assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "aclAuthorizationStrategy")).isNotNull();
    assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "permissionGrantingStrategy")).isNotNull();
    assertThat(myCache.getFromCache(identity)).isEqualTo(acl);
    assertThat(FieldUtils.getFieldValue(aclFromCache, "aclAuthorizationStrategy")).isNotNull();
    AclImpl parentAclFromCache = (AclImpl) myCache.getFromCache(Long.valueOf(2));
    assertThat(parentAclFromCache).isEqualTo(parentAcl);
    assertThat(FieldUtils.getFieldValue(parentAclFromCache, "aclAuthorizationStrategy")).isNotNull();
    assertThat(myCache.getFromCache(identityParent)).isEqualTo(parentAcl);
}
Also used : TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) PermissionGrantingStrategy(org.springframework.security.acls.model.PermissionGrantingStrategy) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) MutableAcl(org.springframework.security.acls.model.MutableAcl) Map(java.util.Map) Cache(org.springframework.cache.Cache) Test(org.junit.Test)

Example 27 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class AclPermissionCacheOptimizer method cachePermissionsFor.

public void cachePermissionsFor(Authentication authentication, Collection<?> objects) {
    if (objects.isEmpty()) {
        return;
    }
    List<ObjectIdentity> oidsToCache = new ArrayList<ObjectIdentity>(objects.size());
    for (Object domainObject : objects) {
        if (domainObject == null) {
            continue;
        }
        ObjectIdentity oid = oidRetrievalStrategy.getObjectIdentity(domainObject);
        oidsToCache.add(oid);
    }
    List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
    if (logger.isDebugEnabled()) {
        logger.debug("Eagerly loading Acls for " + oidsToCache.size() + " objects");
    }
    aclService.readAclsById(oidsToCache, sids);
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) ArrayList(java.util.ArrayList) Sid(org.springframework.security.acls.model.Sid)

Example 28 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class AbstractAclProvider method hasPermission.

protected boolean hasPermission(Authentication authentication, Object domainObject) {
    // Obtain the OID applicable to the domain object
    ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
    // Obtain the SIDs applicable to the principal
    List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
    try {
        // Lookup only ACLs for SIDs we're interested in
        Acl acl = aclService.readAclById(objectIdentity, sids);
        return acl.isGranted(requirePermission, sids, false);
    } catch (NotFoundException ignore) {
        return false;
    }
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) NotFoundException(org.springframework.security.acls.model.NotFoundException) Acl(org.springframework.security.acls.model.Acl) Sid(org.springframework.security.acls.model.Sid)

Example 29 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class BasicLookupStrategyTests method nullOwnerIsNotSupported.

@Test(expected = IllegalArgumentException.class)
public void nullOwnerIsNotSupported() {
    String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,104,null,null,1);";
    jdbcTemplate.execute(query);
    ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(104));
    strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity)

Example 30 with ObjectIdentity

use of org.springframework.security.acls.model.ObjectIdentity in project spring-security by spring-projects.

the class EhCacheBasedAclCacheTests method setup.

@Before
public void setup() {
    myCache = new EhCacheBasedAclCache(cache, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
    ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(100));
    AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
    acl = new AclImpl(identity, Long.valueOf(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Before(org.junit.Before)

Aggregations

ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)46 MutableAcl (org.springframework.security.acls.model.MutableAcl)22 Test (org.junit.Test)21 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)19 Acl (org.springframework.security.acls.model.Acl)16 Authentication (org.springframework.security.core.Authentication)12 Sid (org.springframework.security.acls.model.Sid)11 NotFoundException (org.springframework.security.acls.model.NotFoundException)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)8 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)8 Permission (org.springframework.security.acls.model.Permission)7 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)6 Transactional (org.springframework.transaction.annotation.Transactional)5 BasePermission (org.springframework.security.acls.domain.BasePermission)4 ObjectIdentityRetrievalStrategy (org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy)4 HashMap (java.util.HashMap)3 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)3 AccessControlEntry (org.springframework.security.acls.model.AccessControlEntry)3 AclService (org.springframework.security.acls.model.AclService)3 SidRetrievalStrategy (org.springframework.security.acls.model.SidRetrievalStrategy)3