Search in sources :

Example 6 with Permission

use of org.springframework.security.acls.model.Permission in project spring-security by spring-projects.

the class AclPermissionEvaluator method checkPermission.

private boolean checkPermission(Authentication authentication, ObjectIdentity oid, Object permission) {
    // Obtain the SIDs applicable to the principal
    List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
    List<Permission> requiredPermission = resolvePermission(permission);
    final boolean debug = logger.isDebugEnabled();
    if (debug) {
        logger.debug("Checking permission '" + permission + "' for object '" + oid + "'");
    }
    try {
        // Lookup only ACLs for SIDs we're interested in
        Acl acl = aclService.readAclById(oid, sids);
        if (acl.isGranted(requiredPermission, sids, false)) {
            if (debug) {
                logger.debug("Access is granted");
            }
            return true;
        }
        if (debug) {
            logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
        }
    } catch (NotFoundException nfe) {
        if (debug) {
            logger.debug("Returning false - no ACLs apply for this principal");
        }
    }
    return false;
}
Also used : Permission(org.springframework.security.acls.model.Permission) NotFoundException(org.springframework.security.acls.model.NotFoundException) Acl(org.springframework.security.acls.model.Acl) Sid(org.springframework.security.acls.model.Sid)

Example 7 with Permission

use of org.springframework.security.acls.model.Permission in project spring-security by spring-projects.

the class PermissionTests method fromInteger.

@Test
public void fromInteger() {
    Permission permission = permissionFactory.buildFromMask(7);
    permission = permissionFactory.buildFromMask(4);
}
Also used : Permission(org.springframework.security.acls.model.Permission) Test(org.junit.Test)

Example 8 with Permission

use of org.springframework.security.acls.model.Permission in project spring-security by spring-projects.

the class PermissionTests method basePermissionTest.

@Test
public void basePermissionTest() {
    Permission p = permissionFactory.buildFromName("WRITE");
    assertThat(p).isNotNull();
}
Also used : Permission(org.springframework.security.acls.model.Permission) Test(org.junit.Test)

Example 9 with Permission

use of org.springframework.security.acls.model.Permission in project spring-security by spring-projects.

the class BasicLookupStrategyTests method testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached.

/**
	 * Test created from SEC-590.
	 */
@Test
public void testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached() throws Exception {
    String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,104,null,1,1);" + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (5,2,105,4,1,1);" + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,106,4,1,1);" + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (7,2,107,5,1,1);" + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (5,4,0,1,1,1,0,0)";
    jdbcTemplate.execute(query);
    ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(104));
    ObjectIdentity parent1Oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(105));
    ObjectIdentity parent2Oid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(106));
    ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(107));
    // First lookup only child, thus populating the cache with grandParent,
    // parent1
    // and child
    List<Permission> checkPermission = Arrays.asList(BasePermission.READ);
    List<Sid> sids = Arrays.asList(BEN_SID);
    List<ObjectIdentity> childOids = Arrays.asList(childOid);
    strategy.setBatchSize(6);
    Map<ObjectIdentity, Acl> foundAcls = strategy.readAclsById(childOids, sids);
    Acl foundChildAcl = foundAcls.get(childOid);
    assertThat(foundChildAcl).isNotNull();
    assertThat(foundChildAcl.isGranted(checkPermission, sids, false)).isTrue();
    // Search for object identities has to be done in the following order:
    // last
    // element have to be one which
    // is already in cache and the element before it must not be stored in
    // cache
    List<ObjectIdentity> allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid);
    try {
        foundAcls = strategy.readAclsById(allOids, sids);
    } catch (NotFoundException notExpected) {
        fail("It shouldn't have thrown NotFoundException");
    }
    Acl foundParent2Acl = foundAcls.get(parent2Oid);
    assertThat(foundParent2Acl).isNotNull();
    assertThat(foundParent2Acl.isGranted(checkPermission, sids, false)).isTrue();
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Permission(org.springframework.security.acls.model.Permission) NotFoundException(org.springframework.security.acls.model.NotFoundException) Acl(org.springframework.security.acls.model.Acl) MutableAcl(org.springframework.security.acls.model.MutableAcl) Sid(org.springframework.security.acls.model.Sid)

Example 10 with Permission

use of org.springframework.security.acls.model.Permission in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method cumulativePermissions.

@Test
@Transactional
public void cumulativePermissions() {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(110));
    MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
    // Add an ACE permission entry
    Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
    assertThat(cm.getMask()).isEqualTo(17);
    Sid benSid = new PrincipalSid(auth);
    topParent.insertAce(0, cm, benSid, true);
    assertThat(topParent.getEntries()).hasSize(1);
    // Explicitly save the changed ACL
    topParent = jdbcMutableAclService.updateAcl(topParent);
    // Check the mask was retrieved correctly
    assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17);
    assertThat(topParent.isGranted(Arrays.asList(cm), Arrays.asList(benSid), true)).isTrue();
    SecurityContextHolder.clearContext();
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Permission(org.springframework.security.acls.model.Permission) BasePermission(org.springframework.security.acls.domain.BasePermission) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) CustomSid(org.springframework.security.acls.sid.CustomSid) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

Permission (org.springframework.security.acls.model.Permission)14 Sid (org.springframework.security.acls.model.Sid)7 BasePermission (org.springframework.security.acls.domain.BasePermission)6 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)5 NotFoundException (org.springframework.security.acls.model.NotFoundException)5 ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)5 Test (org.junit.Test)4 MutableAcl (org.springframework.security.acls.model.MutableAcl)4 GrantedAuthoritySid (org.springframework.security.acls.domain.GrantedAuthoritySid)3 ObjectIdentityImpl (org.springframework.security.acls.domain.ObjectIdentityImpl)3 Acl (org.springframework.security.acls.model.Acl)3 CumulativePermission (org.springframework.security.acls.domain.CumulativePermission)2 AccessControlEntry (org.springframework.security.acls.model.AccessControlEntry)2 CustomSid (org.springframework.security.acls.sid.CustomSid)2 Authentication (org.springframework.security.core.Authentication)2 Transactional (org.springframework.transaction.annotation.Transactional)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 Field (java.lang.reflect.Field)1 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1