org.springframework.security.acls.model.Permission Java Examples
The following examples show how to use
org.springframework.security.acls.model.Permission.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AclPermissionFactory.java From Kylin with Apache License 2.0 | 6 votes |
|
public static Permission getPermission(String perName) {
Field[] fields = AclPermission.class.getFields();
for (Field field : fields) {
try {
Object fieldValue = field.get(null);
if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
// Found a Permission static field
if (perName.equals(field.getName())) {
return (Permission) fieldValue;
}
}
} catch (Exception ignore) {
}
}
return null;
}
Example #2
| Source File: AclPermissionFactory.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
public static Permission getPermission(String perName) {
Field[] fields = AclPermission.class.getFields();
for (Field field : fields) {
try {
Object fieldValue = field.get(null);
if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
// Found a Permission static field
if (perName.equals(field.getName())) {
return (Permission) fieldValue;
}
}
} catch (Exception ignore) {
//ignore on purpose
}
}
return null;
}
Example #3
| Source File: AclPermissionFactory.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
public static List<Permission> getPermissions() {
List<Permission> permissions = new ArrayList<Permission>();
Field[] fields = AclPermission.class.getFields();
for (Field field : fields) {
try {
Object fieldValue = field.get(null);
if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
Permission perm = (Permission) fieldValue;
String permissionName = field.getName();
if (permissionName.equals(AclPermissionType.ADMINISTRATION)
|| permissionName.equals(AclPermissionType.MANAGEMENT)
|| permissionName.equals(AclPermissionType.OPERATION)
|| permissionName.equals(AclPermissionType.READ)) {
// Found a Permission static field
permissions.add(perm);
}
}
} catch (Exception ignore) {
//ignore on purpose
}
}
return permissions;
}
Example #4
| Source File: AclServiceTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
@Test
public void testBatchUpsertAce() {
switchToAdmin();
ObjectIdentity oid = oid("acl");
MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
aclService.batchUpsertAce(acl, sidToPerm);
for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
List<AccessControlEntry> e = a.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
}
Example #5
| Source File: NextServerPermission.java From nextreports-server with Apache License 2.0 | 6 votes |
|
public static Permission buildFromMask(int mask) {
if (permissionsByInteger.containsKey(mask)) {
return permissionsByInteger.get(mask);
}
// to get this far, we have to use a CumulativePermission
CumulativePermission cumulativePermission = new CumulativePermission();
for (int i = 0; i < 32; i++) {
int permissionToCheck = 1 << i;
if ((mask & permissionToCheck) == permissionToCheck) {
Permission permission = permissionsByInteger.get(permissionToCheck);
if (permission == null) {
System.out.println("Mask " + permissionToCheck + " does not have a corresponding static NextServerPermission");
continue;
}
cumulativePermission.set(permission);
}
}
return cumulativePermission;
}
Example #6
| Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public MutableAclRecord grant(AclEntity ae, Permission permission, Sid sid) {
Message msg = MsgPicker.getMsg();
if (ae == null)
throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
if (permission == null)
throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED());
if (sid == null)
throw new BadRequestException(msg.getSID_REQUIRED());
MutableAclRecord acl = null;
try {
acl = aclService.readAcl(new ObjectIdentityImpl(ae));
} catch (NotFoundException e) {
acl = init(ae, null);
}
secureOwner(acl, sid);
return aclService.upsertAce(acl, sid, permission);
}
Example #7
| Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public MutableAclRecord update(AclEntity ae, int accessEntryIndex, Permission newPermission) {
Message msg = MsgPicker.getMsg();
if (ae == null)
throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
if (newPermission == null)
throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED());
MutableAclRecord acl = aclService.readAcl(new ObjectIdentityImpl(ae));
Sid sid = acl.getAclRecord().getAccessControlEntryAt(accessEntryIndex).getSid();
secureOwner(acl, sid);
return aclService.upsertAce(acl, sid, newPermission);
}
Example #8
| Source File: AclPermissionFactory.java From kylin with Apache License 2.0 | 6 votes |
|
public static List<Permission> getPermissions() {
List<Permission> permissions = new ArrayList<Permission>();
Field[] fields = AclPermission.class.getFields();
for (Field field : fields) {
try {
Object fieldValue = field.get(null);
if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
Permission perm = (Permission) fieldValue;
String permissionName = field.getName();
if (permissionName.equals(AclPermissionType.ADMINISTRATION)
|| permissionName.equals(AclPermissionType.MANAGEMENT)
|| permissionName.equals(AclPermissionType.OPERATION)
|| permissionName.equals(AclPermissionType.READ)) {
// Found a Permission static field
permissions.add(perm);
}
}
} catch (Exception ignore) {
//ignore on purpose
}
}
return permissions;
}
Example #9
| Source File: AclPermissionFactory.java From kylin with Apache License 2.0 | 6 votes |
|
public static Permission getPermission(String perName) {
Field[] fields = AclPermission.class.getFields();
for (Field field : fields) {
try {
Object fieldValue = field.get(null);
if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
// Found a Permission static field
if (perName.equals(field.getName())) {
return (Permission) fieldValue;
}
}
} catch (Exception ignore) {
//ignore on purpose
}
}
return null;
}
Example #10
| Source File: AclRecord.java From kylin with Apache License 2.0 | 6 votes |
|
public void upsertAce(Permission permission, Sid sid) {
Assert.notNull(sid, "Sid required");
AceImpl ace = new AceImpl(sid, permission);
synchronized (entries) {
int p = Collections.binarySearch(entries, ace, AceImpl.SID_ORDER);
if (p >= 0) {
if (permission == null) // null permission means delete
entries.remove(p);
else
entries.get(p).setPermission(permission);
} else {
if (permission != null) { // if not delete
ace.init(this, entries.size());
entries.add(-p - 1, ace);
}
}
}
}
Example #11
| Source File: AccessController.java From kylin with Apache License 2.0 | 6 votes |
|
/**
* Batch API.Grant a new access on a domain object to a user/role
*/
@RequestMapping(value = "batch/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public void batchGrant(@PathVariable String type, @PathVariable String uuid,
@RequestBody List<Object[]> reqs) throws IOException {
Map<Sid, Permission> sidToPerm = new HashMap<>();
AclEntity ae = accessService.getAclEntity(type, uuid);
for (Object[] req : reqs) {
Preconditions.checkArgument(req.length == 3, "error access requests.");
String name = (String) req[0];
boolean isPrincipal = (boolean) req[1];
validateUtil.checkIdentifiersExists(name, isPrincipal);
Sid sid = accessService.getSid(name, isPrincipal);
Permission permission = AclPermissionFactory.getPermission((String) req[2]);
sidToPerm.put(sid, permission);
}
accessService.batchGrant(ae, sidToPerm);
}
Example #12
| Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
|
@Transactional
public MutableAclRecord init(AclEntity ae, Permission initPermission) {
MutableAclRecord acl = null;
ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae);
try {
// Create acl record for secured domain object.
acl = (MutableAclRecord) aclService.createAcl(objectIdentity);
} catch (AlreadyExistsException e) {
acl = aclService.readAcl(objectIdentity);
}
if (null != initPermission) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
PrincipalSid sid = new PrincipalSid(auth);
acl = grant(ae, initPermission, sid);
}
return acl;
}
Example #13
| Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
|
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public MutableAclRecord grant(AclEntity ae, Permission permission, Sid sid) {
Message msg = MsgPicker.getMsg();
if (ae == null)
throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
if (permission == null)
throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED());
if (sid == null)
throw new BadRequestException(msg.getSID_REQUIRED());
MutableAclRecord acl = null;
try {
acl = aclService.readAcl(new ObjectIdentityImpl(ae));
} catch (NotFoundException e) {
acl = init(ae, null);
}
secureOwner(acl, sid);
return aclService.upsertAce(acl, sid, permission);
}
Example #14
| Source File: RangerKylinAuthorizer.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean checkPermission(String user, List<String> groups, String entityType, String entityUuid,
Permission permission) {
boolean ret = false;
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerKylinAuthorizer.checkPermission()");
}
try {
activatePluginClassLoader();
ret = externalAclProvider.checkPermission(user, groups, entityType, entityUuid, permission);
} finally {
deactivatePluginClassLoader();
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerKylinAuthorizer.checkPermission()");
}
return ret;
}
Example #15
| Source File: AclPermissionFactory.java From Kylin with Apache License 2.0 | 6 votes |
|
public static List<Permission> getPermissions() {
List<Permission> permissions = new ArrayList<Permission>();
Field[] fields = AclPermission.class.getFields();
for (Field field : fields) {
try {
Object fieldValue = field.get(null);
if (Permission.class.isAssignableFrom(fieldValue.getClass())) {
// Found a Permission static field
permissions.add((Permission) fieldValue);
}
} catch (Exception ignore) {
}
}
return permissions;
}
Example #16
| Source File: AccessController.java From kylin with Apache License 2.0 | 5 votes |
|
/**
* Update a access on a domain object
*
* @param accessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
AclEntity ae = accessService.getAclEntity(type, uuid);
Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);
return accessService.generateAceResponses(acl);
}
Example #17
| Source File: BitMaskPermissionGrantingStrategyTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
|
@ParameterizedTest
@MethodSource("permissionsMatchProvider")
void testPermissionsMatch(Permission acePermission, Permission testedPermission) {
assertTrue(
BitMaskPermissionGrantingStrategy.containsPermission(
acePermission.getMask(), testedPermission.getMask()),
format(
"combined ACE permission %s should match tested permission %s",
acePermission, testedPermission));
}
Example #18
| Source File: PermissionTestUtils.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
|
public static Acl getSinglePermissionAcl(Sid sid, int mask, String name, Acl parentAcl) {
Acl acl = mock(Acl.class, name);
AccessControlEntry ace = mock(AccessControlEntry.class);
when(ace.getSid()).thenReturn(sid);
Permission permission = mock(Permission.class);
when(permission.getMask()).thenReturn(mask);
when(ace.getPermission()).thenReturn(permission);
when(acl.getEntries()).thenReturn(Collections.singletonList(ace));
if (parentAcl != null) {
when(acl.getParentAcl()).thenReturn(parentAcl);
}
return acl;
}
Example #19
| Source File: AclService.java From kylin with Apache License 2.0 | 5 votes |
|
MutableAclRecord upsertAce(MutableAclRecord acl, final Sid sid, final Permission perm) {
return updateAclWithRetry(acl, new AclRecordUpdater() {
@Override
public void update(AclRecord record) {
record.upsertAce(perm, sid);
}
});
}
Example #20
| Source File: AclRecord.java From kylin with Apache License 2.0 | 5 votes |
|
@Override
public void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting)
throws NotFoundException {
Assert.state(granting, "Granting must be true");
// entries are strictly ordered, given index is ignored
upsertAce(permission, sid);
}
Example #21
| Source File: AceImpl.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
@Override
public Permission getPermission() {
if (perm == null) {
perm = acl.aclPermissionFactory.buildFromMask(permissionMask);
}
return perm;
}
Example #22
| Source File: AclRecord.java From kylin with Apache License 2.0 | 5 votes |
|
public Permission getPermission(Sid sid) {
synchronized (entries) {
int p = Collections.binarySearch(entries, new AceImpl(sid, null), AceImpl.SID_ORDER);
if (p >= 0) {
return entries.get(p).getPermission();
}
return null;
}
}
Example #23
| Source File: AceImpl.java From kylin with Apache License 2.0 | 5 votes |
|
@Override
public Permission getPermission() {
if (perm == null) {
perm = acl.aclPermissionFactory.buildFromMask(permissionMask);
}
return perm;
}
Example #24
| Source File: AclRecord.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
public Permission getPermission(Sid sid) {
synchronized (entries) {
int p = Collections.binarySearch(entries, new AceImpl(sid, null), AceImpl.SID_ORDER);
if (p >= 0) {
return entries.get(p).getPermission();
}
return null;
}
}
Example #25
| Source File: ExternalAclProvider.java From kylin with Apache License 2.0 | 5 votes |
|
public static String transformPermission(Permission p) {
String permString = null;
if (AclPermission.ADMINISTRATION.equals(p)) {
permString = ADMINISTRATION;
} else if (AclPermission.MANAGEMENT.equals(p)) {
permString = MANAGEMENT;
} else if (AclPermission.OPERATION.equals(p)) {
permString = OPERATION;
} else if (AclPermission.READ.equals(p)) {
permString = READ;
} else {
permString = p.getPattern();
}
return permString;
}
Example #26
| Source File: AclRecord.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
@Override
public void updateAce(int aceIndex, Permission permission) throws NotFoundException {
verifyAceIndexExists(aceIndex);
synchronized (entries) {
AceImpl ace = entries.get(aceIndex);
ace.setPermission(permission);
}
}
Example #27
| Source File: AccessServiceTest.java From kylin with Apache License 2.0 | 5 votes |
|
@Test
public void testBatchGrant() {
AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
accessService.batchGrant(ae, sidToPerm);
MutableAclRecord acl = accessService.getAcl(ae);
List<AccessControlEntry> e = acl.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
Example #28
| Source File: PermissionData.java From haven-platform with Apache License 2.0 | 5 votes |
|
public final boolean equals(Object obj) {
if (obj == null) {
return false;
}
if (!(obj instanceof Permission)) {
return false;
}
Permission permission = (Permission) obj;
return (this.mask == permission.getMask());
}
Example #29
| Source File: PermissionData.java From haven-platform with Apache License 2.0 | 5 votes |
|
public final boolean equals(Object obj) {
if (obj == null) {
return false;
}
if (!(obj instanceof Permission)) {
return false;
}
Permission permission = (Permission) obj;
return (this.mask == permission.getMask());
}
Example #30
| Source File: AccessEntryResponse.java From Kylin with Apache License 2.0 | 5 votes |
|
public AccessEntryResponse(Serializable id, Sid sid, Permission permission, boolean granting) {
Assert.notNull(sid, "Sid required");
Assert.notNull(permission, "Permission required");
this.id = id;
this.sid = sid;
this.permission = permission;
this.granting = granting;
}
