/** * Creates a principal-like sid from the authentication information. * * @param authentication the authentication information that can provide principal and * thus the sid's id will be dependant on the value inside * @return a sid with the ID taken from the authentication information */ protected Sid createCurrentUser(Authentication authentication) { return new PrincipalSid(authentication); }
public Sid getSidObj() { if (sidObj == null) { sidObj = isPrincipal ? new PrincipalSid(sid) : new GrantedAuthoritySid(sid); } return sidObj; } }
public Sid getSid(String sid, boolean isPrincepal) { if (isPrincepal) { return new PrincipalSid(sid); } else { return new GrantedAuthoritySid(sid); } }
@Override public Sid getSid() { if (sid == null) { if (sidOfPrincipal != null) sid = new PrincipalSid(sidOfPrincipal); else if (sidOfAuthority != null) sid = new GrantedAuthoritySid(sidOfAuthority); else throw new IllegalStateException(); } return sid; }
public List<Sid> getSids(Authentication authentication) { Collection<? extends GrantedAuthority> authorities = roleHierarchy .getReachableGrantedAuthorities(authentication.getAuthorities()); List<Sid> sids = new ArrayList<>(authorities.size() + 1); sids.add(new PrincipalSid(authentication)); for (GrantedAuthority authority : authorities) { sids.add(new GrantedAuthoritySid(authority)); } return sids; } }
/** * Creates a particular implementation of {@link Sid} depending on the arguments. * * @param sid the name of the sid representing its unique identifier. In typical ACL * database schema it's located in table {@code acl_sid} table, {@code sid} column. * @param isPrincipal whether it's a user or granted authority like role * @return the instance of Sid with the {@code sidName} as an identifier */ protected Sid createSid(boolean isPrincipal, String sid) { if (isPrincipal) { return new PrincipalSid(sid); } else { return new GrantedAuthoritySid(sid); } }
@Test(expected = NotFoundException.class) public void insertAceRaisesNotFoundExceptionForIndexLessThanZero() throws Exception { AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe")); acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true); }
@Test(expected = NotFoundException.class) public void insertAceRaisesNotFoundExceptionForIndexGreaterThanSize() throws Exception { AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe")); // Insert at zero, OK. acl.insertAce(0, mock(Permission.class), mock(Sid.class), true); // Size is now 1 acl.insertAce(2, mock(Permission.class), mock(Sid.class), true); }
@Test(expected = NotFoundException.class) public void deleteAceRaisesNotFoundExceptionForIndexLessThanZero() throws Exception { AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe")); acl.deleteAce(-1); }
@Test(expected = NotFoundException.class) public void deleteAceRaisesNotFoundExceptionForIndexEqualToSize() throws Exception { AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe")); acl.insertAce(0, mock(Permission.class), mock(Sid.class), true); // Size is now 1 acl.deleteAce(1); }
@Test public void deleteAceFailsForNonExistentElement() throws Exception { AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl( new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority( "ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL")); MutableAcl acl = new AclImpl(objectIdentity, (1), strategy, pgs, null, null, true, new PrincipalSid("joe")); try { acl.deleteAce(99); fail("It should have thrown NotFoundException"); } catch (NotFoundException expected) { } }
@Test public void testGetters() throws Exception { Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); PrincipalSid principalSid = new PrincipalSid(authentication); GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga); assertThat("johndoe".equals(principalSid.getPrincipal())).isTrue(); assertThat("scott".equals(principalSid.getPrincipal())).isFalse(); assertThat("ROLE_TEST".equals(gaSid.getGrantedAuthority())).isTrue(); assertThat("ROLE_TEST2".equals(gaSid.getGrantedAuthority())).isFalse(); } }
@Test public void testPrincipalSidEquals() throws Exception { Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); Sid principalSid = new PrincipalSid(authentication); assertThat(principalSid.equals(null)).isFalse(); assertThat(principalSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse(); assertThat(principalSid.equals(principalSid)).isTrue(); assertThat(principalSid.equals(new PrincipalSid(authentication))).isTrue(); assertThat(principalSid.equals(new PrincipalSid( new TestingAuthenticationToken("johndoe", null)))).isTrue(); assertThat(principalSid.equals(new PrincipalSid( new TestingAuthenticationToken("scott", null)))).isFalse(); assertThat(principalSid.equals(new PrincipalSid("johndoe"))).isTrue(); assertThat(principalSid.equals(new PrincipalSid("scott"))).isFalse(); }
@Test(expected = IllegalArgumentException.class) public void constructorsRejectNullId() throws Exception { try { new AclImpl(objectIdentity, null, authzStrategy, pgs, null, null, true, new PrincipalSid("joe")); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } new AclImpl(objectIdentity, null, authzStrategy, mockAuditLogger); }
@Test(expected = IllegalArgumentException.class) public void constructorsRejectNullObjectIdentity() throws Exception { try { new AclImpl(null, 1, authzStrategy, pgs, null, null, true, new PrincipalSid( "joe")); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } new AclImpl(null, 1, authzStrategy, mockAuditLogger); }
@Test public void testAccessControlEntryImplGetters() { Acl mockAcl = mock(Acl.class); Sid sid = new PrincipalSid("johndoe"); // Create a sample entry AccessControlEntry ace = new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true); // and check every get() method assertThat(ace.getId()).isEqualTo(new Long(1)); assertThat(ace.getAcl()).isEqualTo(mockAcl); assertThat(ace.getSid()).isEqualTo(sid); assertThat(ace.isGranting()).isTrue(); assertThat(ace.getPermission()).isEqualTo(BasePermission.ADMINISTRATION); assertThat(((AuditableAccessControlEntry) ace).isAuditFailure()).isTrue(); assertThat(((AuditableAccessControlEntry) ace).isAuditSuccess()).isTrue(); }
@Test public void testPrincipalSidHashCode() throws Exception { Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); Sid principalSid = new PrincipalSid(authentication); assertThat(principalSid.hashCode()).isEqualTo("johndoe".hashCode()); assertThat(principalSid.hashCode()).isEqualTo( new PrincipalSid("johndoe").hashCode()); assertThat(principalSid.hashCode()).isNotEqualTo( new PrincipalSid("scott").hashCode()); assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid( new TestingAuthenticationToken("scott", "password")).hashCode()); }
@Test(expected = NotFoundException.class) public void readAclByIdMissingAcl() { Map<ObjectIdentity, Acl> result = new HashMap<>(); when( lookupStrategy.readAclsById(anyList(), anyList())).thenReturn(result); ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1); List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid("user")); aclService.readAclById(objectIdentity, sids); }
@SuppressWarnings("deprecation") @Test(expected = IllegalArgumentException.class) public void constructorsRejectNullAclAuthzStrategy() throws Exception { try { new AclImpl(objectIdentity, 1, null, new DefaultPermissionGrantingStrategy( mockAuditLogger), null, null, true, new PrincipalSid("joe")); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } new AclImpl(objectIdentity, 1, null, mockAuditLogger); }
@Test(expected = NotFoundException.class) public void insertAceFailsForNonExistentElement() throws Exception { MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe")); MockAclService service = new MockAclService(); // Insert one permission acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); service.updateAcl(acl); acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); }