@Test(expected = NotFoundException.class) public void insertAceFailsForNonExistentElement() throws Exception { MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe")); MockAclService service = new MockAclService(); // Insert one permission acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); service.updateAcl(acl); acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); }
@Test @Transactional public void deleteAclRemovesRowsFromDatabase() throws Exception { SecurityContextHolder.getContext().setAuthentication(auth); MutableAcl child = jdbcMutableAclService.createAcl(getChildOid()); child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false); jdbcMutableAclService.updateAcl(child); // Remove the child and check all related database rows were removed accordingly jdbcMutableAclService.deleteAcl(getChildOid(), false); assertThat( jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[] { getTargetClass() })).hasSize(1); assertThat(jdbcTemplate.queryForList("select * from acl_object_identity") ).isEmpty(); assertThat(jdbcTemplate.queryForList("select * from acl_entry")).isEmpty(); // Check the cache assertThat(aclCache.getFromCache(getChildOid())).isNull(); assertThat(aclCache.getFromCache(Long.valueOf(102))).isNull(); }
@Test @Transactional public void cumulativePermissions() { Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(110)); MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid); // Add an ACE permission entry Permission cm = new CumulativePermission().set(BasePermission.READ).set( BasePermission.ADMINISTRATION); assertThat(cm.getMask()).isEqualTo(17); Sid benSid = new PrincipalSid(auth); topParent.insertAce(0, cm, benSid, true); assertThat(topParent.getEntries()).hasSize(1); // Explicitly save the changed ACL topParent = jdbcMutableAclService.updateAcl(topParent); // Check the mask was retrieved correctly assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17); assertThat(topParent.isGranted(Arrays.asList(cm), Arrays.asList(benSid), true)).isTrue(); SecurityContextHolder.clearContext(); }
@Test public void insertAceRejectsNullParameters() throws Exception { MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, true, new PrincipalSid("joe")); try { acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } try { acl.insertAce(0, BasePermission.READ, null, true); fail("It should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { } }
@Test public void updatedAceValuesAreCorrectlyReflectedInAcl() throws Exception { Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe")); MockAclService service = new MockAclService(); acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true); acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true); service.updateAcl(acl); assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission()); assertThat(BasePermission.WRITE).isEqualTo(acl.getEntries().get(1).getPermission()); assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(2).getPermission()); // Change each permission acl.updateAce(0, BasePermission.CREATE); acl.updateAce(1, BasePermission.DELETE); acl.updateAce(2, BasePermission.READ); // Check the change was successfully made assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(0).getPermission()); assertThat(BasePermission.DELETE).isEqualTo(acl.getEntries().get(1).getPermission()); assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(2).getPermission()); }
rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false); rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true); rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false); rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid( "WRITE_ACCESS_ROLE"), true);
acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); service.updateAcl(acl); acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); service.updateAcl(acl); acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_TEST3"), false); service.updateAcl(acl);
acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true); acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true); acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST3"), true); service.updateAcl(acl); acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST4"), true); service.updateAcl(acl); acl.deleteAce(1);
jdbcMutableAclService.updateAcl(child); parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid( "ROLE_ADMINISTRATOR"), true); jdbcMutableAclService.updateAcl(parent); parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true); jdbcMutableAclService.updateAcl(parent);
grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid( "ROLE_USER_READ"), true); grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true); grandParentAcl .insertAce(2, BasePermission.DELETE, new PrincipalSid("ben"), false); grandParentAcl.insertAce(3, BasePermission.DELETE, new PrincipalSid("scott"), true); parentAcl1.insertAce(0, BasePermission.READ, new PrincipalSid("scott"), true); parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false); parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true); childAcl1.insertAce(0, BasePermission.CREATE, new PrincipalSid("scott"), true);
/** * SEC-655 */ @Test @Transactional public void childrenAreClearedFromCacheWhenParentIsUpdated() throws Exception { Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR"); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(104)); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(105)); MutableAcl parent = jdbcMutableAclService.createAcl(parentOid); MutableAcl child = jdbcMutableAclService.createAcl(childOid); child.setParent(parent); jdbcMutableAclService.updateAcl(child); parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid); parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true); jdbcMutableAclService.updateAcl(parent); parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid); parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true); jdbcMutableAclService.updateAcl(parent); child = (MutableAcl) jdbcMutableAclService.readAclById(childOid); parent = (MutableAcl) child.getParentAcl(); assertThat(parent.getEntries()).hasSize(2).withFailMessage("Fails because child has a stale reference to its parent"); assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1); assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new PrincipalSid("ben")); assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(1); assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("scott")); }
topParent.insertAce(0, BasePermission.READ, new PrincipalSid(auth), true); topParent.insertAce(1, BasePermission.WRITE, new PrincipalSid(auth), false); middleParent.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), true); child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false); child.insertAce(1, BasePermission.DELETE, new PrincipalSid(auth), true); child.insertAce(2, BasePermission.CREATE, new PrincipalSid(auth), true);
aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false); aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false); try {
parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); MutableAcl childAcl = new AclImpl(identity, 2, aclAuthorizationStrategy, parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger()); rootParentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true); parentAcl.setEntriesInheriting(true);
/** * {@inheritDoc} */ @Override public void insertAce( int atIndexLocation, Permission permission, Sid sid, boolean granting) throws NotFoundException { acl.insertAce(atIndexLocation, permission, sid, granting); }
private void createSidPermission( Sid sid, ObjectIdentity objectIdentity, org.springframework.security.acls.model.Permission permission) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, singletonList(sid)); deleteAceIfExists(sid, acl); acl.insertAce(0, permission, sid, true); mutableAclService.updateAcl(acl); }
@Override public void grant(ObjectIdentity objectIdentity, PermissionSet permissionSet, Sid sid) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity); acl.insertAce(acl.getEntries().size(), permissionSet, sid, true); mutableAclService.updateAcl(acl); }
public void addPermission(ISecuredObject<?> securedObject, Sid recipient, Permission permission, Class<?> clazz) { MutableAcl acl; ObjectIdentity oid = new ObjectIdentityImpl(clazz.getCanonicalName(), securedObject.getIdForACL()); try { acl = (MutableAcl) readAclById(oid); } catch (NotFoundException nfe) { acl = createAcl(oid); } acl.insertAce(acl.getEntries().size(), permission, recipient, true); updateAcl(acl); } }