private void verifyAceIndexExists(int aceIndex) { if (aceIndex < 0) { throw new NotFoundException("aceIndex must be greater than or equal to zero"); } if (aceIndex >= this.aces.size()) { throw new NotFoundException( "aceIndex must refer to an index of the AccessControlEntry list. " + "List size is " + aces.size() + ", index was " + aceIndex); } }
private void verifyAceIndexExists(int aceIndex) { if (aceIndex < 0) { throw new NotFoundException("aceIndex must be greater than or equal to zero"); } if (aceIndex >= this.entries.size()) { throw new NotFoundException("aceIndex must refer to an index of the AccessControlEntry list. " + "List size is " + entries.size() + ", index was " + aceIndex); } }
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException { Map<ObjectIdentity, Acl> result = lookupStrategy.readAclsById(objects, sids); // Check every requested object identity was found (throw NotFoundException if // needed) for (ObjectIdentity oid : objects) { if (!result.containsKey(oid)) { throw new NotFoundException( "Unable to find ACL information for object identity '" + oid + "'"); } } return result; }
@Override public void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting) throws NotFoundException { aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL); Assert.notNull(permission, "Permission required"); Assert.notNull(sid, "Sid required"); if (atIndexLocation < 0) { throw new NotFoundException( "atIndexLocation must be greater than or equal to zero"); } if (atIndexLocation > this.aces.size()) { throw new NotFoundException( "atIndexLocation must be less than or equal to the size of the AccessControlEntry collection"); } AccessControlEntryImpl ace = new AccessControlEntryImpl(null, this, sid, permission, granting, false, false); synchronized (aces) { this.aces.add(atIndexLocation, ace); } }
@Override public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException { Map<ObjectIdentity, Acl> aclMaps = new HashMap<>(); for (ObjectIdentity oid : oids) { AclRecord record = getAclRecordByCache(objID(oid)); if (record == null) { Message msg = MsgPicker.getMsg(); throw new NotFoundException(String.format(Locale.ROOT, msg.getACL_INFO_NOT_FOUND(), oid)); } Acl parentAcl = null; if (record.isEntriesInheriting() && record.getParentDomainObjectInfo() != null) parentAcl = readAclById(record.getParentDomainObjectInfo()); record.init(parentAcl, aclPermissionFactory, permissionGrantingStrategy); aclMaps.put(oid, new MutableAclRecord(record)); } return aclMaps; }
/** * Updates an existing acl_object_identity row, with new information presented in the * passed MutableAcl object. Also will create an acl_sid entry if needed for the Sid * that owns the MutableAcl. * * @param acl to modify (a row must already exist in acl_object_identity) * * @throws NotFoundException if the ACL could not be found to update. */ protected void updateObjectIdentity(MutableAcl acl) { Long parentId = null; if (acl.getParentAcl() != null) { Assert.isInstanceOf(ObjectIdentityImpl.class, acl.getParentAcl() .getObjectIdentity(), "Implementation only supports ObjectIdentityImpl"); ObjectIdentityImpl oii = (ObjectIdentityImpl) acl.getParentAcl() .getObjectIdentity(); parentId = retrieveObjectIdentityPrimaryKey(oii); } Assert.notNull(acl.getOwner(), "Owner is required in this implementation"); Long ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true); int count = jdbcOperations.update(updateObjectIdentity, parentId, ownerSid, Boolean.valueOf(acl.isEntriesInheriting()), acl.getId()); if (count != 1) { throw new NotFoundException("Unable to locate ACL to update"); } }
@Test(expected = AccessDeniedException.class) public void accessIsDeniedIfPermissionIsNotGranted() { AclService service = mock(AclService.class); Acl acl = mock(Acl.class); when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn( false); // Try a second time with no permissions found when(acl.isGranted(any(), any(List.class), anyBoolean())).thenThrow( new NotFoundException("")); when(service.readAclById(any(), any())).thenReturn( acl); AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider( service, Arrays.asList(mock(Permission.class))); provider.setProcessConfigAttribute("MY_ATTRIBUTE"); provider.setMessageSource(new SpringSecurityMessageSource()); provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class)); provider.setProcessDomainObjectClass(Object.class); provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); try { provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object()); fail("Expected Exception"); } catch (AccessDeniedException expected) { } // Second scenario with no acls found provider.decide(mock(Authentication.class), new Object(), SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object()); }
throw new NotFoundException( "Unable to locate a matching ACE for passed permissions and SIDs");
private void checkExistence(NodesGroup cluster, Serializable id) { if(cluster == null) { throw new NotFoundException("Can not found nodes group for id: " + id); } }
private void verifyAceIndexExists(int aceIndex) { if (aceIndex < 0) { throw new NotFoundException("aceIndex must be greater than or equal to zero"); } if (aceIndex >= this.aces.size()) { throw new NotFoundException("aceIndex must refer to an index of the AccessControlEntry list. " + "List size is " + aces.size() + ", index was " + aceIndex); } }
private void verifyAceIndexExists(int aceIndex) { if (aceIndex < 0) { throw new NotFoundException("aceIndex must be greater than or equal to zero"); } if (aceIndex >= this.aces.size()) { throw new NotFoundException( "aceIndex must refer to an index of the AccessControlEntry list. " + "List size is " + aces.size() + ", index was " + aceIndex); } }
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException { Map<ObjectIdentity, Acl> result = lookupStrategy.readAclsById(objects, sids); // Check every requested object identity was found (throw NotFoundException if // needed) for (ObjectIdentity oid : objects) { if (!result.containsKey(oid)) { throw new NotFoundException( "Unable to find ACL information for object identity '" + oid + "'"); } } return result; }
@Override public void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting) throws NotFoundException { aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL); Assert.notNull(permission, "Permission required"); Assert.notNull(sid, "Sid required"); if (atIndexLocation < 0) { throw new NotFoundException( "atIndexLocation must be greater than or equal to zero"); } if (atIndexLocation > this.aces.size()) { throw new NotFoundException( "atIndexLocation must be less than or equal to the size of the AccessControlEntry collection"); } AccessControlEntryImpl ace = new AccessControlEntryImpl(null, this, sid, permission, granting, false, false); synchronized (aces) { this.aces.add(atIndexLocation, ace); } }
private AclProvider getAclProvider(ObjectIdentity oid) { AclProvider provider = providers.get(oid.getType()); if(provider == null) { throw new NotFoundException("Can not find AclProvider for type : " + oid.getType()); } return provider; }
@Override public AclSource getAclSource(ObjectIdentity object) { String id = AclUtils.toId(object); AclSource acl = acls.get(id); if(acl == null) { // if we do not have object acl, then we use per type acl acl = acls.get(AclUtils.toTypeId(object)); } if(acl == null) { throw new NotFoundException("Acl not found for: " + id); } return acl; } }
@Override protected String getCluster(Serializable id) { String strId = (String) id; NodeRegistrationImpl nr = nodeStorage.getNodeRegistrationInternal(strId); if (nr == null) { throw new NotFoundException("Node '" + id + "' is not registered."); } return nr.getCluster(); } }
@Override public AclSource getAclSource(ObjectIdentity oid) { AclProvider provider = getAclProvider(oid); AclSource source = provider.provide(oid.getIdentifier()); if(source == null) { throw new NotFoundException("Can not find acl for id : " + oid); } return source; }
@Override protected String getCluster(Serializable id) { String strId = (String) id; if(!ContainerUtils.isContainerId(strId)) { throw new IllegalArgumentException("Invalid container id: " + id); } ContainerRegistration cr = containers.getContainer(strId); if(cr == null) { throw new NotFoundException("Container '" + id + "' is not registered."); } String node = cr.getNode(); return nodes.getNodeCluster(node); }
@Override public void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting) throws NotFoundException { aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL); Assert.notNull(permission, "Permission required"); Assert.notNull(sid, "Sid required"); if (atIndexLocation < 0) { throw new NotFoundException("atIndexLocation must be greater than or equal to zero"); } if (atIndexLocation > this.aces.size()) { throw new NotFoundException("atIndexLocation must be less than or equal to the size of the AccessControlEntry collection"); } AccessControlEntryImpl ace = new AccessControlEntryImpl.Builder() .acl(this) .sid(TenantSid.from(sid)) .permission(permission) .granting(granting).build(); synchronized (aces) { this.aces.add(atIndexLocation, ace); } }
/** * Updates an existing acl_object_identity row, with new information presented in the * passed MutableAcl object. Also will create an acl_sid entry if needed for the Sid * that owns the MutableAcl. * * @param acl to modify (a row must already exist in acl_object_identity) * * @throws NotFoundException if the ACL could not be found to update. */ protected void updateObjectIdentity(MutableAcl acl) { Long parentId = null; if (acl.getParentAcl() != null) { Assert.isInstanceOf(ObjectIdentityImpl.class, acl.getParentAcl() .getObjectIdentity(), "Implementation only supports ObjectIdentityImpl"); ObjectIdentityImpl oii = (ObjectIdentityImpl) acl.getParentAcl() .getObjectIdentity(); parentId = retrieveObjectIdentityPrimaryKey(oii); } Assert.notNull(acl.getOwner(), "Owner is required in this implementation"); Long ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true); int count = jdbcTemplate.update(updateObjectIdentity, parentId, ownerSid, Boolean.valueOf(acl.isEntriesInheriting()), acl.getId()); if (count != 1) { throw new NotFoundException("Unable to locate ACL to update"); } }