@Bean public Specification<Customer> smithFamilySpec(JpaSpecFeature<Customer> jpaSpecFeature) { Specification<Customer> smithFamilySpec = new Specification<Customer>() { @Override public Predicate toPredicate(Root<Customer> root, CriteriaQuery<?> query, CriteriaBuilder cb) { return cb.equal(root.get("lastName"), "Smith"); } }; customerStrategy.install(jpaSpecFeature, smithFamilySpec); return smithFamilySpec; }
@Override public String toString() { return name() + ":" + Objects.toString(handlersByFeature); } }
@Override public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { if (bean instanceof AclStrategyProvider) { AclStrategyProvider aclStrategyProvider = (AclStrategyProvider) bean; aclStrategyProvider.setDefaultStrategy(defaultAclStrategy); logger.debug("Set defaultAclStrategy : {}", defaultAclStrategy); } return bean; }
private GrantEvaluator grantEvaluator(Class<?> entityClass) { GrantEvaluator grantEvaluator = defaultGrantEvaluator; AclStrategy strategy = strategyProvider.strategyFor(entityClass); if (strategy == null) { logger.debug("No strategy found for '{}' in strategy provider", entityClass.getSimpleName()); return grantEvaluator; } grantEvaluator = strategy.handlerFor(grantEvaluatorFeature); if (grantEvaluator == null) { logger.debug("No grant evaluator found in strategy {} > fall back on default grant evaluator", strategy); grantEvaluator = defaultGrantEvaluator; } logger.debug("Using grant evaluator on '{}' : '{}'", entityClass.getSimpleName(), grantEvaluator); return grantEvaluator; }
@Override public <Handler> Handler handlerFor(AclFeature<Handler> feature) { AclComposer<Handler> composer = composerProvider.composerFor(feature); notNull(composer, "No composer found for " + feature); return operator.apply(composer, lhs.handlerFor(feature), rhs.handlerFor(feature)); } }
@Bean(name = {"allowAllGrantEvaluator", "defaultGrantEvaluator"}) public GrantEvaluator allowAllGrantEvaluator(SimpleAclStrategy allowAllStrategy) { GrantEvaluator allowAllGrantEvaluator = new AllowAllGrantEvaluator(); allowAllStrategy.install(grantEvaluatorFeature, allowAllGrantEvaluator); return allowAllGrantEvaluator; }
@Bean public DenyAllSpecification<T> denyAllSpecification(SimpleAclStrategy denyAllStrategy) { DenyAllSpecification<T> denyAllSpecification = new DenyAllSpecification<>(); denyAllStrategy.install(jpaSpecFeature, denyAllSpecification); return denyAllSpecification; } }
@Bean(name = {"allowAllSpecification", "defaultAclSpecification"}) public AllowAllSpecification<T> allowAllSpecification(SimpleAclStrategy allowAllStrategy) { AllowAllSpecification<T> allowAllSpecification = new AllowAllSpecification<>(); allowAllStrategy.install(jpaSpecFeature, allowAllSpecification); return allowAllSpecification; }
@Bean public GrantEvaluator smithFamilyGrantEvaluator(CustomerRepository customerRepository, GrantEvaluatorFeature grantEvaluatorFeature) { GrantEvaluator smithFamilyGrantEvaluator = new CustomerGrantEvaluator(customerRepository); customerStrategy.install(grantEvaluatorFeature, smithFamilyGrantEvaluator); return smithFamilyGrantEvaluator; }
@Bean public GrantEvaluator denyAllGrantEvaluator(SimpleAclStrategy denyAllStrategy) { GrantEvaluator denyAllGrantEvaluator = new DenyAllGrantEvaluator(); denyAllStrategy.install(grantEvaluatorFeature, denyAllGrantEvaluator); return denyAllGrantEvaluator; }
@Override public AclStrategy strategyFor(Class<?> entityClass) { AclStrategy strategy = defaultStrategy; if (activator.isDisabled()) { logger.debug("ACL disabled"); strategy = allowAllStrategy; } else { String strategyBeanName = strategyBeanName(entityClass); strategy = useIfPresent(loadStrategyBean(strategyBeanName)); } logger.debug("Using acl strategy on '{}' : {}", entityClass.getSimpleName(), strategy); return strategy; }
@Bean public SimpleAclStrategy denyAllStrategy() { return new SimpleAclStrategy(); }
@Bean @ConditionalOnMissingBean(AclStrategyProvider.class) public AclStrategyProvider aclStrategyProvider(AclProperties properties, AclSecurityActivator aclSecurityActivator) { return new AclStrategyProviderImpl(properties, aclSecurityActivator, allowAllStrategy); }
public QueryBuilder filterFor(Class<?> domainType) { QueryBuilder filterBuilder = defaultQueryBuilder; AclStrategy strategy = strategyProvider.strategyFor(domainType); if (strategy == null) { logger.debug("No strategy found for '{}' in strategy provider", domainType.getSimpleName()); } else { QueryBuilder filter = strategy.handlerFor(elasticSearchFeature); if (filter == null) { logger.debug( "No ACL ElasticSearch found in strategy {} > fall back on default ACL ElasticSearch specification", strategy); } else { filterBuilder = filter; } } logger.debug("Using ACL ElasticSearch filter builder for {} using strategy {}: {}", domainType.getSimpleName(), strategy, filterBuilder); return filterBuilder; }
@Bean(name = {"allowAllFilter", "defaultFilter"}) public QueryBuilder allowAllFilter(SimpleAclStrategy allowAllStrategy) { QueryBuilder allowAllFilter = matchAllQuery(); allowAllStrategy.install(elasticSearchFeature, allowAllFilter); return allowAllFilter; }
public <Handler> Handler uninstall(AclFeature<Handler> feature) { Handler filter = (Handler) handlersByFeature.remove(feature); if (logger.isDebugEnabled()) { logger.debug("Uninstalled {} handler from {}", feature, name()); } return filter; }
public Specification<T> jpaSpecFor(Class<? extends T> domainType) { Specification<T> aclJpaSpec = defaultJpaSpec; AclStrategy strategy = strategyProvider.strategyFor(domainType); if (strategy == null) { logger.debug("No strategy found for '{}' in strategy provider", domainType.getSimpleName()); } else { Specification<T> aclJpaSpecification = strategy.handlerFor(jpaSpecFeature); if (aclJpaSpecification == null) { logger.debug( "No ACL JPA specification found in strategy {} > fall back on default ACL JPA specification", strategy); } else { aclJpaSpec = aclJpaSpecification; } } logger.debug("Using ACL JPA specification for '{}': {}", domainType.getSimpleName(), aclJpaSpec); return aclJpaSpec; } }
@Bean public QueryBuilder smithFamilyFilter(ElasticSearchFeature elasticSearchFeature) { QueryBuilder smithFamilyFilter = matchQuery("lastName", "Smith"); customerStrategy.install(elasticSearchFeature, smithFamilyFilter); return smithFamilyFilter; }
public <Handler> void install(AclFeature<Handler> feature, Handler handler) { notNull(feature, "Feature can't be null"); notNull(handler, "Can't register a null handler ; please use unregister(" + AclFeature.class.getSimpleName() + ")"); handlersByFeature.put(feature, handler); if (logger.isDebugEnabled()) { logger.debug("Installed {} handler in {} : {}", feature, name(), handler); } }
@Bean public QueryBuilder denyAllFilter(SimpleAclStrategy denyAllStrategy) { QueryBuilder denyAllFilter = boolQuery().mustNot(matchAllQuery()); denyAllStrategy.install(elasticSearchFeature, denyAllFilter); return denyAllFilter; } }