Examples of org.springframework.security.acls.model.Acl

• org.springframework.security.acls.model.Acl
  Represents an access control list (ACL) for a domain object.

  An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the {@link org.springframework.security.acls.model.ObjectIdentity} interface.

  Implementing classes may elect to return instances that represent {@link org.springframework.security.acls.model.Permission} information for eithersome OR all {@link org.springframework.security.acls.model.Sid}instances. Therefore, an instance may NOT necessarily contain ALL Sids for a given domain object.

  @author Ben Alex

         */
        private void convertCurrentResultIntoObject(Map<Serializable, Acl> acls, ResultSet rs) throws SQLException {
            Long id = new Long(rs.getLong("acl_id"));

            // If we already have an ACL for this ID, just create the ACE
            Acl acl = acls.get(id);

            if (acl == null) {
                // Make an AclImpl and pop it into the Map
                ObjectIdentity objectIdentity = new ObjectIdentityImpl(rs.getString("class"),
                        Long.valueOf(rs.getLong("object_id_identity")));

                Acl parentAcl = null;
                long parentAclId = rs.getLong("parent_object");

                if (parentAclId != 0) {
                    parentAcl = new StubAclParent(Long.valueOf(parentAclId));
                }

        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
                new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
                new SimpleGrantedAuthority("ROLE_GENERAL"));

        Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());

        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);

        // Create another authorization strategy
        AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(
                new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"),
                new SimpleGrantedAuthority("ROLE_THREE"));
        Acl acl2 = new AclImpl(identity, new Long(1), aclAuthorizationStrategy2, new ConsoleAuditLogger());
        // Check access in case the principal has no authorization rights
        try {
            aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL);
            fail("It should have thrown NotFoundException");
        }

        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100);
        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
                new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"),
                new SimpleGrantedAuthority("ROLE_GENERAL"));

        Acl acl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger(), null, null,
                false, new PrincipalSid(auth));
        try {
            aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
        }
        catch (AccessDeniedException notExpected) {

        List<ObjectIdentity> childOids = Arrays.asList(childOid);

        strategy.setBatchSize(6);
        Map<ObjectIdentity, Acl> foundAcls = strategy.readAclsById(childOids, sids);

        Acl foundChildAcl = foundAcls.get(childOid);
        Assert.assertNotNull(foundChildAcl);
        Assert.assertTrue(foundChildAcl.isGranted(checkPermission, sids, false));

        // Search for object identities has to be done in the following order: last element have to be one which
        // is already in cache and the element before it must not be stored in cache
        List<ObjectIdentity> allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid);
        try {
            foundAcls = strategy.readAclsById(allOids, sids);
            Assert.assertTrue(true);
        } catch (NotFoundException notExpected) {
            Assert.fail("It shouldn't have thrown NotFoundException");
        }

        Acl foundParent2Acl = foundAcls.get(parent2Oid);
        Assert.assertNotNull(foundParent2Acl);
        Assert.assertTrue(foundParent2Acl.isGranted(checkPermission, sids, false));
    }

        }
    }

    @Test
    public void testAccessControlEntryImplGetters() {
        Acl mockAcl = mock(Acl.class);
        Sid sid = new PrincipalSid("johndoe");

        // Create a sample entry
        AccessControlEntry ace = new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid, BasePermission.ADMINISTRATION,
                true, true, true);

        assertTrue(((AuditableAccessControlEntry) ace).isAuditSuccess());
    }

    @Test
    public void testEquals() {
        final Acl mockAcl = mock(Acl.class);
        final ObjectIdentity oid = mock(ObjectIdentity.class);

        when(mockAcl.getObjectIdentity()).thenReturn(oid);
        Sid sid = new PrincipalSid("johndoe");

        AccessControlEntry ace = new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid, BasePermission.ADMINISTRATION,
                true, true, true);

     * Displays the permission admin page for a particular contact.
     */
    @RequestMapping(value="/secure/adminPermission.htm", method=RequestMethod.GET)
    public ModelAndView displayAdminPage(@RequestParam("contactId") int contactId) {
        Contact contact = contactManager.getById(Long.valueOf(contactId));
        Acl acl = aclService.readAclById(new ObjectIdentityImpl(contact));

        Map<String, Object> model = new HashMap<String, Object>();
        model.put("contact", contact);
        model.put("acl", acl);

        List<Sid> sids = _sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());
        ObjectIdentity oid = _objectIdentityRetrievalStrategy.getObjectIdentity(resolvedDomainObject);

        // Obtain aclEntrys applying to the current Authentication object
        try {
            final Acl acl = _aclService.readAclById(oid, sids);
            return acl.isGranted(requiredPermissions, sids, false);
        } catch (NotFoundException nfe) {
            return false;
        }
  }

        List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
        List<Permission> requiredPermission = resolvePermission(permission);

        try {
            // Lookup only ACLs for SIDs we're interested in
            Acl acl = aclService.readAclById(oid, sids);

            if (acl.isGranted(requiredPermission, sids, false)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Access is granted");
                }

                return true;

            ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);

            // Obtain the SIDs applicable to the principal
            List<Sid> sids = sidRetrievalStrategy.getSids(authentication);

            Acl acl;

            try {
                // Lookup only ACLs for SIDs we're interested in
                acl = aclService.readAclById(objectIdentity, sids);
            } catch (NotFoundException nfe) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Voting to deny access - no ACLs apply for this principal");
                }

                return ACCESS_DENIED;
            }

            try {
                if (acl.isGranted(requirePermission, sids, false)) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Voting to grant access");
                    }

                    return ACCESS_GRANTED;