public void cachePermissionsFor(Authentication authentication, Collection<?> objects) { if (objects.isEmpty()) { return; } List<ObjectIdentity> oidsToCache = new ArrayList<>(objects.size()); for (Object domainObject : objects) { if (domainObject == null) { continue; } ObjectIdentity oid = oidRetrievalStrategy.getObjectIdentity(domainObject); oidsToCache.add(oid); } List<Sid> sids = sidRetrievalStrategy.getSids(authentication); if (logger.isDebugEnabled()) { logger.debug("Eagerly loading Acls for " + oidsToCache.size() + " objects"); } aclService.readAclsById(oidsToCache, sids); }
private boolean checkPermission(Authentication authentication, ObjectIdentity oid, Object permission) { // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); List<Permission> requiredPermission = resolvePermission(permission); final boolean debug = logger.isDebugEnabled(); if (debug) { logger.debug("Checking permission '" + permission + "' for object '" + oid + "'"); } try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(oid, sids); if (acl.isGranted(requiredPermission, sids, false)) { if (debug) { logger.debug("Access is granted"); } return true; } if (debug) { logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal"); } } catch (NotFoundException nfe) { if (debug) { logger.debug("Returning false - no ACLs apply for this principal"); } } return false; }
protected boolean hasPermission(Authentication authentication, Object domainObject) { // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy .getObjectIdentity(domainObject); // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(objectIdentity, sids); return acl.isGranted(requirePermission, sids, false); } catch (NotFoundException ignore) { return false; } }
List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
@Test public void roleHierarchyIsUsedWhenSet() throws Exception { RoleHierarchy rh = mock(RoleHierarchy.class); List rhAuthorities = AuthorityUtils.createAuthorityList("D"); when(rh.getReachableGrantedAuthorities(anyCollection())) .thenReturn(rhAuthorities); SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh); List<Sid> sids = strat.getSids(authentication); assertThat(sids).hasSize(2); assertThat(sids.get(0)).isNotNull(); assertThat(sids.get(0) instanceof PrincipalSid).isTrue(); assertThat(((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()).isEqualTo("D"); } }
@Test public void correctSidsAreRetrieved() throws Exception { SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl(); List<Sid> sids = retrStrategy.getSids(authentication); assertThat(sids).isNotNull(); assertThat(sids).hasSize(4); assertThat(sids.get(0)).isNotNull(); assertThat(sids.get(0) instanceof PrincipalSid).isTrue(); for (int i = 1; i < sids.size(); i++) { assertThat(sids.get(i) instanceof GrantedAuthoritySid).isTrue(); } assertThat(((PrincipalSid) sids.get(0)).getPrincipal()).isEqualTo("scott"); assertThat(((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()).isEqualTo("A"); assertThat(((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority()).isEqualTo("B"); assertThat(((GrantedAuthoritySid) sids.get(3)).getGrantedAuthority()).isEqualTo("C"); }
AccessContext(AccessContextFactory factory) { this.authentication = SecurityContextHolder.getContext().getAuthentication(); List<Sid> sids; if(this.authentication == null) { throw new AccessDeniedException("No credentials in context."); } else { sids = factory.sidStrategy.getSids(authentication); } this.aclService = factory.aclService; this.pgs = factory.pgs; this.sids = sids; }
public void cachePermissionsFor(Authentication authentication, Collection<?> objects) { if (objects.isEmpty()) { return; } List<ObjectIdentity> oidsToCache = new ArrayList<>(objects.size()); for (Object domainObject : objects) { if (domainObject == null) { continue; } ObjectIdentity oid = oidRetrievalStrategy.getObjectIdentity(domainObject); oidsToCache.add(oid); } List<Sid> sids = sidRetrievalStrategy.getSids(authentication); if (logger.isDebugEnabled()) { logger.debug("Eagerly loading Acls for " + oidsToCache.size() + " objects"); } aclService.readAclsById(oidsToCache, sids); }
private boolean checkPermission(Authentication authentication, ObjectIdentity oid, Object permission) { // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); List<Permission> requiredPermission = resolvePermission(permission); final boolean debug = logger.isDebugEnabled(); if (debug) { logger.debug("Checking permission '" + permission + "' for object '" + oid + "'"); } try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(oid, sids); if (acl.isGranted(requiredPermission, sids, false)) { if (debug) { logger.debug("Access is granted"); } return true; } if (debug) { logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal"); } } catch (NotFoundException nfe) { if (debug) { logger.debug("Returning false - no ACLs apply for this principal"); } } return false; }
protected boolean hasPermission(Authentication authentication, Object domainObject) { // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy .getObjectIdentity(domainObject); // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(objectIdentity, sids); return acl.isGranted(requirePermission, sids, false); } catch (NotFoundException ignore) { return false; } }
List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
public int vote(Authentication authentication, Object object, Collection attributes) { int result = ACCESS_ABSTAIN; for (ConfigAttribute attribute : (Collection<ConfigAttribute>)attributes) { if (this.supports(attribute)) { Object[] args; Class<?>[] params; if (object instanceof MethodInvocation) { MethodInvocation invocation = (MethodInvocation) object; params = invocation.getMethod().getParameterTypes(); args = invocation.getArguments(); } else { JoinPoint jp = (JoinPoint) object; params = ((CodeSignature) jp.getStaticPart().getSignature()) .getParameterTypes(); args = jp.getArgs(); } List<Sid> sids = sidRetrievalStrategy.getSids(authentication); injectIntoCriteria(sids, params, args); return result; } } return result; }
List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());
sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());
sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());
sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());
sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());