Java AccessControlEntry类代码示例

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
public void deletePermis(
		Long objectIdentifier,
		Class<?> objectClass,
		Long permisId) {
	try {
		ObjectIdentity oid = new ObjectIdentityImpl(objectClass, objectIdentifier);
		Acl acl = aclService.readAclById(oid);
		for (AccessControlEntry ace: acl.getEntries()) {
			if (permisId.equals(ace.getId())) {
				assignarPermisos(
						ace.getSid(),
						objectClass,
						objectIdentifier,
						new Permission[] {},
						true);
			}
		}
	} catch (NotFoundException nfex) {
	}
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
/**
 * @param resultSet Set the result set
 * @param row Set the row
 * @return an access control entry
 * @throws SQLException if there is a problem
 */
public final AccessControlEntry mapRow(final ResultSet resultSet,
	 final int row) throws SQLException {
 ObjectIdentity objectIdentity = new ObjectIdentityImpl(
		 resultSet.getString("object_class"),
		 resultSet.getLong("object_identity"));
 Acl acl = new AclImpl(objectIdentity, 0, aclAuthorizationStrategy, auditLogger);
 int mask = resultSet.getInt("mask");
 Permission permission = null;
 if (mask == BasePermission.CREATE.getMask()) {
	 permission = BasePermission.CREATE;
 } else if (mask == BasePermission.READ.getMask()) {
	 permission = BasePermission.READ;
 } else if (mask == BasePermission.WRITE.getMask()) {
	 permission = BasePermission.WRITE;
 } else if (mask == BasePermission.DELETE.getMask()) {
	 permission = BasePermission.DELETE;
 }  else {
	 permission = BasePermission.ADMINISTRATION;
 }
 AccessControlEntry ace = new AccessControlEntryImpl(0, acl, sid,
		 permission, resultSet.getBoolean("granting"),
		 resultSet.getBoolean("auditSuccess"),
		 resultSet.getBoolean("auditFailure"));
 return ace;
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase("user") && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase("group") && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new HashMap<>();

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
@Test
public void readAclById_ValidObjectIdentity_ReturnData() throws Exception {
	// arrange 
	ObjectIdentity objectIdentity = new ObjectIdentityImpl("blog.core.Post", "1");

	// action
	Acl acl = mongodbAclService.readAclById(objectIdentity);
	
	// verify
	assertNotNull("Acl should not be null", acl);
	ObjectIdentity result = acl.getObjectIdentity();
	assertEquals(result.getIdentifier(), objectIdentity.getIdentifier());
	assertEquals(result.getType(), objectIdentity.getType());
	
	List<AccessControlEntry> entries = acl.getEntries();
	assertNotNull("Acl entries list should not be null", entries);
	assertEquals(3, entries.size());
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
@Override
public void deletePermission(Long securedObjectId, Class clazz, String recipient, boolean principal, Permission perm) 
{
	logger.debug("Remove the requested permission for the recipient.");
	MutableAcl acl = fetchAclForObject(clazz, securedObjectId);

	List<AccessControlEntry> entries = acl.getEntries();

	int i = 0;
	if (entries != null)
	{
		for (AccessControlEntry entry : entries)
		{
			if (entry.getSid().equals(recipient) && entry.getPermission().equals(perm))
				acl.deleteAce(i);
			else
				i++;
		}
	}

	aclService.updateAcl(acl);

	if (logger.isDebugEnabled()) {
		logger.debug("Deleted securedObject " + securedObjectId + " ACL permissions for recipient " + recipient);
	}
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
@SuppressWarnings("rawtypes")
public Map<Sid, List<AccessControlEntry>> getAclEntriesGroupedBySid(
		Serializable id,
		Class clazz) {
	ObjectIdentity oid = new ObjectIdentityImpl(clazz, id);
	try {
		Map<Sid, List<AccessControlEntry>> resposta = new HashMap<Sid, List<AccessControlEntry>>();
		List<AccessControlEntry> aces = aclServiceDao.findAclsByOid(oid);
		if (aces != null) {
			for (AccessControlEntry ace: aces) {
				List<AccessControlEntry> entriesForSid = resposta.get(ace.getSid());
				if (entriesForSid == null) {
					entriesForSid = new ArrayList<AccessControlEntry>();
					resposta.put(ace.getSid(), entriesForSid);
				}
				entriesForSid.add(ace);
			}
		}
		return resposta;
	} catch (NotFoundException ex) {
		return null;
	}
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
/**
   * Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.
   *
   * @param acl containing the ACEs to insert
   */
  protected void createEntries(final MutableAcl acl) {
if (acl.getEntries().isEmpty()) {
	return;
}
      jdbcTemplate.batchUpdate(insertEntry,
      	new BatchPreparedStatementSetter() {
              public int getBatchSize() {
                  return acl.getEntries().size();
              }

              public void setValues(PreparedStatement stmt, int i) throws SQLException {
                  AccessControlEntry entry_ = acl.getEntries().get(i);
                  Assert.isTrue(entry_ instanceof AccessControlEntryImpl, "Unknown ACE class");
                  AccessControlEntryImpl entry = (AccessControlEntryImpl) entry_;
                  stmt.setLong(1, ((Long) acl.getId()).longValue());
                  stmt.setInt(2, i);
                  stmt.setLong(3, createOrRetrieveSidPrimaryKey(entry.getSid(), true).longValue());
                  stmt.setInt(4, entry.getPermission().getMask());
                  stmt.setBoolean(5, entry.isGranting());
                  stmt.setBoolean(6, entry.isAuditSuccess());
                  stmt.setBoolean(7, entry.isAuditFailure());
              }
          });
  }
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
private void revocarPermisos(
		Sid sid,
		Class<?> objectClass,
		Serializable objectIdentifier,
		Permission[] permissions) throws NotFoundException {
	ObjectIdentity oid = new ObjectIdentityImpl(objectClass, objectIdentifier);
	try {
		MutableAcl acl = (MutableAcl)aclService.readAclById(oid);
		List<Integer> indexosPerEsborrar = new ArrayList<Integer>();
		int aceIndex = 0;
		for (AccessControlEntry ace: acl.getEntries()) {
			if (ace.getSid().equals(sid)) {
				for (Permission p: permissions) {
					if (p.equals(ace.getPermission()))
						indexosPerEsborrar.add(aceIndex);
				}
			}
			aceIndex++;
		}
		for (Integer index: indexosPerEsborrar)
			acl.deleteAce(index);
		aclService.updateAcl(acl);
	} catch (NotFoundException nfex) {
		// Si no troba l'ACL no fa res
	}
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
/**
 *
 * @param sid The Security ID
 * @return a list of Acls
 */
public final List<Object[]> listAces(final PrincipalSid sid) {
	Object[] args = new Object[1];
	args[0] = sid.getPrincipal();
	rowMapper.setSid(sid);
	List<AccessControlEntry> accessControlEntries = jdbcTemplate.query(selectEntries, args, rowMapper);
	List<Object[]> result = new ArrayList<Object[]>();
	for (AccessControlEntry accessControlEntry : accessControlEntries) {
		Object[] row = new Object[2];
		row[1] = accessControlEntry;
		Object obj = sessionFactory.getCurrentSession().load(
				accessControlEntry.getAcl().getObjectIdentity().getType(),
				accessControlEntry.getAcl().getObjectIdentity().getIdentifier());
		Hibernate.initialize(obj);
		row[0] = obj;
		result.add(row);
	}
	return result;
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
public void revokeProjectPermission(String name, String type) {
    //revoke user's project permission
    List<ProjectInstance> projectInstances = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).listAllProjects();
    for (ProjectInstance pi : projectInstances) {
        // after KYLIN-2760, only project ACL will work, so entity type is always ProjectInstance.
        AclEntity ae = getAclEntity("ProjectInstance", pi.getUuid());

        MutableAcl acl = (MutableAcl) getAcl(ae);
        if (acl == null) {
            return;
        }
        List<AccessControlEntry> aces = acl.getEntries();
        if (aces == null) {
            return;
        }

        int indexOfAce = -1;
        for (int i = 0; i < aces.size(); i++) {
            if (needRevoke(aces.get(i).getSid(), name, type)) {
                indexOfAce = i;
                break;
            }
        }
        deleteAndUpdate(acl, indexOfAce);
    }
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
protected void createEntries(final MutableAcl acl) {
	if (acl.getEntries() == null || acl.getEntries().size() == 0) return;
	int order = 0;
	for (AccessControlEntry entry_ : acl.getEntries()) {
		Assert.isTrue(entry_ instanceof AccessControlEntryImpl, "Unknown ACE class");
           AccessControlEntryImpl entry = (AccessControlEntryImpl) entry_;
           AclEntry aclEntry = new AclEntry();
           aclEntry.setSid(createOrRetrieveSidPrimaryKey(entry.getSid(), true));
           aclEntry.setOrder(order);
           aclEntry.setObjectIdentityId((String)acl.getId());
           aclEntry.setMask(entry.getPermission().getMask());
           aclEntry.setGranting(entry.isGranting());
           aclEntry.setAuditSuccess(entry.isAuditSuccess());
           aclEntry.setAuditFailure(entry.isAuditFailure());
           aclEntryRepository.save(aclEntry);
           
           order ++;
	}
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
/**
 * Create Entries for Acl
 * 
 * @param acl
 */
protected void createEntries(final MutableAcl acl) {
	if (acl.getEntries().isEmpty()) {
		return;
	}
	AclNode aclNode = retrieveAclNode(acl.getObjectIdentity());
	if (aclNode == null) {
		return;
	}
	Set<AceNode> aces = new HashSet<AceNode>();
	int i = aclNode.getAces().size();
	for (AccessControlEntry ace : acl.getEntries()) {
		AccessControlEntryImpl entry = (AccessControlEntryImpl) ace;
		aces.add(neo4jTemplate.save(new AceNode(createOrRetrieveSid(
				entry.getSid(), true), i, entry.getPermission().getMask(),
				entry.isGranting(), entry.isAuditSuccess(), entry
						.isAuditFailure())));
		i++;
	}
	aclNode.setAces(aces);
	AclNode savedAclNode = neo4jTemplate.save(aclNode);
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
@Test(expected = NotFoundException.class)
@Rollback(false)
@Transactional(rollbackFor = Exception.class)
public void test3DeleteAcl() {
	Authentication auth = new TestingAuthenticationToken("shazin", "N/A");
	auth.setAuthenticated(true);
	SecurityContextHolder.getContext().setAuthentication(auth);
	ObjectIdentity oid = new ObjectIdentityImpl("my.test.Class", 1l);
	MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);

	assertEquals(acl.getEntries().size(), 2);
	for (AccessControlEntry ace : acl.getEntries()) {
		assertEquals(ace.getAcl().getObjectIdentity(), oid);
	}

	mutableAclService.deleteAcl(oid, true);

	mutableAclService.readAclById(oid);
}
 

import org.springframework.security.acls.model.AccessControlEntry; //导入依赖的package包/类
@Override
public boolean checkObjectPublic(Long securedObjectId, Class clazz)
{
	logger.debug("Checking if secure objectId: " + securedObjectId + " of class: " + clazz.getName() + " is Public.");
	MutableAcl acl = aclOperationService.fetchAclForObject(clazz, securedObjectId);
	List<AccessControlEntry> entries = acl.getEntries();
	if (entries != null)
	{
		for (AccessControlEntry entry : entries)
		{
			if (entry.getSid() instanceof GrantedAuthoritySid)
			{
				GrantedAuthoritySid gaSid = (GrantedAuthoritySid) entry.getSid();
				if (CaNanoRoleEnum.ROLE_ANONYMOUS.toString().equals(gaSid.getGrantedAuthority())) 
					return true;
			}
		}
	}
	return false;
}