Java Acl类代码示例

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
@Override
public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> map = readAclsById(Arrays.asList(object), sids);
    Assert.isTrue(map.containsKey(object), "There should have been an Acl entry for ObjectIdentity " + object);

    return (Acl) map.get(object);
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
/**
 * Locates the primary key IDs specified in "findNow", adding AclImpl instances with StubAclParents to the
 * "acls" Map.
 *
 * @param acls the AclImpls (with StubAclParents)
 * @param findNow Long-based primary keys to retrieve
 * @param sids
 */
private void lookupPrimaryKeys(final Map<Serializable, Acl> acls, final Set<Long> findNow, final List<Sid> sids) {
    Assert.notNull(acls, "ACLs are required");
    Assert.notEmpty(findNow, "Items to find now required");

    String sql = computeRepeatingSql(lookupPrimaryKeysWhereClause, findNow.size());

    Set<Long> parentsToLookup = jdbcTemplate.query(sql,
        new PreparedStatementSetter() {
            public void setValues(PreparedStatement ps) throws SQLException {
                int i = 0;

                for (Long toFind : findNow) {
                    i++;
                    ps.setLong(i, toFind);
                }
            }
        }, new ProcessResultSet(acls, sids));

    // Lookup the parents, now that our JdbcTemplate has released the database connection (SEC-547)
    if (parentsToLookup.size() > 0) {
        lookupPrimaryKeys(acls, parentsToLookup, sids);
    }
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
public void deletePermis(
		Long objectIdentifier,
		Class<?> objectClass,
		Long permisId) {
	try {
		ObjectIdentity oid = new ObjectIdentityImpl(objectClass, objectIdentifier);
		Acl acl = aclService.readAclById(oid);
		for (AccessControlEntry ace: acl.getEntries()) {
			if (permisId.equals(ace.getId())) {
				assignarPermisos(
						ace.getSid(),
						objectClass,
						objectIdentifier,
						new Permission[] {},
						true);
			}
		}
	} catch (NotFoundException nfex) {
	}
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
@Override
public boolean isGranted(Acl acl, List<Permission> requests, List<Sid> sids, boolean administrativeMode) {
    PermissionData granted = getPermission(acl, sids);
    final int grantedMask = granted.getMask();
    boolean allow = false;
    for(Permission request: requests) {
        int reqMask = request.getMask();
        if((reqMask & grantedMask) == reqMask) {
            allow = true;
        }
        if(!allow) {
            // each false is mean disallow
            break;
        }
    }
    return allow;
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
/**
 * @param resultSet Set the result set
 * @param row Set the row
 * @return an access control entry
 * @throws SQLException if there is a problem
 */
public final AccessControlEntry mapRow(final ResultSet resultSet,
	 final int row) throws SQLException {
 ObjectIdentity objectIdentity = new ObjectIdentityImpl(
		 resultSet.getString("object_class"),
		 resultSet.getLong("object_identity"));
 Acl acl = new AclImpl(objectIdentity, 0, aclAuthorizationStrategy, auditLogger);
 int mask = resultSet.getInt("mask");
 Permission permission = null;
 if (mask == BasePermission.CREATE.getMask()) {
	 permission = BasePermission.CREATE;
 } else if (mask == BasePermission.READ.getMask()) {
	 permission = BasePermission.READ;
 } else if (mask == BasePermission.WRITE.getMask()) {
	 permission = BasePermission.WRITE;
 } else if (mask == BasePermission.DELETE.getMask()) {
	 permission = BasePermission.DELETE;
 }  else {
	 permission = BasePermission.ADMINISTRATION;
 }
 AccessControlEntry ace = new AccessControlEntryImpl(0, acl, sid,
		 permission, resultSet.getBoolean("granting"),
		 resultSet.getBoolean("auditSuccess"),
		 resultSet.getBoolean("auditFailure"));
 return ace;
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
/**
 * @param groupName The name of the group to delete
 */
@PreAuthorize("hasRole('PERMISSION_ADMINISTRATE') or hasRole('PERMISSION_DELETE_GROUP')")
@Transactional(readOnly = false)
public final void deleteGroup(final String groupName) {
 Assert.hasText(groupName);
 Group group = groupDao.find(groupName);
 for(User user : group.getMembers()) {
	 removeUserFromGroup(user.getUsername(), groupName);
 }
 for(Object[] objs : listAces(groupName)) {
	 Object object = objs[0];
	 Acl acl = (Acl)objs[1];
	 aclService.deleteAcl(acl.getObjectIdentity(), true);
 }
 groupDao.delete(groupName);
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
@Test
public void readAclById_withParentAcl_shouldLoadTheAcls() {
    Acl acl = fixture.readAclById(new ObjectIdentityImpl("com.cedac.smartresidence.profile.domain.Room", "1.1"));

    assertNotNull(acl);
    assertEquals("com.cedac.smartresidence.profile.domain.Room", acl.getObjectIdentity().getType());
    assertEquals("1.1", acl.getObjectIdentity().getIdentifier());
    assertNotNull(acl.getParentAcl());
    assertEquals(new PrincipalSid("[email protected]"), acl.getOwner());
    assertEquals(true, acl.isEntriesInheriting());
    assertEquals(0, acl.getEntries().size());

    assertEquals("com.cedac.smartresidence.profile.domain.Home", acl.getParentAcl().getObjectIdentity().getType());
    assertEquals("1", acl.getParentAcl().getObjectIdentity().getIdentifier());
    assertNull(acl.getParentAcl().getParentAcl());
    assertEquals(new PrincipalSid("[email protected]"), acl.getParentAcl().getOwner());
    assertEquals(true, acl.getParentAcl().isEntriesInheriting());
    assertEquals(6, acl.getParentAcl().getEntries().size());
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String entityType, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(entityType, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());
    String type;
    if (accessRequest.isPrincipal()) {
        type = MetadataConstants.TYPE_USER;
    } else {
        type = MetadataConstants.TYPE_GROUP;
    }
    if (AclEntityType.PROJECT_INSTANCE.equals(type)) {
        String prj = projectService.getProjectManager().getPrjByUuid(uuid).getName();
        String username = accessRequest.getSid();
        if (tableACLService.exists(prj, username, type)) {
            tableACLService.deleteFromTableACL(prj, username, type);
        }
    }
    return accessService.generateAceResponses(acl);
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase("user") && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase("group") && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new HashMap<>();

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects,
		List<Sid> sids) throws NotFoundException {
	Map<ObjectIdentity, Acl> result = doLookup(objects, sids);

	// Check every requested object identity was found (throw
	// NotFoundException if needed)
	for (ObjectIdentity oid : objects) {
		if (!result.containsKey(oid)) {
			throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'");
		}
	}

	return result;

}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
private void lookUpParentAcls(Map<Serializable, Acl> acls, Set<String> parentIds, List<Sid> sids) {
	QAclObjectIdentity aclObjectIdentity = QAclObjectIdentity.aclObjectIdentity;
	BooleanExpression objectIdentityCondition = null;
	for (String oid : parentIds) {
		BooleanExpression oidCondition = aclObjectIdentity.id.eq(oid);
		if (objectIdentityCondition == null) {
			objectIdentityCondition = oidCondition;
		} else {
			objectIdentityCondition = objectIdentityCondition.or(oidCondition);
		}
	}
	List<AclObjectIdentity> aoiList = (List<AclObjectIdentity>) objectIdentityRepository
			.findAll(objectIdentityCondition, aclObjectIdentity.objectIdIdentity.asc());
	Set<String> parentIdsToLookup = getParentIdsToLookup(acls, aoiList, sids);
	if (parentIdsToLookup != null && parentIdsToLookup.size() > 0) {
		lookUpParentAcls(acls, parentIdsToLookup, sids);
	}
}
 

import org.springframework.security.acls.model.Acl; //导入依赖的package包/类
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
       Assert.notNull(objectIdentity, "Object Identity required");

       // Check this object identity hasn't already been persisted
       if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
           throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
       }

       // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
       Authentication auth = SecurityContextHolder.getContext().getAuthentication();
       PrincipalSid sid = new PrincipalSid(auth);

       // Create the acl_object_identity row
       createObjectIdentity(objectIdentity, sid);

       // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
       Acl acl = readAclById(objectIdentity);
       Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

       return (MutableAcl) acl;
   }