org.springframework.security.acls.model.Acl类的使用及代码示例

x33g5p2x  于2022-01-16 转载在 其他  
字(9.9k)|赞(0)|评价(0)|浏览(220)

本文整理了Java中org.springframework.security.acls.model.Acl类的一些代码示例,展示了Acl类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Acl类的具体详情如下:
包路径:org.springframework.security.acls.model.Acl
类名称:Acl

Acl介绍

[英]Represents an access control list (ACL) for a domain object.

An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the org.springframework.security.acls.model.ObjectIdentity interface.

Implementing classes may elect to return instances that represent org.springframework.security.acls.model.Permission information for either some OR all org.springframework.security.acls.model.Sid instances. Therefore, an instance may NOT necessarily contain ALL Sids for a given domain object.
[中]表示域对象的访问控制列表(ACL)。
Acl表示给定域对象的所有Acl条目。为了避免需要引用域对象本身,此接口通过组织处理域对象和ACL对象标识之间的间接寻址。springframework。安全ACL。模型对象性接口。
实现类可以选择返回表示组织的实例。springframework。安全ACL。模型部分或全部组织的权限信息。springframework。安全ACL。模型Sid实例。因此,实例不一定包含给定域对象的所有SID。

代码示例

代码示例来源:origin: spring-projects/spring-security

private boolean checkPermission(Authentication authentication, ObjectIdentity oid,
    Object permission) {
  // Obtain the SIDs applicable to the principal
  List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
  List<Permission> requiredPermission = resolvePermission(permission);
  final boolean debug = logger.isDebugEnabled();
  if (debug) {
    logger.debug("Checking permission '" + permission + "' for object '" + oid
        + "'");
  }
  try {
    // Lookup only ACLs for SIDs we're interested in
    Acl acl = aclService.readAclById(oid, sids);
    if (acl.isGranted(requiredPermission, sids, false)) {
      if (debug) {
        logger.debug("Access is granted");
      }
      return true;
    }
    if (debug) {
      logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
    }
  }
  catch (NotFoundException nfe) {
    if (debug) {
      logger.debug("Returning false - no ACLs apply for this principal");
    }
  }
  return false;
}

代码示例来源:origin: spring-projects/spring-security

boolean administrativeMode) throws NotFoundException {
final List<AccessControlEntry> aces = acl.getEntries();
if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) {
  return acl.getParentAcl().isGranted(permission, sids, false);

代码示例来源:origin: spring-projects/spring-security

@Override
public String toString() {
  StringBuilder sb = new StringBuilder();
  sb.append("AclImpl[");
  sb.append("id: ").append(this.id).append("; ");
  sb.append("objectIdentity: ").append(this.objectIdentity).append("; ");
  sb.append("owner: ").append(this.owner).append("; ");
  int count = 0;
  for (AccessControlEntry ace : aces) {
    count++;
    if (count == 1) {
      sb.append("\n");
    }
    sb.append(ace).append("\n");
  }
  if (count == 0) {
    sb.append("no ACEs; ");
  }
  sb.append("inheriting: ").append(this.entriesInheriting).append("; ");
  sb.append("parent: ").append(
      (this.parentAcl == null) ? "Null" : this.parentAcl.getObjectIdentity()
          .toString());
  sb.append("; ");
  sb.append("aclAuthorizationStrategy: ").append(this.aclAuthorizationStrategy)
      .append("; ");
  sb.append("permissionGrantingStrategy: ").append(this.permissionGrantingStrategy);
  sb.append("]");
  return sb.toString();
}

代码示例来源:origin: apache/kylin

public Object generateAllAceResponses(Acl acl) {
  List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
  while (acl != null) {
    for (AccessControlEntry ace : acl.getEntries()) {
      result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
    }
    acl = acl.getParentAcl();
  }
  return result;
}

代码示例来源:origin: spring-projects/spring-security

if (acl.isSidLoaded(sids)) {
  result.put(acl.getObjectIdentity(), acl);
  aclFound = true;

代码示例来源:origin: spring-projects/spring-security

if (currentUser.equals(acl.getOwner())
    && ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
  return;
if (acl.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), sids, false)) {
  return;

代码示例来源:origin: codeabovelab/haven-platform

public Builder from(Acl aclData) {
  if(aclData instanceof MutableAcl) {
    this.setId((Long)((MutableAcl) aclData).getId());
  }
  final List<AccessControlEntry> srcEntries = aclData.getEntries();
  if(srcEntries != null) {
    final int size = srcEntries.size();
    final List<AceData> aceDatas = new ArrayList<>(size);
    for(int i = 0; i < size; ++i) {
      AccessControlEntry entry = srcEntries.get(i);
      AceData aceData = AceDataImpl.builder().from(entry).build();
      aceDatas.add(aceData);
    }
    this.setEntries(aceDatas);
  }
  this.setObjectIdentity(aclData.getObjectIdentity());
  this.setOwner(aclData.getOwner());
  Acl parentAcl = aclData.getParentAcl();
  if(parentAcl != null) {
    this.setParentAclData(AclDataImpl.builder().from(parentAcl).build());
  }
  this.setEntriesInheriting(aclData.isEntriesInheriting());
  return this;
}

代码示例来源:origin: codeabovelab/haven-platform

Assert.notNull(userDetailsService, "userDetailsService is null");
final Sid ownerSid = acl.getOwner();
final String ownerTenantId = getTenantFromSid(ownerSid);
if(ownerTenantId == MultiTenancySupport.NO_TENANT) {
  throw new RuntimeException("Can not retrieve tenant from acl owner: acl.objectIdentity=" + acl.getObjectIdentity().getIdentifier());
final List<AccessControlEntry> aces = acl.getEntries();
pgc.setHasAces(!aces.isEmpty());

代码示例来源:origin: apache/kylin

private List<Sid> getAllSids(String project) {
  List<Sid> allSids = new ArrayList<>();
  ProjectInstance prj = projectService.getProjectManager().getProject(project);
  AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid());
  Acl acl = accessService.getAcl(ae);
  if (acl != null && acl.getEntries() != null) {
    for (AccessControlEntry ace : acl.getEntries()) {
      allSids.add(ace.getSid());
    }
  }
  return allSids;
}

代码示例来源:origin: spring-projects/spring-security

assertThat(childAcl.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid());

代码示例来源:origin: apache/servicemix-bundles

if (currentUser.equals(acl.getOwner())
    && ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
  return;
if (acl.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), sids, false)) {
  return;

代码示例来源:origin: apache/kylin

public List<String> getAllAclSids(Acl acl, String type) {
  if (null == acl) {
    return Collections.emptyList();
  }
  List<String> result = new ArrayList<>();
  for (AccessControlEntry ace : acl.getEntries()) {
    String name = null;
    if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
      name = ((PrincipalSid) ace.getSid()).getPrincipal();
    }
    if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
      name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
    }
    if (!StringUtils.isBlank(name)) {
      result.add(name);
    }
  }
  return result;
}

代码示例来源:origin: apache/servicemix-bundles

if (acl.isSidLoaded(sids)) {
  result.put(acl.getObjectIdentity(), acl);
  aclFound = true;

代码示例来源:origin: spring-projects/spring-security

protected boolean hasPermission(Authentication authentication, Object domainObject) {
  // Obtain the OID applicable to the domain object
  ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy
      .getObjectIdentity(domainObject);
  // Obtain the SIDs applicable to the principal
  List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
  try {
    // Lookup only ACLs for SIDs we're interested in
    Acl acl = aclService.readAclById(objectIdentity, sids);
    return acl.isGranted(requirePermission, sids, false);
  }
  catch (NotFoundException ignore) {
    return false;
  }
}

代码示例来源:origin: org.molgenis/molgenis-security

public boolean isGranted(
  Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) {
 final List<AccessControlEntry> aces = acl.getEntries();
 if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) {
  return acl.getParentAcl().isGranted(permission, sids, false);
 } else {

代码示例来源:origin: spring-projects/spring-security

resultMap.put(result.getObjectIdentity(), result);

代码示例来源:origin: apache/kylin

public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg,
    boolean isCaseSensitive) {
  if (null == acl) {
    return Collections.emptyList();
  }
  List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
  for (AccessControlEntry ace : acl.getEntries()) {
    if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) {
      continue;
    }
    result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
  }
  return result;
}

代码示例来源:origin: spring-projects/spring-security

if (acl.isGranted(requirePermission, sids, false)) {
  if (logger.isDebugEnabled()) {
    logger.debug("Voting to grant access");

代码示例来源:origin: apache/servicemix-bundles

boolean administrativeMode) throws NotFoundException {
final List<AccessControlEntry> aces = acl.getEntries();
if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) {
  return acl.getParentAcl().isGranted(permission, sids, false);

代码示例来源:origin: spring-projects/spring-security

@Test
public void testAllParentsAreRetrievedWhenChildIsLoaded() throws Exception {
  String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,103,1,1,1);";
  getJdbcTemplate().execute(query);
  ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(100));
  ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(101));
  ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(102));
  ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(103));
  // Retrieve the child
  Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(childOid), null);
  // Check that the child and all its parents were retrieved
  assertThat(map.get(childOid)).isNotNull();
  assertThat(map.get(childOid).getObjectIdentity()).isEqualTo(childOid);
  assertThat(map.get(middleParentOid)).isNotNull();
  assertThat(map.get(middleParentOid).getObjectIdentity()).isEqualTo(middleParentOid);
  assertThat(map.get(topParentOid)).isNotNull();
  assertThat(map.get(topParentOid).getObjectIdentity()).isEqualTo(topParentOid);
  // The second parent shouldn't have been retrieved
  assertThat(map.get(middleParent2Oid)).isNull();
}

相关文章