org.springframework.security.acls.model.Acl.isGranted()方法的使用及代码示例

x33g5p2x  于2022-01-16 转载在 其他  
字(12.2k)|赞(0)|评价(0)|浏览(196)

本文整理了Java中org.springframework.security.acls.model.Acl.isGranted()方法的一些代码示例,展示了Acl.isGranted()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Acl.isGranted()方法的具体详情如下:
包路径:org.springframework.security.acls.model.Acl
类名称:Acl
方法名:isGranted

Acl.isGranted介绍

[英]This is the actual authorization logic method, and must be used whenever ACL authorization decisions are required.

An array of Sids are presented, representing security identifies of the current principal. In addition, an array of Permissions is presented which will have one or more bits set in order to indicate the permissions needed for an affirmative authorization decision. An array is presented because holding any of the Permissions inside the array will be sufficient for an affirmative authorization.

The actual approach used to make authorization decisions is left to the implementation and is not specified by this interface. For example, an implementation MAY search the current ACL in the order the ACL entries have been stored. If a single entry is found that has the same active bits as are shown in a passed Permission, that entry's grant or deny state may determine the authorization decision. If the case of a deny state, the deny decision will only be relevant if all other Permissions passed in the array have also been unsuccessfully searched. If no entry is found that match the bits in the current ACL, provided that #isEntriesInheriting() is true, the authorization decision may be passed to the parent ACL. If there is no matching entry, the implementation MAY throw an exception, or make a predefined authorization decision.

This method must operate correctly even if the Acl only represents a subset of Sids, although the implementation is permitted to throw one of the signature-defined exceptions if the method is called requesting an authorization decision for a Sid that was never loaded in this Acl .
[中]这是实际的授权逻辑方法,必须在需要ACL授权决策时使用。
给出了一个SID数组,表示当前主体的安全标识。此外,还提供了一个权限数组,其中将设置一个或多个位,以指示肯定授权决策所需的权限。显示数组是因为在数组中保留任何权限就足以获得肯定授权。
用于做出授权决策的实际方法由实现决定,而不是由该接口指定。例如,实现可以按照ACL条目的存储顺序搜索当前ACL。如果发现单个条目具有与已传递权限中显示的相同的活动位,则该条目的“授予”或“拒绝”状态可能决定授权决策。如果是拒绝状态,则仅当数组中传递的所有其他权限也未成功搜索时,拒绝决策才相关。如果未找到与当前ACL中的位匹配的条目,只要#isEntriesInheriting()为true,则可以将授权决策传递给父ACL。如果没有匹配的条目,则实现可能会引发异常,或做出预定义的授权决策。
即使Acl仅表示Sid的子集,此方法也必须正确运行,尽管如果调用该方法请求从未加载到此Acl中的Sid的授权决策,则允许实现抛出一个签名定义的异常。

代码示例

代码示例来源:origin: spring-projects/spring-security

private boolean checkPermission(Authentication authentication, ObjectIdentity oid,
    Object permission) {
  // Obtain the SIDs applicable to the principal
  List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
  List<Permission> requiredPermission = resolvePermission(permission);
  final boolean debug = logger.isDebugEnabled();
  if (debug) {
    logger.debug("Checking permission '" + permission + "' for object '" + oid
        + "'");
  }
  try {
    // Lookup only ACLs for SIDs we're interested in
    Acl acl = aclService.readAclById(oid, sids);
    if (acl.isGranted(requiredPermission, sids, false)) {
      if (debug) {
        logger.debug("Access is granted");
      }
      return true;
    }
    if (debug) {
      logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
    }
  }
  catch (NotFoundException nfe) {
    if (debug) {
      logger.debug("Returning false - no ACLs apply for this principal");
    }
  }
  return false;
}

代码示例来源:origin: spring-projects/spring-security

protected boolean hasPermission(Authentication authentication, Object domainObject) {
  // Obtain the OID applicable to the domain object
  ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy
      .getObjectIdentity(domainObject);
  // Obtain the SIDs applicable to the principal
  List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
  try {
    // Lookup only ACLs for SIDs we're interested in
    Acl acl = aclService.readAclById(objectIdentity, sids);
    return acl.isGranted(requirePermission, sids, false);
  }
  catch (NotFoundException ignore) {
    return false;
  }
}

代码示例来源:origin: spring-projects/spring-security

if (acl.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), sids, false)) {
  return;

代码示例来源:origin: spring-projects/spring-security

if (acl.isGranted(requirePermission, sids, false)) {
  if (logger.isDebugEnabled()) {
    logger.debug("Voting to grant access");

代码示例来源:origin: spring-projects/spring-security

@Test
public void hasPermissionReturnsTrueIfAclGrantsPermission() throws Exception {
  AclService service = mock(AclService.class);
  AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
  ObjectIdentity oid = mock(ObjectIdentity.class);
  ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
  when(oidStrategy.getObjectIdentity(any(Object.class))).thenReturn(oid);
  pe.setObjectIdentityRetrievalStrategy(oidStrategy);
  pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
  Acl acl = mock(Acl.class);
  when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
  when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);
  assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "READ")).isTrue();
}

代码示例来源:origin: spring-projects/spring-security

@Test
  public void resolvePermissionNonEnglishLocale() {
    Locale systemLocale = Locale.getDefault();
    Locale.setDefault(new Locale("tr"));

    AclService service = mock(AclService.class);
    AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
    ObjectIdentity oid = mock(ObjectIdentity.class);
    ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
    when(oidStrategy.getObjectIdentity(any(Object.class))).thenReturn(oid);
    pe.setObjectIdentityRetrievalStrategy(oidStrategy);
    pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
    Acl acl = mock(Acl.class);

    when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
    when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);

    assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "write")).isTrue();

    Locale.setDefault(systemLocale);
  }
}

代码示例来源:origin: spring-projects/spring-security

@Test
public void objectsAreRemovedIfPermissionDenied() throws Exception {
  AclService service = mock(AclService.class);
  Acl acl = mock(Acl.class);
  when(acl.isGranted(any(), any(), anyBoolean())).thenReturn(
      false);
  when(service.readAclById(any(), any())).thenReturn(
      acl);
  AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider(
      service, Arrays.asList(mock(Permission.class)));
  provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
  provider.setProcessDomainObjectClass(Object.class);
  provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
  Object returned = provider.decide(mock(Authentication.class), new Object(),
      SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), new ArrayList(
          Arrays.asList(new Object(), new Object())));
  assertThat(returned).isInstanceOf(List.class);
  assertThat(((List) returned)).isEmpty();
  returned = provider.decide(mock(Authentication.class), new Object(),
      SecurityConfig.createList("UNSUPPORTED", "AFTER_ACL_COLLECTION_READ"),
      new Object[] { new Object(), new Object() });
  assertThat(returned instanceof Object[]).isTrue();
  assertThat(((Object[]) returned).length == 0).isTrue();
}

代码示例来源:origin: spring-projects/spring-security

@Test
public void accessIsAllowedIfPermissionIsGranted() {
  AclService service = mock(AclService.class);
  Acl acl = mock(Acl.class);
  when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(
      true);
  when(service.readAclById(any(), any())).thenReturn(
      acl);
  AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
      service, Arrays.asList(mock(Permission.class)));
  provider.setMessageSource(new SpringSecurityMessageSource());
  provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
  provider.setProcessDomainObjectClass(Object.class);
  provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
  Object returned = new Object();
  assertThat(
      returned)
    .isSameAs(
      provider.decide(mock(Authentication.class), new Object(),
          SecurityConfig.createList("AFTER_ACL_READ"), returned));
}

代码示例来源:origin: spring-projects/spring-security

assertThat(foundChildAcl.isGranted(checkPermission, sids, false)).isTrue();
assertThat(foundParent2Acl.isGranted(checkPermission, sids, false)).isTrue();

代码示例来源:origin: spring-projects/spring-security

@Test(expected = AccessDeniedException.class)
public void accessIsDeniedIfPermissionIsNotGranted() {
  AclService service = mock(AclService.class);
  Acl acl = mock(Acl.class);
  when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(
      false);
  // Try a second time with no permissions found
  when(acl.isGranted(any(), any(List.class), anyBoolean())).thenThrow(
      new NotFoundException(""));
  when(service.readAclById(any(), any())).thenReturn(
      acl);
  AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
      service, Arrays.asList(mock(Permission.class)));
  provider.setProcessConfigAttribute("MY_ATTRIBUTE");
  provider.setMessageSource(new SpringSecurityMessageSource());
  provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
  provider.setProcessDomainObjectClass(Object.class);
  provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
  try {
    provider.decide(mock(Authentication.class), new Object(),
        SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"),
        new Object());
    fail("Expected Exception");
  }
  catch (AccessDeniedException expected) {
  }
  // Second scenario with no acls found
  provider.decide(mock(Authentication.class), new Object(),
      SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object());
}

代码示例来源:origin: spring-projects/spring-security

return acl.getParentAcl().isGranted(permission, sids, false);

代码示例来源:origin: codeabovelab/haven-platform

/**
 * Check access for specified object
 * @param o
 * @param perms
 * @return
 */
public boolean isGranted(ObjectIdentity o, Permission ... perms) {
  Assert.notNull(o, "Secured object is null");
  if (isAdminFor(o)) {
    return true;
  }
  try {
    Acl acl = aclService.readAclById(o);
    return acl.isGranted(Arrays.asList(perms), sids, false);
  } catch (NotFoundException e) {
    return false;
  }
}

代码示例来源:origin: com.foreach.across.modules/spring-security-acl-module

@Transactional(readOnly = true)
@Override
public boolean hasPermission( SecurityPrincipal principal, IdBasedEntity entity, AclPermission permission ) {
  List<Sid> sids = buildSids( principal );
  List<Permission> aclPermissions = Collections.singletonList( permission );
  try {
    // Lookup only ACLs for SIDs we're interested in
    Acl acl = aclService.readAclById( objectIdentity( entity ), sids );
    if ( acl.isGranted( aclPermissions, sids, false ) ) {
      return true;
    }
  }
  catch ( NotFoundException nfe ) {
    return false;
  }
  return false;
}

代码示例来源:origin: apache/servicemix-bundles

private boolean checkPermission(Authentication authentication, ObjectIdentity oid,
    Object permission) {
  // Obtain the SIDs applicable to the principal
  List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
  List<Permission> requiredPermission = resolvePermission(permission);
  final boolean debug = logger.isDebugEnabled();
  if (debug) {
    logger.debug("Checking permission '" + permission + "' for object '" + oid
        + "'");
  }
  try {
    // Lookup only ACLs for SIDs we're interested in
    Acl acl = aclService.readAclById(oid, sids);
    if (acl.isGranted(requiredPermission, sids, false)) {
      if (debug) {
        logger.debug("Access is granted");
      }
      return true;
    }
    if (debug) {
      logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal");
    }
  }
  catch (NotFoundException nfe) {
    if (debug) {
      logger.debug("Returning false - no ACLs apply for this principal");
    }
  }
  return false;
}

代码示例来源:origin: apache/servicemix-bundles

protected boolean hasPermission(Authentication authentication, Object domainObject) {
  // Obtain the OID applicable to the domain object
  ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy
      .getObjectIdentity(domainObject);
  // Obtain the SIDs applicable to the principal
  List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
  try {
    // Lookup only ACLs for SIDs we're interested in
    Acl acl = aclService.readAclById(objectIdentity, sids);
    return acl.isGranted(requirePermission, sids, false);
  }
  catch (NotFoundException ignore) {
    return false;
  }
}

代码示例来源:origin: apache/servicemix-bundles

if (acl.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), sids, false)) {
  return;

代码示例来源:origin: sk.seges.acris/acris-security-spring

if (!acl.isGranted(requirePermission, sids, false)) {
  if (logger.isDebugEnabled()) {
    logger.debug(

代码示例来源:origin: thymeleaf/thymeleaf-extras-springsecurity

if (acl.isGranted(permissions, sids, false)) {

代码示例来源:origin: thymeleaf/thymeleaf-extras-springsecurity

if (acl.isGranted(permissions, sids, false)) {

代码示例来源:origin: org.molgenis/molgenis-security

return acl.getParentAcl().isGranted(permission, sids, false);
} else {

相关文章