1
0
mirror of synced 2026-07-18 00:55:15 +00:00

Compare commits

..

145 Commits

Author SHA1 Message Date
Rob Winch c33fc00507 Release 5.0.9.RELEASE
Fixes: gh-5973
2018-10-15 14:56:03 -05:00
Rob Winch 1150dafd55 Update to Thymeleaf 3.0.10.RELEASE
Fixes: gh-5972
2018-10-15 14:54:02 -05:00
Rob Winch 4f80b9d737 Update to htmlunit driver 2.33.0
Fixes: gh-5971
2018-10-15 14:53:47 -05:00
Rob Winch e6f5d4f13b Update to Unboundid 4.0.8
Fixes: gh-5970
2018-10-15 14:53:36 -05:00
Rob Winch 23dfe33877 Update JAXB 2.3.0.1
Fixes: gh-5969
2018-10-15 14:53:24 -05:00
Rob Winch 0e2b75e994 Update to Jackson 2.9.7
Fixes: gh-5968
2018-10-15 14:53:12 -05:00
Rob Winch e9e57b7509 Update to Spring Data Kay SR11
Fixes: gh-5967
2018-10-15 14:52:57 -05:00
Rob Winch c60a3e165e Update to Spring 5.0.10.RELEASE
Fixes: gh-5966
2018-10-15 14:52:42 -05:00
Rob Winch 3a756bfa57 Update to Reactor Bismuth SR12
Fixes: gh-5965
2018-10-15 14:52:34 -05:00
Josh Cummings 800157fe42 Password Modify Extended Operation Support
LdapUserDetailsManager can be configured to either use direct
attribute modification or the LDAP Password Modify Extended Operation
to change a user's password.

Fixes: gh-3392
2018-10-15 11:43:15 -06:00
Josh Cummings ba32758b92 UnboundIdContainer Random Port Support
Setting a port of 0 will now induce the container to select a random
port.

Fixes: gh-5920
2018-10-15 11:43:14 -06:00
Josh Cummings 05e940692a Polish UnboundIdContainerTests
Basic startup test now confirms successful startup instead of
asserting on startup failure.

Issue: gh-5920
2018-10-15 11:43:14 -06:00
Johnny Lim 5e74da9b4f Add a missing space in Secured.value() signature 2018-10-03 14:49:45 -04:00
Joe Grandja 9a49795abc Ensure consistent matching of redirect_uri
Fixes gh-5756
2018-09-20 12:15:43 -04:00
Rob Winch 566fb939ca Fix SwitchUserFilter matchers
Fixes: gh-4249
2018-09-14 10:04:46 -05:00
Rob Winch 5b26158f4d AntPathRequestMatcher supports UrlPathHelper
Fixes: gh-5846
2018-09-14 10:04:46 -05:00
Joe Grandja a7eaaec431 Next Development Version 2018-09-10 17:14:07 -04:00
Joe Grandja 5fde56d84a Release 5.0.8.RELEASE 2018-09-10 10:01:43 -04:00
Joe Grandja 10d53be70b Update to Spring Data Kay-SR10
Fixes gh-5808
2018-09-10 09:30:11 -04:00
Joe Grandja 93e0ce5236 Update to Reactor Bismuth-SR11
Fixes gh-5807
2018-09-07 14:57:36 -04:00
Joe Grandja 677a9634b8 Update to Spring 5.0.9
Fixes gh-5806
2018-09-07 14:57:36 -04:00
Joe Grandja 6d72c3f3aa Update to javax.servlet.jsp-api:2.3.3
Fixes gh-5805
2018-09-07 14:57:36 -04:00
Joe Grandja 67fcd51d59 Update to hibernate-validator:6.0.12.Final
Fixes gh-5804
2018-09-07 14:57:36 -04:00
Joe Grandja 15a777d534 Update to oauth2-oidc-sdk:5.64.4
Fixes gh-5803
2018-09-07 14:57:36 -04:00
Joe Grandja 7e0622c7be Update to unboundid-ldapsdk:4.0.7
Fixes gh-5802
2018-09-07 14:57:36 -04:00
Joe Grandja 07dd883d6d Update to javax.persistence:2.2.1
Fixes gh-5801
2018-09-07 14:57:36 -04:00
Rob Winch 8170e47ff2 Fix OptimizeAntPathRequestMatcher
Previously the logic for determining if the pathInfo should be appended
was inverted.

This correctly concatenates url + pathInfo if url is a non empty String.

Fixes: gh-5473
2018-09-07 11:51:50 -06:00
Christoph Dreis c408fb7edf Optimize AntPathRequestMatcher.getRequestPath() 2018-09-07 11:51:29 -06:00
Josh Cummings 4ff0fdfff9 Polish Commit on Reactive Http Basic Test 2018-09-07 11:39:54 -06:00
Tim Koopman 47b82ccd83 Reactive HttpBasic Support For Coloned Passwords
This makes so that reactive httpBasic supports passwords containing
one or more colons.
2018-09-07 11:39:41 -06:00
Rob Winch 54cc2e4509 Fix settings.gradle on Windows
Fixes: gh-5724
2018-09-07 11:37:19 -06:00
Rob Winch 31650d7eaa Ensure NamingException.resolvedObj is Serializable
Fixes: gh-5378
2018-09-04 11:06:37 -05:00
Johnny Lim 5888a3f6b7 Fix typo
Closes #5579
2018-08-03 09:58:40 -05:00
Rob Winch 87a5c16b53 Add @Configuration to ServerHttpSecurityConfiguration
Fixes: gh-5635
2018-08-03 09:39:17 -05:00
Rob Winch 4b407189c2 ServerHttpBasicAuthenticationConverter Validates Scheme Name
Fixes: gh-5615
2018-07-31 09:12:39 -05:00
Rob Winch 96c944c4fc BasicAuthenticationFilter case insenstive
Fixes: gh-5616
2018-07-31 09:11:54 -05:00
Joe Grandja 1bbae835a4 ClaimAccessor.getClaimAsString() checks null claim value
Fixes gh-5608
2018-07-30 15:41:46 -04:00
Josh Cummings de640a10d6 Next Development Version 2018-07-26 16:02:51 -06:00
Josh Cummings 85c8d53b36 Release 5.0.7.RELEASE 2018-07-26 14:46:31 -06:00
Josh Cummings 2d6bcf2cc3 Update to Spring Data Kay SR8
Fixes: gh-5591
2018-07-26 14:43:54 -06:00
Josh Cummings 18b98fc607 Update to Spring Framework 5.0.8
Fixes: gh-5590
2018-07-26 14:42:39 -06:00
Joe Grandja 7bf8091e22 Update to hibernate-validator:6.0.11.Final
Fixes gh-5576
2018-07-24 17:26:17 -04:00
Joe Grandja d19d03dea8 Update to bcpkix-jdk15on:1.60
Fixes gh-5574
2018-07-24 17:26:16 -04:00
Joe Grandja 35df3ff89b Update to org.apache.httpcomponents:httpclient:4.5.6
Fixes gh-5573
2018-07-24 17:26:16 -04:00
Joe Grandja 5f75e137d8 Update to ehcache:2.10.5
Fixes gh-5572
2018-07-24 17:26:16 -04:00
Joe Grandja b988f656c6 Update to javax.servlet.jsp.jstl-api:1.2.2
Fixes gh-5571
2018-07-24 17:26:16 -04:00
Joe Grandja 06fff9441e Update to oauth2-oidc-sdk:5.64.2
Fixes gh-5569
2018-07-24 17:26:16 -04:00
Joe Grandja edb354a2a9 Update to nimbus-jose-jwt:5.14
Fixes gh-5568
2018-07-24 17:26:16 -04:00
Joe Grandja 1ce0cf44a8 Update to cglib-nodep:3.2.7
Fixes gh-5567
2018-07-24 17:26:16 -04:00
Josh Cummings ffd8f7c8e4 Close Nimbus Information Leak
This commit captures and remaps the exception that Nimbus throws
when a PlainJWT is presented to it.

While the surrounding classes are likely only used today by the
oauth2Login flow, since they are public, we'll patch them at this
point for anyone who may be using them directly.

Fixes: gh-5457
2018-07-24 13:24:34 -06:00
Rob Winch ecaa2c5b1c Cache Control disabled for 304
Fixes: gh-5534
2018-07-17 22:13:52 -05:00
Rob Winch a1c381c276 Add JdbcUserDetailsManager(DataSource) constructor
Fixes: gh-5512
2018-07-13 15:58:36 -05:00
mhyeon.lee 1b213d65d2 Enhance OAuth2AccessToken to be serializable
Change the TokenType to Serializable
so that the OAuth2AccessToken can be serialized.
(org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType)

Fixes gh-5492
2018-07-13 12:10:55 -04:00
mhyeon.lee eb897ac69c Fix oauth2login loginProcessingUrl NPE for java config
Java Config http.oauth2Login().loginProcessingUrl("url"); throws NPE.
Override loginProcessingUrl method and cached config url.
Then when the config is initialized,
it calls the super method to complete the configuration.

Fixes gh-5488
2018-07-13 11:42:43 -04:00
Rob Winch bd8180da12 Update to Spring Boot 2.0.3.RELEASE
Issue: gh-5454
2018-06-20 15:53:56 -05:00
Rob Winch 5dabff25c3 Next Development Version 2018-06-12 21:24:07 -05:00
Rob Winch 09429479fe Release 5.0.6.RELEASE 2018-06-12 21:23:02 -05:00
Rob Winch dc602c0840 Update to Spring Framework 5.0.7
Fixes: gh-5425
2018-06-12 16:51:01 -05:00
Rob Winch fedc183b5b Fix htmlunit
Fixes: gh-5426
2018-06-12 16:50:52 -05:00
Rob Winch d3f12f0ee7 Update to Selenium 3.12.0
Fixes: gh-5427
2018-06-12 16:50:48 -05:00
Rob Winch 2a723cf5c7 Update to htmlunit-driver:2.31.0
Fixes: gh-5428
2018-06-12 16:50:42 -05:00
Rob Winch 6f32303866 Update to hibernate-validator:6.0.10.Final
Fixes: gh-5429
2018-06-12 16:50:34 -05:00
Rob Winch 400adaef1c Update to Hibernate 5.2.17
Fixes: gh-5430
2018-06-12 16:50:29 -05:00
Rob Winch 9924d6e920 Update to hsqldb:2.4.1
Fixes: gh-5431
2018-06-12 16:50:23 -05:00
Rob Winch 6cfd30aee8 Update to assertj-core:3.10.0
Fixes: gh-5432
2018-06-12 16:50:15 -05:00
Rob Winch 1abdb69615 Update to htmlunit:2.31
Fixes: gh-5433
2018-06-12 16:49:23 -05:00
Rob Winch b07f6b0178 Update to unboundid-ldapsdk:4.0.6
Fixes: gh-54234
2018-06-12 16:49:10 -05:00
Rob Winch f0eec1b03b Update to oauth2-oidc-sdk:5.62
Fixes: gh-5435
2018-06-12 16:48:57 -05:00
Rob Winch 6ca6d80184 Update to nimbus-jose-jwt:5.11
Fixes: gh-5436
2018-06-12 16:47:35 -05:00
Rob Winch ce5eec8761 Update to Jackson 2.9.6
Fixes: gh-5424
2018-06-12 16:47:30 -05:00
Rob Winch 86e03b3fb4 Update to Spring Boot 2.0.2.RELEASE
Fixes: gh-5423
2018-06-12 16:47:26 -05:00
Rob Winch c909264b31 Update GAE to 1.9.64
Fixes: gh-5422
2018-06-12 16:47:21 -05:00
Rob Winch f52ab9a146 Update to Reactor Bismuth SR10
Fixes: gh-5421
2018-06-12 16:47:06 -05:00
Rob Winch ad2cb501b8 Add cross references to ReactorContextTestExecutionListener
Fixes: gh-5418
2018-06-11 17:16:15 -05:00
Rob Winch 8659a4b555 Add UserDetailsRepositoryReactiveAuthenticationManager.setScheduler
Fixes: gh-5417
2018-06-11 14:30:11 -05:00
Joe Grandja e04b29426b DefaultLoginPageGeneratingFilter escapes OAuth2 ClientRegistrations
Fixes gh-5394
2018-05-29 09:53:31 -04:00
Josh Cummings 350d434e28 Next Development Version 2018-05-08 09:25:49 -06:00
Josh Cummings bbfc3d2b4b Release 5.0.5.RELEASE 2018-05-08 09:22:58 -06:00
Rob Winch a7e4f36dbe Update to Spring Data Kay SR7
Fixes: gh-5318
2018-05-08 09:04:23 -05:00
Rob Winch e61aafe115 Update to Reactor Bismuth SR9
Fixes: gh-5319
2018-05-08 09:04:05 -05:00
Rob Winch ff95388ce1 Update to Spring 5.0.6
Fixes: gh-5290
2018-05-08 08:34:35 -05:00
Rob Winch 545228cf8d Documentation typo fixes
Fixes: gh-5317
2018-05-07 16:48:03 -05:00
Denys Ivano 7b8fa90d96 Add accessDeniedHandler method to ExceptionHandlingSpec
This allows to configure accessDeniedHandler in ExceptionTranslationWebFilter through ServerHttpSecurity.

Issue: gh-5257
2018-05-07 16:23:32 -05:00
Alexander Münch c30e218f1f Avoid unnecessary grow of ArrayList
Adapted ArrayList size in CacheControlHeadersWriter::createHeaders()

Fixes: gh-5310
2018-05-04 14:43:17 -05:00
XYUU 70d284865f DefaultLoginPageGeneratingFilter should calculate ContentLength using UTF-8
Fixes: gh-5309
2018-05-04 14:43:17 -05:00
Johnny Lim a4b5523063 Fix 'attributes' deprecation warning in spring-security-docs-guides
Fixes: gh-5308
2018-05-04 14:13:44 -05:00
Kazuki Shimizu 8883ec17e5 Fix JdbcDaoImpl Javadoc
Fix incorrect explanation for customizing query on JdbcDaoImpl

Issue: gh-5306
2018-05-04 10:48:55 -05:00
Joe Grandja f524da3edc Add test NimbusUserInfoResponseClient sets Accept header to JSON
Issue gh-5294
2018-05-03 20:23:03 -04:00
Joe Grandja e1e464387e NimbusUserInfoResponseClient sets Accept header to JSON
Fixes gh-5294
2018-05-03 20:22:47 -04:00
Rob Winch a5dc48f9d9 Improve PasswordEncoder deprecated notices
Fixes: gh-5296
2018-05-03 15:13:20 -05:00
Rob Winch 9b722a9c85 Update to Spring Framework 5.0.6.BUILD-SNAPSHOT
Issue: gh-5290
2018-05-03 11:01:37 -05:00
Rob Winch 884a4e46df Update to selenium 3.11.0
Fixes: gh-5289
2018-05-03 11:01:37 -05:00
Rob Winch 01c2d57d46 Update to mockito-core:2.18.3
Fixes: gh-5284
2018-05-03 11:01:37 -05:00
Rob Winch c9e42ce756 Update to htmlunit:2.30
Fixes: gh-5283
2018-05-03 11:01:37 -05:00
Rob Winch 9b0b933736 Update to aspectj 1.9.1
Fixes: gh-5282
2018-05-03 11:01:37 -05:00
Rob Winch 0169b8746b Update to javax.servlet-api:4.0.1
Fixes: gh-5281
2018-05-03 11:01:37 -05:00
Rob Winch 25a87051a6 Update to oauth2-oidc-sdk:5.61
Fixes: gh-5280
2018-05-03 11:01:37 -05:00
Rob Winch 7edf9fc6c8 Update to nimbus-jose-jwt:5.10
Fixes: gh-5279
2018-05-03 11:01:37 -05:00
Rob Winch a06f1e3936 Update Spring Boot 2.0.1.RELEASE
Fixes: gh-5278
2018-05-03 11:01:37 -05:00
Rob Winch b296d2eaa5 Update GAE 1.9.63
Fixes: gh-5277
2018-05-03 11:01:37 -05:00
Rob Winch 11a8c76991 Add update-dependencies.sh
Fixes: gh-5276
2018-05-03 11:01:37 -05:00
Rob Winch 2f441f18e6 Make MIN_SPRING_VERSION Dynamic
Fixes: gh-5065

# Conflicts:
#	core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
2018-05-03 11:01:27 -05:00
Joe Grandja a7de1e363f OAuth2LoginAuthenticationFilter should handle null ClientRegistration
Fixes gh-5251
2018-05-02 20:31:59 -04:00
Rob Winch 32f5fb5eb2 ExceptionTranslationFilter does not handle committed responses
Fixes: gh-5273
2018-04-30 16:50:02 -05:00
Rob Winch f7f6798f71 DefaultWebSecurityExpressionHandler uses PermissionEvaluator Bean
The default instance of DefaultWebSecurityExpressionHandler uses the
PermissionEvaluator Bean by default.

Fixes: gh-5272
2018-04-30 12:16:34 -05:00
Joe Grandja 0b72f93027 WebSecurityConfigurationTests groovy->java
Issue: gh-4939
2018-04-30 11:43:30 -05:00
Rob Winch 5b751baf61 Fixes: gh-5190 2018-04-16 17:52:55 -05:00
Joe Grandja ec9ab1965a Next Development Version 2018-04-04 13:36:28 -04:00
Joe Grandja 30aede82da Release 5.0.4.RELEASE 2018-04-04 13:03:55 -04:00
Joe Grandja 2686452b99 Update to aspectjtools:1.9.0
Fixes gh-5211
2018-04-04 13:00:46 -04:00
Joe Grandja 7e470ff5bd Update to aspectjrt:1.9.0
Fixes gh-5210
2018-04-04 12:59:09 -04:00
Joe Grandja df6a6e5991 Update to Reactor Bismuth SR8
Fixes gh-5209
2018-04-04 12:53:54 -04:00
Joe Grandja 1500a22439 Update to Spring Data Kay SR6
Fixes gh-5167
2018-04-04 10:31:04 -04:00
Joe Grandja 64cb256bb9 Update to Spring Framework 5.0.5
Fixes gh-5166
2018-04-04 10:27:43 -04:00
Joe Grandja e6d68acfd6 Fix NPE with exp claim in NimbusJwtDecoderJwkSupport
Fixes gh-5168
2018-04-04 09:02:05 -04:00
Joe Grandja bc2a7ac394 ClaimAccessor.getClaimAsInstant() converts Long or Date
Fixes gh-5191, Fixes gh-5192
2018-04-04 04:57:36 -04:00
Joe Grandja 55019b2f0b Fix SecuredAnnotationSecurityMetadataSourceTests -> Related SPR-16677 2018-04-03 11:16:50 -04:00
Rob Winch 151b545ed0 Polish Javadoc
Fixes: gh-5186
2018-03-29 15:33:31 -05:00
Rob Winch c67ce144b9 Polish HeadersSpec
Fixes: gh-5187
2018-03-29 15:33:31 -05:00
Rob Winch 6729c39905 Fix JDK 9
Issue: gh-5160
2018-03-28 15:00:41 -05:00
Rob Winch 197439f9e1 Update to mockito 2.17.0
Fixes: gh-5181
2018-03-28 14:42:43 -05:00
Rob Winch 70a11267fa Update to hibernate-validator:6.0.9.Final
Fixes: gh-5180
2018-03-28 14:42:35 -05:00
Rob Winch 4e0c165d47 Update to hibernate-entitymanager:5.2.16.Final
Fixes: gh-5178
2018-03-28 14:42:09 -05:00
Rob Winch 93844b1823 Update to assertj 2.9.1
Fixes: gh-5177
2018-03-28 14:32:49 -05:00
Rob Winch a30b3321c4 Update to thymeleaf-layout-dialect:2.3.0
Fixes: gh-5176
2018-03-28 14:32:30 -05:00
Rob Winch ffb8c1978a Update to unbounded 4.0.5
Fixes: gh-5175
2018-03-28 14:32:13 -05:00
Rob Winch 4722ab21bf Update to oauth2-oidc-sdk:5.57
Fixes: gh-5179
2018-03-28 14:32:07 -05:00
Rob Winch 335735e227 Update to nimbus-jose-jwt:5.9
Fixes: gh-5174
2018-03-28 14:31:47 -05:00
Rob Winch 501269a51f Update to appengine 1.9.63
Fixes: gh-5173
2018-03-28 14:30:57 -05:00
Rob Winch 6b58218256 Update to Jackson 2.9.5
Fixes: gh-5172
2018-03-28 14:30:48 -05:00
Rob Winch de1137fc5e Update mockwebserver 3.10.0
Fixes: gh-5171
2018-03-28 14:30:36 -05:00
Rob Winch e68657216c Fixes for SPR-16624
Fixes: gh-5165
2018-03-27 22:36:03 -05:00
Rob Winch bfada59a1e CookieClearingLogoutHandler adds uses contextPath + "/"
Fixes: gh-5140
2018-03-19 16:50:48 -05:00
Rob Winch bc17860cb6 Fix ReactorContextTestExecutionListener with custom SecurityContext
Fixes: gh-5139
2018-03-19 09:33:34 -05:00
Oleh Dokuka 5e351a4f75 ReactorContextTestExecutionListener with multiple Threads
Fixes: gh-5138
2018-03-19 09:32:36 -05:00
Rob Winch 0458ca88e6 Relax assertions in HeaderSpecTests
Fixes: gh-5117
2018-03-15 08:31:21 -05:00
Rob Winch a7a71d6cef Fix @since on GlobalAuthenticationConfigurerAdapter
Fixes: gh-5109
2018-03-13 14:25:40 -05:00
Josh Cummings a7f180b2c7 Authorities authenticate TestingAuthenticationToken
In other extensions of `AbstractAuthenticationToken`, the constructors
that include `authorities` call `setAuthenticated(true)`. This includes
`PreAuthenticated`-, `UsernamePassword`-, and
`RememberMeAuthenticationToken`.

This change brings `TestingAuthenticationToken` in line with that
convention.

Note that this was done once already to one of the constructors
(ee13be4) in `TestingAuthenticationToken` that takes an arity of
`authorities`. It was not propagated to the constructor that takes a
collection, which is what this commit remedies.

Fixes: gh-5098
2018-03-09 13:26:36 -06:00
Josh Cummings 87f266133b Update to Spring Boot 2.0.0.RELEASE
Fixes: gh-5091
2018-03-09 09:45:20 -06:00
Rob Winch 8f8deac0f4 Fix StrictHttpFirewall rules
Fixes: gh-5092
2018-03-08 21:29:31 -06:00
Vedran Pavic 9830d01acc Upgrade Nimbus JOSE + JWT to 5.6
Fixes: gh-5089
2018-03-08 16:43:05 -06:00
Vedran Pavic d8fea5c6f1 Upgrade Nimbus OAuth + OIDC SDK to 5.56
Fixes: gh-5088
2018-03-08 16:42:54 -06:00
Rob Winch 4d410b0b61 Polish Javadoc HttpStatusServerAccessDeniedHandler 2018-03-07 12:34:15 -06:00
Rob Winch 24a4fbfe56 HttpStatusServerAccessDeniedHandler use injected HttpStatus
Fixes: gh-5078
2018-03-07 12:28:45 -06:00
Josh Cummings d5d1c30d1d Update to Gradle 4.6
Only thing of interest really is that the Jacoco Gradle plugin was bumped
to 0.8.0, which requires org.ow2.asm:asm:6.0.

Fixes: gh-5077
2018-03-06 20:27:31 -06:00
3478 changed files with 41133 additions and 168776 deletions
+6 -11
View File
@@ -1,22 +1,17 @@
# EditorConfig for Spring Security
# see https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md#mind-the-whitespace
# top-most EditorConfig file
root = true
# Unix-style newlines with a newline ending every file
[*]
end_of_line = lf
trim_trailing_whitespace = true
insert_final_newline = true
max_line_length = 120
charset = latin1
[*.{java,xml}]
# 4 tabs indentation
indent_style = tab
indent_size = 4
charset = utf-8
continuation_indent_size = 8
tab_width = 4
ij_smart_tabs = false
ij_java_align_multiline_parameters = false
[*.gradle]
indent_style = tab
trim_trailing_whitespace = true
-10
View File
@@ -1,10 +0,0 @@
### Complete and Minimal Sample
It would be very helpful if you could provide a complete and minimal sample that reproduces the issue and share it via a GitHub repository. This will allow us to efficiently troubleshoot and help resolve the issue. The sample should contain the minimum amount of code to reproduce the issue along with detailed steps on how to reproduce. Please see the following references for what a complete and minimal sample should consist of.
- https://stackoverflow.com/help/mcve
### Post questions on StackOverflow not GitHub
Thanks for getting in touch, but it feels like this is a question that would be better suited to [Stack Overflow](https://stackoverflow.com/). As mentioned in [the guidelines for contributing](https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md#using-github-issues), we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.
-4
View File
@@ -1,7 +1,3 @@
<!--
For Security Vulnerabilities, please use https://pivotal.io/security#reporting
-->
### Summary
<!--
+1 -7
View File
@@ -1,9 +1,3 @@
<!--
For Security Vulnerabilities, please use https://pivotal.io/security#reporting
-->
<!--
Before creating new features, we recommend creating an issue to discuss the feature. This ensures that everyone is on the same page before extensive work is done.
Thanks for contributing to Spring Security. Please provide a brief description of your pull-request and reference any related issue numbers (prefix references with gh-).
Thanks for contributing to Spring Security. Please provide a brief description of your pull-request and reference any related issue numbers (prefix references with #).
-->
+1 -5
View File
@@ -8,7 +8,7 @@ target/
.project
.DS_Store
.settings/
.idea/*
.idea/
out/
bin/
intellij/
@@ -23,7 +23,3 @@ atlassian-ide-plugin.xml
!etc/eclipse/.checkstyle
.checkstyle
s101plugin.state
.attach_pid*
!.idea/checkstyle-idea.xml
!.idea/externalDependencies.xml
-19
View File
@@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="CheckStyle-IDEA">
<option name="configuration">
<map>
<entry key="active-configuration" value="PROJECT_RELATIVE:$PROJECT_DIR$/etc/checkstyle/checkstyle.xml:spring-security" />
<entry key="checkstyle-version" value="8.14" />
<entry key="copy-libs" value="false" />
<entry key="location-0" value="BUNDLED:(bundled):Sun Checks" />
<entry key="location-1" value="BUNDLED:(bundled):Google Checks" />
<entry key="location-2" value="PROJECT_RELATIVE:$PROJECT_DIR$/etc/checkstyle/checkstyle.xml:spring-security" />
<entry key="property-2.config_loc" value="$PROJECT_DIR$/etc/checkstyle" />
<entry key="scan-before-checkin" value="false" />
<entry key="scanscope" value="JavaOnlyWithTests" />
<entry key="suppress-errors" value="false" />
</map>
</option>
</component>
</project>
-7
View File
@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ExternalDependencies">
<plugin id="CheckStyle-IDEA" />
<plugin id="org.jetbrains.plugins.gradle" />
</component>
</project>
+16
View File
@@ -0,0 +1,16 @@
language: java
jdk:
- oraclejdk8
os:
- linux
before_cache:
- rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
cache:
directories:
- $HOME/.gradle/caches/
- $HOME/.gradle/wrapper/
script: ./gradlew build --refresh-dependencies --no-daemon --continue
+2 -2
View File
@@ -40,5 +40,5 @@ appropriate to the circumstances. Maintainers are obligated to maintain confiden
with regard to the reporter of an incident.
This Code of Conduct is adapted from the
https://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
https://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]
http://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
http://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]
+10 -23
View File
@@ -8,11 +8,11 @@ By participating, you are expected to uphold this code. Please report unaccepta
# Similar but different
Each Spring module is slightly different than another in terms of team size, number of issues, etc. Therefore each project is managed slightly different. You will notice that this document is very similar to the [Spring Framework Contributor guidelines](https://github.com/spring-projects/spring-framework/wiki/Contributor-guidelines). However, there are some subtle differences between the two documents, so please be sure to read this document thoroughly.
Each Spring module is slightly different than another in terms of team size, number of issues, etc. Therefore each project is managed slightly different. You will notice that this document is very similar to the [Spring Framework Contributor guidelines](https://github.com/SpringSource/spring-framework/wiki/Contributor-guidelines). However, there are some subtle differences between the two documents, so please be sure to read this document thoroughly.
# Importing into IDE
The following provides information on setting up a development environment that can run the sample in [Spring Tool Suite 3.6.0+](https://www.springsource.org/sts). Other IDE's should work using Gradle's IDE support, but have not been tested.
The following provides information on setting up a development environment that can run the sample in [Spring Tool Suite 3.6.0+](http://www.springsource.org/sts). Other IDE's should work using Gradle's IDE support, but have not been tested.
* IDE Setup
* Install Spring Tool Suite 3.6.0+
@@ -25,7 +25,7 @@ The following provides information on setting up a development environment that
As of new versions of Spring Tool Suite, you might need to install Groovy Eclipse pointing directly to the updates plugin location. To install Groovy Eclipse on Spring Tool Suite based on Eclipse Oxigen you must do the following steps:
Help->Install New Software...->Add the following URL into _Work with_ field:
https://dist.springsource.org/snapshot/GRECLIPSE/e4.7/
http://dist.springsource.org/snapshot/GRECLIPSE/e4.7/
# Understand the basics
Not sure what a pull request is, or how to submit one? Take a look at GitHub's excellent [help documentation first](https://help.github.com/articles/using-pull-requests).
@@ -33,18 +33,6 @@ Not sure what a pull request is, or how to submit one? Take a look at GitHub's e
# Search GitHub issues; create an issue if necessary
Is there already an issue that addresses your concern? Do a bit of searching in our [GitHub issues ](https://github.com/spring-projects/spring-security/issues) to see if you can find something similar. If not, please create a new issue before submitting a pull request unless the change is not a user facing issue.
# Using GitHub Issues
We use GitHub issues to track bugs and enhancements.
If you have a general usage question please ask on [Stack Overflow](https://stackoverflow.com).
The Spring Security team and the broader community monitor the [`spring-security`](https://stackoverflow.com/tags/spring-security) tag.
If you are reporting a bug, please help to speed up problem diagnosis by providing as much
information as possible. Ideally, that would include a small
[sample project](https://github.com/spring-projects/spring-boot-issues) that reproduces the
problem.
# Discuss non-trivial contribution ideas with committers
If you're considering anything more than correcting a typo or fixing a minor bug, please discuss it on the [Spring Security Gitter](https://gitter.im/spring-projects/spring-security) before submitting a pull request. We're happy to provide guidance but please spend an hour or two researching the subject on your own including searching the forums for prior discussions.
@@ -59,7 +47,7 @@ Create your topic branch to be submitted as a pull request from master. The Spri
# Use short branch names
Branches used when submitting pull requests should preferably be named according to GitHub issues, e.g. 'gh-1234' or 'gh-1234-fix-npe'. Otherwise, use succinct, lower-case, dash (-) delimited names, such as 'fix-warnings', 'fix-typo', etc. This is important, because branch names show up in the merge commits that result from accepting pull requests, and should be as expressive and concise as possible.
# Keep commits focused
#Keep commits focused
Remember each ticket should be focused on a single item of interest since the tickets are used to produce the changelog. Since each commit should be tied to a single GitHub issue, ensure that your commits are focused. For example, do not include an update to a transitive library in your commit unless the GitHub is to update the library. Reviewing your commits is essential before sending a pull request.
@@ -72,12 +60,12 @@ Please carefully follow the whitespace and formatting conventions already presen
1. Aim to wrap code at 120 characters, but favor readability over wrapping
1. Preserve existing formatting; i.e. do not reformat code for its own sake
1. Search the codebase using git grep and other tools to discover common naming conventions, etc.
1. UTF-8 encoding for Java sources
1. Latin-1 (ISO-8859-1) encoding for Java sources; use native2ascii to convert if necessary
Whitespace management tips
1. You can use the [AnyEdit Eclipse plugin](https://marketplace.eclipse.org/content/anyedit-tools) to ensure spaces are used and to clean up trailing whitespaces.
1. Use git's pre-commit.sample hook to prevent invalid whitespace from being pushed out. You can enable it by moving ~/spring-security/.git/hooks/pre-commit.sample to ~/spring-security/.git/hooks/pre-commit and ensuring it is executable. For more information on hooks refer to [Pro Git's Pre-Commit Hook's section](https://git-scm.com/book/cs/ch7-3.html)
1. You can use the [AnyEdit Eclipse plugin](http://marketplace.eclipse.org/content/anyedit-tools) to ensure spaces are used and to clean up trailing whitespaces.
1. Use git's pre-commit.sample hook to prevent invalid whitespace from being pushed out. You can enable it by moving ~/spring-security/.git/hooks/pre-commit.sample to ~/spring-security/.git/hooks/pre-commit and ensuring it is executable. For more information on hooks refer to [Pro Git's Pre-Commit Hook's section](http://git-scm.com/book/cs/ch7-3.html)
# Add Apache license header to all new classes
@@ -89,7 +77,7 @@ Whitespace management tips
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -128,7 +116,7 @@ Search the codebase to find related unit tests and add additional `@Test` method
2. New test methods should not start with test. This is an old JUnit3 convention and is not necessary since the method is annotated with @Test.
# Update spring-security-x.y.rnc for schema changes
Update the [RELAX NG](https://relaxng.org/) schema `spring-security-x.y.rnc` instead of `spring-security-x.y.xsd` if you contribute changes to supported XML configuration. The XML schema file can be generated the following Gradle task:
Update the [RELAX NG](http://www.relaxng.org) schema `spring-security-x.y.rnc` instead of `spring-security-x.y.xsd` if you contribute changes to supported XML configuration. The XML schema file can be generated the following Gradle task:
<pre>
./gradlew spring-security-config:rncToXsd
@@ -137,7 +125,7 @@ Update the [RELAX NG](https://relaxng.org/) schema `spring-security-x.y.rnc` ins
Changes to the XML schema will be overwritten by the Gradle build task.
# Squash commits
Use `git rebase --interactive`, `git add --patch` and other tools to "squash" multiple commits into atomic changes. In addition to the man pages for git, there are many resources online to help you understand how these tools work. Here from the [Git SCM Book](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History).
Use git rebase --interactive, git add --patch and other tools to "squash" multiple commits into atomic changes. In addition to the man pages for git, there are many resources online to help you understand how these tools work. Here is one: http://book.git-scm.com/4_interactive_rebasing.html.
# Use real name in git commits
Please configure git to use your real first and last name for any commits you intend to submit as pull requests. For example, this is not acceptable:
@@ -192,7 +180,6 @@ Fixes gh-123
2. Do not end the subject line with a period
3. In the body of the commit message, explain how things worked before this commit, what has changed, and how things work now
3. Include Fixes gh-<issue-number> at the end if this fixes a GitHub issue
5. Avoid markdown, including back-ticks identifying code
# Run all tests prior to submission
Vendored
+119
View File
@@ -0,0 +1,119 @@
def projectProperties = [
[$class: 'BuildDiscarderProperty',
strategy: [$class: 'LogRotator', numToKeepStr: '5']],
pipelineTriggers([cron('@daily')])
]
properties(projectProperties)
def SUCCESS = hudson.model.Result.SUCCESS.toString()
currentBuild.result = SUCCESS
try {
parallel check: {
stage('Check') {
node {
checkout scm
try {
sh "./gradlew clean check --refresh-dependencies --no-daemon --stacktrace"
} catch(Exception e) {
currentBuild.result = 'FAILED: check'
throw e
} finally {
junit '**/build/*-results/*.xml'
}
}
}
},
sonar: {
stage('Sonar') {
node {
checkout scm
withCredentials([string(credentialsId: 'spring-sonar.login', variable: 'SONAR_LOGIN')]) {
try {
sh "./gradlew clean sonarqube -PexcludeProjects='**/samples/**' -Dsonar.host.url=$SPRING_SONAR_HOST_URL -Dsonar.login=$SONAR_LOGIN --refresh-dependencies --no-daemon --stacktrace"
} catch(Exception e) {
currentBuild.result = 'FAILED: sonar'
throw e
}
}
}
}
},
springio: {
stage('Spring IO') {
node {
checkout scm
try {
sh "./gradlew clean springIoCheck -PplatformVersion=Cairo-BUILD-SNAPSHOT -PexcludeProjects='**/samples/**' --refresh-dependencies --no-daemon --stacktrace"
} catch(Exception e) {
currentBuild.result = 'FAILED: springio'
throw e
} finally {
junit '**/build/spring-io*-results/*.xml'
}
}
}
}
if(currentBuild.result == 'SUCCESS') {
parallel artifacts: {
stage('Deploy Artifacts') {
node {
checkout scm
withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
sh "./gradlew deployArtifacts finalizeDeployArtifacts -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password='$SIGNING_PASSWORD' -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --refresh-dependencies --no-daemon --stacktrace"
}
}
}
}
}
}
},
docs: {
stage('Deploy Docs') {
node {
checkout scm
withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
sh "./gradlew deployDocs -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME --refresh-dependencies --no-daemon --stacktrace"
}
}
}
},
schema: {
stage('Deploy Schema') {
node {
checkout scm
withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
sh "./gradlew deploySchema -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME --refresh-dependencies --no-daemon --stacktrace"
}
}
}
}
}
} finally {
def buildStatus = currentBuild.result
def buildNotSuccess = !SUCCESS.equals(buildStatus)
def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result)
if(buildNotSuccess || lastBuildNotSuccess) {
stage('Notifiy') {
node {
final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}"
def details = """The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"""
emailext (
subject: subject,
body: details,
recipientProviders: RECIPIENTS,
to: "$SPRING_SECURITY_TEAM_EMAILS"
)
}
}
}
}
+13 -17
View File
@@ -1,17 +1,13 @@
image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge]
[NOTE]
======
This branch of Spring Security has reached its https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions#supported-versions[End of Life], meaning that there are no further maintenance releases or security patches planned.
Please migrate to a supported branch as soon as possible.
======
image:https://travis-ci.org/spring-projects/spring-security.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-security"]
= Spring Security
Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
Spring Security provides security services for the http://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
a minimum and also requires Java 8.
For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].
For a detailed list of features and access to the latest release, please visit http://spring.io/projects[Spring projects].
== Code of Conduct
This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
@@ -21,19 +17,19 @@ By participating, you are expected to uphold this code. Please report unaccepta
See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.
== Documentation
Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation].
Be sure to read the http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
Extensive JavaDoc for the Spring Security code is also available in the http://docs.spring.io/spring-security/site/docs/current/apidocs/[Spring Security API Documentation].
== Quick Start
See https://docs.spring.io/spring-security/site/docs/5.2.x/reference/html5/#servlet-hello[Hello Spring Security] to get started with a "Hello, World" application.
We recommend you visit http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference] and read the "Getting Started" page.
== Building from Source
Spring Security uses a https://gradle.org[Gradle]-based build system.
In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
Spring Security uses a http://gradle.org[Gradle]-based build system.
In the instructions below, http://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
a cross-platform, self-contained bootstrap mechanism for the build.
=== Prerequisites
https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].
http://help.github.com/set-up-git-redirect[Git] and the http://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].
Be sure that your `JAVA_HOME` environment variable points to the `jdk1.8.0` folder extracted from the JDK download.
@@ -59,12 +55,12 @@ Discover more commands with `./gradlew tasks`.
See also the https://github.com/spring-projects/spring-framework/wiki/Gradle-build-and-release-FAQ[Gradle build and release FAQ].
== Getting Support
Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
https://spring.io/services[Commercial support] is available too.
Check out the http://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
http://spring.io/services[Commercial support] is available too.
== Contributing
https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md[contributor guidelines] for details.
http://help.github.com/send-pull-requests[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md[contributor guidelines] for details.
== License
Spring Security is Open Source software released under the
https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].
http://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -127,7 +127,8 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
List<Permission> resolvePermission(Object permission) {
if (permission instanceof Integer) {
return Arrays.asList(permissionFactory.buildFromMask((Integer) permission));
return Arrays.asList(permissionFactory.buildFromMask(((Integer) permission)
.intValue()));
}
if (permission instanceof Permission) {
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -1,11 +1,11 @@
/*
* Copyright 2002-2016 the original author or authors.
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -131,9 +131,10 @@ public class AccessControlEntryImpl implements AccessControlEntry,
@Override
public int hashCode() {
int result = this.permission.hashCode();
int result = this.acl.hashCode();
result = 31 * result + this.permission.hashCode();
result = 31 * result + (this.id != null ? this.id.hashCode() : 0);
result = 31 * result + (this.sid.hashCode());
result = 31 * result + this.sid.hashCode();
result = 31 * result + (this.auditFailure ? 1 : 0);
result = 31 * result + (this.auditSuccess ? 1 : 0);
result = 31 * result + (this.granting ? 1 : 0);
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -92,11 +92,11 @@ public abstract class AclFormattingUtils {
*/
public static String printBinary(int mask, char code) {
Assert.doesNotContain(Character.toString(code),
Character.toString(Permission.RESERVED_ON),
() -> Permission.RESERVED_ON + " is a reserved character code");
Character.toString(Permission.RESERVED_ON), Permission.RESERVED_ON
+ " is a reserved character code");
Assert.doesNotContain(Character.toString(code),
Character.toString(Permission.RESERVED_OFF),
() -> Permission.RESERVED_OFF + " is a reserved character code");
Character.toString(Permission.RESERVED_OFF), Permission.RESERVED_OFF
+ " is a reserved character code");
return printBinary(mask, Permission.RESERVED_ON, Permission.RESERVED_OFF)
.replace(Permission.RESERVED_ON, code);
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -1,11 +1,11 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -100,13 +100,13 @@ public class DefaultPermissionFactory implements PermissionFactory {
Assert.notNull(perm, "Permission required");
Assert.hasText(permissionName, "Permission name required");
Integer mask = perm.getMask();
Integer mask = Integer.valueOf(perm.getMask());
// Ensure no existing Permission uses this integer or code
Assert.isTrue(!registeredPermissionsByInteger.containsKey(mask),
() -> "An existing Permission already provides mask " + mask);
"An existing Permission already provides mask " + mask);
Assert.isTrue(!registeredPermissionsByName.containsKey(permissionName),
() -> "An existing Permission already provides name '" + permissionName + "'");
"An existing Permission already provides name '" + permissionName + "'");
// Register the new Permission
registeredPermissionsByInteger.put(mask, perm);
@@ -114,10 +114,10 @@ public class DefaultPermissionFactory implements PermissionFactory {
}
public Permission buildFromMask(int mask) {
if (registeredPermissionsByInteger.containsKey(mask)) {
if (registeredPermissionsByInteger.containsKey(Integer.valueOf(mask))) {
// The requested mask has an exact match against a statically-defined
// Permission, so return it
return registeredPermissionsByInteger.get(mask);
return registeredPermissionsByInteger.get(Integer.valueOf(mask));
}
// To get this far, we have to use a CumulativePermission
@@ -127,7 +127,8 @@ public class DefaultPermissionFactory implements PermissionFactory {
int permissionToCheck = 1 << i;
if ((mask & permissionToCheck) == permissionToCheck) {
Permission p = registeredPermissionsByInteger.get(permissionToCheck);
Permission p = registeredPermissionsByInteger.get(Integer
.valueOf(permissionToCheck));
if (p == null) {
throw new IllegalStateException("Mask '" + permissionToCheck
@@ -1,11 +1,11 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -87,7 +87,7 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
for (AccessControlEntry ace : aces) {
if (isGranted(ace, p)
if ((ace.getPermission().getMask() == p.getMask())
&& ace.getSid().equals(sid)) {
// Found a matching ACE, so its authorization decision will
// prevail
@@ -142,25 +142,4 @@ public class DefaultPermissionGrantingStrategy implements PermissionGrantingStra
}
}
/**
* Compares an ACE Permission to the given Permission.
* By default, we compare the Permission masks for exact match.
* Subclasses of this strategy can override this behavior and implement
* more sophisticated comparisons, e.g. a bitwise comparison for ACEs that grant access.
* <pre>{@code
* if (ace.isGranting() && p.getMask() != 0) {
* return (ace.getPermission().getMask() & p.getMask()) != 0;
* } else {
* return ace.getPermission().getMask() == p.getMask();
* }
* }</pre>
*
* @param ace the ACE from the Acl holding the mask.
* @param p the Permission we are checking against.
* @return true, if the respective masks are considered to be equal.
*/
protected boolean isGranted(AccessControlEntry ace, Permission p) {
return ace.getPermission().getMask() == p.getMask();
}
}
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -152,9 +152,11 @@ public class ObjectIdentityImpl implements ObjectIdentity {
*/
@Override
public int hashCode() {
int result = this.type.hashCode();
result = 31 * result + this.identifier.hashCode();
return result;
int code = 31;
code ^= this.type.hashCode();
code ^= this.identifier.hashCode();
return code;
}
@Override
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,6 +17,7 @@ package org.springframework.security.acls.domain;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.Assert;
@@ -48,7 +49,12 @@ public class PrincipalSid implements Sid {
Assert.notNull(authentication, "Authentication required");
Assert.notNull(authentication.getPrincipal(), "Principal required");
this.principal = authentication.getName();
if (authentication.getPrincipal() instanceof UserDetails) {
this.principal = ((UserDetails) authentication.getPrincipal()).getUsername();
}
else {
this.principal = authentication.getPrincipal().toString();
}
}
// ~ Methods
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -1,11 +1,11 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -18,17 +18,11 @@ package org.springframework.security.acls.jdbc;
import java.io.Serializable;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.UUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.convert.ConversionFailedException;
import org.springframework.core.convert.ConversionService;
import org.springframework.core.convert.TypeDescriptor;
import org.springframework.core.convert.converter.Converter;
import org.springframework.core.convert.support.GenericConversionService;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.util.Assert;
/**
* Utility class for helping convert database representations of {@link ObjectIdentity#getIdentifier()} into
@@ -41,16 +35,7 @@ class AclClassIdUtils {
private ConversionService conversionService;
AclClassIdUtils() {
GenericConversionService genericConversionService = new GenericConversionService();
genericConversionService.addConverter(String.class, Long.class, new StringToLongConverter());
genericConversionService.addConverter(String.class, UUID.class, new StringToUUIDConverter());
this.conversionService = genericConversionService;
}
AclClassIdUtils(ConversionService conversionService) {
Assert.notNull(conversionService, "conversionService must not be null");
this.conversionService = conversionService;
public AclClassIdUtils() {
}
/**
@@ -74,7 +59,7 @@ class AclClassIdUtils {
return identifier;
}
private boolean hasValidClassIdType(ResultSet resultSet) {
private boolean hasValidClassIdType(ResultSet resultSet) throws SQLException {
boolean hasClassIdType = false;
try {
hasClassIdType = classIdTypeFrom(resultSet) != null;
@@ -101,13 +86,17 @@ class AclClassIdUtils {
}
private <T> boolean canConvertFromStringTo(Class<T> targetType) {
return conversionService.canConvert(String.class, targetType);
return hasConversionService() && conversionService.canConvert(String.class, targetType);
}
private <T extends Serializable> T convertFromStringTo(String identifier, Class<T> targetType) {
return conversionService.convert(identifier, targetType);
}
private boolean hasConversionService() {
return conversionService != null;
}
/**
* Converts to a {@link Long}, attempting to use the {@link ConversionService} if available.
* @param identifier The identifier
@@ -118,7 +107,7 @@ class AclClassIdUtils {
*/
private Long convertToLong(Serializable identifier) {
Long idAsLong;
if (conversionService.canConvert(identifier.getClass(), Long.class)) {
if (hasConversionService()) {
idAsLong = conversionService.convert(identifier, Long.class);
} else {
idAsLong = Long.valueOf(identifier.toString());
@@ -131,31 +120,6 @@ class AclClassIdUtils {
}
public void setConversionService(ConversionService conversionService) {
Assert.notNull(conversionService, "conversionService must not be null");
this.conversionService = conversionService;
}
private static class StringToLongConverter implements Converter<String, Long> {
@Override
public Long convert(String identifierAsString) {
if (identifierAsString == null) {
throw new ConversionFailedException(TypeDescriptor.valueOf(String.class),
TypeDescriptor.valueOf(Long.class), null, null);
}
return Long.parseLong(identifierAsString);
}
}
private static class StringToUUIDConverter implements Converter<String, UUID> {
@Override
public UUID convert(String identifierAsString) {
if (identifierAsString == null) {
throw new ConversionFailedException(TypeDescriptor.valueOf(String.class),
TypeDescriptor.valueOf(UUID.class), null, null);
}
return UUID.fromString(identifierAsString);
}
}
}
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,6 +17,7 @@ package org.springframework.security.acls.jdbc;
import java.io.Serializable;
import java.lang.reflect.Field;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
@@ -30,8 +31,8 @@ import java.util.Set;
import javax.sql.DataSource;
import org.springframework.core.convert.ConversionException;
import org.springframework.core.convert.ConversionService;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.PreparedStatementSetter;
import org.springframework.jdbc.core.ResultSetExtractor;
import org.springframework.security.acls.domain.AccessControlEntryImpl;
import org.springframework.security.acls.domain.AclAuthorizationStrategy;
@@ -246,12 +247,14 @@ public class BasicLookupStrategy implements LookupStrategy {
String sql = computeRepeatingSql(lookupPrimaryKeysWhereClause, findNow.size());
Set<Long> parentsToLookup = jdbcTemplate.query(sql,
ps -> {
int i = 0;
new PreparedStatementSetter() {
public void setValues(PreparedStatement ps) throws SQLException {
int i = 0;
for (Long toFind : findNow) {
i++;
ps.setLong(i, toFind);
for (Long toFind : findNow) {
i++;
ps.setLong(i, toFind);
}
}
}, new ProcessResultSet(acls, sids));
@@ -379,20 +382,22 @@ public class BasicLookupStrategy implements LookupStrategy {
objectIdentities.size());
Set<Long> parentsToLookup = jdbcTemplate.query(sql,
ps -> {
int i = 0;
for (ObjectIdentity oid : objectIdentities) {
// Determine prepared statement values for this iteration
String type = oid.getType();
new PreparedStatementSetter() {
public void setValues(PreparedStatement ps) throws SQLException {
int i = 0;
for (ObjectIdentity oid : objectIdentities) {
// Determine prepared statement values for this iteration
String type = oid.getType();
// No need to check for nulls, as guaranteed non-null by
// ObjectIdentity.getIdentifier() interface contract
String identifier = oid.getIdentifier().toString();
// No need to check for nulls, as guaranteed non-null by
// ObjectIdentity.getIdentifier() interface contract
String identifier = oid.getIdentifier().toString();
// Inject values
ps.setString((2 * i) + 1, identifier);
ps.setString((2 * i) + 2, type);
i++;
// Inject values
ps.setString((2 * i) + 1, identifier);
ps.setString((2 * i) + 2, type);
i++;
}
}
}, new ProcessResultSet(acls, sids));
@@ -449,7 +454,7 @@ public class BasicLookupStrategy implements LookupStrategy {
// Now we have the parent (if there is one), create the true AclImpl
AclImpl result = new AclImpl(inputAcl.getObjectIdentity(),
inputAcl.getId(), aclAuthorizationStrategy, grantingStrategy,
(Long) inputAcl.getId(), aclAuthorizationStrategy, grantingStrategy,
parent, null, inputAcl.isEntriesInheriting(), inputAcl.getOwner());
// Copy the "aces" from the input to the destination
@@ -548,8 +553,8 @@ public class BasicLookupStrategy implements LookupStrategy {
}
}
public final void setConversionService(ConversionService conversionService) {
this.aclClassIdUtils = new AclClassIdUtils(conversionService);
public final void setAclClassIdUtils(AclClassIdUtils aclClassIdUtils) {
this.aclClassIdUtils = aclClassIdUtils;
}
// ~ Inner Classes
@@ -559,7 +564,7 @@ public class BasicLookupStrategy implements LookupStrategy {
private final Map<Serializable, Acl> acls;
private final List<Sid> sids;
ProcessResultSet(Map<Serializable, Acl> acls, List<Sid> sids) {
public ProcessResultSet(Map<Serializable, Acl> acls, List<Sid> sids) {
Assert.notNull(acls, "ACLs cannot be null");
this.acls = acls;
this.sids = sids; // can be null
@@ -587,15 +592,15 @@ public class BasicLookupStrategy implements LookupStrategy {
if (parentId != 0) {
// See if it's already in the "acls"
if (acls.containsKey(parentId)) {
if (acls.containsKey(new Long(parentId))) {
continue; // skip this while iteration
}
// Now try to find it in the cache
MutableAcl cached = aclCache.getFromCache(parentId);
MutableAcl cached = aclCache.getFromCache(new Long(parentId));
if ((cached == null) || !cached.isSidLoaded(sids)) {
parentIdsToLookup.add(parentId);
parentIdsToLookup.add(new Long(parentId));
}
else {
// Pop into the acls map, so our convert method doesn't
@@ -621,7 +626,7 @@ public class BasicLookupStrategy implements LookupStrategy {
*/
private void convertCurrentResultIntoObject(Map<Serializable, Acl> acls,
ResultSet rs) throws SQLException {
Long id = rs.getLong("acl_id");
Long id = new Long(rs.getLong("acl_id"));
// If we already have an ACL for this ID, just create the ACE
Acl acl = acls.get(id);
@@ -639,7 +644,7 @@ public class BasicLookupStrategy implements LookupStrategy {
long parentAclId = rs.getLong("parent_object");
if (parentAclId != 0) {
parentAcl = new StubAclParent(parentAclId);
parentAcl = new StubAclParent(Long.valueOf(parentAclId));
}
boolean entriesInheriting = rs.getBoolean("entries_inheriting");
@@ -656,7 +661,7 @@ public class BasicLookupStrategy implements LookupStrategy {
// It is permissible to have no ACEs in an ACL (which is detected by a null
// ACE_SID)
if (rs.getString("ace_sid") != null) {
Long aceId = rs.getLong("ace_id");
Long aceId = new Long(rs.getLong("ace_id"));
Sid recipient = createSid(rs.getBoolean("ace_principal"),
rs.getString("ace_sid"));
@@ -683,7 +688,7 @@ public class BasicLookupStrategy implements LookupStrategy {
private static class StubAclParent implements Acl {
private final Long id;
StubAclParent(Long id) {
public StubAclParent(Long id) {
this.id = id;
}
@@ -1,11 +1,11 @@
/*
* Copyright 2004, 2005, 2006, 2017, 2018 Acegi Technology Pty Limited
* Copyright 2004, 2005, 2006, 2017 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,6 +16,8 @@
package org.springframework.security.acls.jdbc;
import java.io.Serializable;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
@@ -24,9 +26,8 @@ import javax.sql.DataSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.convert.ConversionService;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.AclService;
@@ -65,7 +66,7 @@ public class JdbcAclService implements AclService {
// ~ Instance fields
// ================================================================================================
protected final JdbcOperations jdbcOperations;
protected final JdbcTemplate jdbcTemplate;
private final LookupStrategy lookupStrategy;
private boolean aclClassIdSupported;
private String findChildrenSql = DEFAULT_SELECT_ACL_WITH_PARENT_SQL;
@@ -75,13 +76,9 @@ public class JdbcAclService implements AclService {
// ===================================================================================================
public JdbcAclService(DataSource dataSource, LookupStrategy lookupStrategy) {
this(new JdbcTemplate(dataSource), lookupStrategy);
}
public JdbcAclService(JdbcOperations jdbcOperations, LookupStrategy lookupStrategy) {
Assert.notNull(jdbcOperations, "JdbcOperations required");
Assert.notNull(dataSource, "DataSource required");
Assert.notNull(lookupStrategy, "LookupStrategy required");
this.jdbcOperations = jdbcOperations;
this.jdbcTemplate = new JdbcTemplate(dataSource);
this.lookupStrategy = lookupStrategy;
this.aclClassIdUtils = new AclClassIdUtils();
}
@@ -90,13 +87,17 @@ public class JdbcAclService implements AclService {
// ========================================================================================================
public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
Object[] args = { parentIdentity.getIdentifier().toString(), parentIdentity.getType() };
List<ObjectIdentity> objects = jdbcOperations.query(findChildrenSql, args,
(rs, rowNum) -> {
String javaType = rs.getString("class");
Serializable identifier = (Serializable) rs.getObject("obj_id");
identifier = aclClassIdUtils.identifierFrom(identifier, rs);
return new ObjectIdentityImpl(javaType, identifier);
Object[] args = { parentIdentity.getIdentifier(), parentIdentity.getType() };
List<ObjectIdentity> objects = jdbcTemplate.query(findChildrenSql, args,
new RowMapper<ObjectIdentity>() {
public ObjectIdentity mapRow(ResultSet rs, int rowNum)
throws SQLException {
String javaType = rs.getString("class");
Serializable identifier = (Serializable) rs.getObject("obj_id");
identifier = aclClassIdUtils.identifierFrom(identifier, rs);
return new ObjectIdentityImpl(javaType, identifier);
}
});
if (objects.size() == 0) {
@@ -110,9 +111,9 @@ public class JdbcAclService implements AclService {
throws NotFoundException {
Map<ObjectIdentity, Acl> map = readAclsById(Arrays.asList(object), sids);
Assert.isTrue(map.containsKey(object),
() -> "There should have been an Acl entry for ObjectIdentity " + object);
"There should have been an Acl entry for ObjectIdentity " + object);
return map.get(object);
return (Acl) map.get(object);
}
public Acl readAclById(ObjectIdentity object) throws NotFoundException {
@@ -153,7 +154,7 @@ public class JdbcAclService implements AclService {
public void setAclClassIdSupported(boolean aclClassIdSupported) {
this.aclClassIdSupported = aclClassIdSupported;
if (aclClassIdSupported) {
// Change the default children select if it hasn't been overridden
// Change the default insert if it hasn't been overridden
if (this.findChildrenSql.equals(DEFAULT_SELECT_ACL_WITH_PARENT_SQL)) {
this.findChildrenSql = DEFAULT_SELECT_ACL_WITH_PARENT_SQL_WITH_CLASS_ID_TYPE;
} else {
@@ -162,8 +163,8 @@ public class JdbcAclService implements AclService {
}
}
public void setConversionService(ConversionService conversionService) {
this.aclClassIdUtils = new AclClassIdUtils(conversionService);
public void setAclClassIdUtils(AclClassIdUtils aclClassIdUtils) {
this.aclClassIdUtils = aclClassIdUtils;
}
protected boolean isAclClassIdSupported() {
@@ -1,11 +1,11 @@
/*
* Copyright 2004, 2005, 2006, 2017, 2018 Acegi Technology Pty Limited
* Copyright 2004, 2005, 2006, 2017 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -135,7 +135,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
if (acl.getEntries().isEmpty()) {
return;
}
jdbcOperations.batchUpdate(insertEntry, new BatchPreparedStatementSetter() {
jdbcTemplate.batchUpdate(insertEntry, new BatchPreparedStatementSetter() {
public int getBatchSize() {
return acl.getEntries().size();
}
@@ -146,9 +146,10 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
"Unknown ACE class");
AccessControlEntryImpl entry = (AccessControlEntryImpl) entry_;
stmt.setLong(1, (Long) acl.getId());
stmt.setLong(1, ((Long) acl.getId()).longValue());
stmt.setInt(2, i);
stmt.setLong(3, createOrRetrieveSidPrimaryKey(entry.getSid(), true));
stmt.setLong(3, createOrRetrieveSidPrimaryKey(entry.getSid(), true)
.longValue());
stmt.setInt(4, entry.getPermission().getMask());
stmt.setBoolean(5, entry.isGranting());
stmt.setBoolean(6, entry.isAuditSuccess());
@@ -169,7 +170,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
protected void createObjectIdentity(ObjectIdentity object, Sid owner) {
Long sidId = createOrRetrieveSidPrimaryKey(owner, true);
Long classId = createOrRetrieveClassPrimaryKey(object.getType(), true, object.getIdentifier().getClass());
jdbcOperations.update(insertObjectIdentity, classId, object.getIdentifier().toString(), sidId,
jdbcTemplate.update(insertObjectIdentity, classId, object.getIdentifier(), sidId,
Boolean.TRUE);
}
@@ -183,7 +184,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
* @return the primary key or null if not found
*/
protected Long createOrRetrieveClassPrimaryKey(String type, boolean allowCreate, Class idType) {
List<Long> classIds = jdbcOperations.queryForList(selectClassPrimaryKey,
List<Long> classIds = jdbcTemplate.queryForList(selectClassPrimaryKey,
new Object[] { type }, Long.class);
if (!classIds.isEmpty()) {
@@ -192,13 +193,13 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
if (allowCreate) {
if (!isAclClassIdSupported()) {
jdbcOperations.update(insertClass, type);
jdbcTemplate.update(insertClass, type);
} else {
jdbcOperations.update(insertClass, type, idType.getCanonicalName());
jdbcTemplate.update(insertClass, type, idType.getCanonicalName());
}
Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
"Transaction must be running");
return jdbcOperations.queryForObject(classIdentityQuery, Long.class);
return jdbcTemplate.queryForObject(classIdentityQuery, Long.class);
}
return null;
@@ -247,18 +248,18 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
protected Long createOrRetrieveSidPrimaryKey(String sidName, boolean sidIsPrincipal,
boolean allowCreate) {
List<Long> sidIds = jdbcOperations.queryForList(selectSidPrimaryKey, new Object[] {
sidIsPrincipal, sidName }, Long.class);
List<Long> sidIds = jdbcTemplate.queryForList(selectSidPrimaryKey, new Object[] {
Boolean.valueOf(sidIsPrincipal), sidName }, Long.class);
if (!sidIds.isEmpty()) {
return sidIds.get(0);
}
if (allowCreate) {
jdbcOperations.update(insertSid, sidIsPrincipal, sidName);
jdbcTemplate.update(insertSid, Boolean.valueOf(sidIsPrincipal), sidName);
Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
"Transaction must be running");
return jdbcOperations.queryForObject(sidIdentityQuery, Long.class);
return jdbcTemplate.queryForObject(sidIdentityQuery, Long.class);
}
return null;
@@ -310,7 +311,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
* @param oidPrimaryKey the rows in acl_entry to delete
*/
protected void deleteEntries(Long oidPrimaryKey) {
jdbcOperations.update(deleteEntryByObjectIdentityForeignKey, oidPrimaryKey);
jdbcTemplate.update(deleteEntryByObjectIdentityForeignKey, oidPrimaryKey);
}
/**
@@ -324,7 +325,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
*/
protected void deleteObjectIdentity(Long oidPrimaryKey) {
// Delete the acl_object_identity row
jdbcOperations.update(deleteObjectIdentityByPrimaryKey, oidPrimaryKey);
jdbcTemplate.update(deleteObjectIdentityByPrimaryKey, oidPrimaryKey);
}
/**
@@ -338,8 +339,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
*/
protected Long retrieveObjectIdentityPrimaryKey(ObjectIdentity oid) {
try {
return jdbcOperations.queryForObject(selectObjectIdentityPrimaryKey, Long.class,
oid.getType(), oid.getIdentifier().toString());
return jdbcTemplate.queryForObject(selectObjectIdentityPrimaryKey, Long.class,
oid.getType(), oid.getIdentifier());
}
catch (DataAccessException notFound) {
return null;
@@ -408,8 +409,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
Assert.notNull(acl.getOwner(), "Owner is required in this implementation");
Long ownerSid = createOrRetrieveSidPrimaryKey(acl.getOwner(), true);
int count = jdbcOperations.update(updateObjectIdentity, parentId, ownerSid,
acl.isEntriesInheriting(), acl.getId());
int count = jdbcTemplate.update(updateObjectIdentity, parentId, ownerSid,
Boolean.valueOf(acl.isEntriesInheriting()), acl.getId());
if (count != 1) {
throw new NotFoundException("Unable to locate ACL to update");
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -32,7 +32,7 @@ public class AclFormattingUtilsTests {
// ~ Methods
// ========================================================================================================
@Test
public final void testDemergePatternsParametersConstraints() {
public final void testDemergePatternsParametersConstraints() throws Exception {
try {
AclFormattingUtils.demergePatterns(null, "SOME STRING");
fail("It should have thrown IllegalArgumentException");
@@ -63,7 +63,7 @@ public class AclFormattingUtilsTests {
}
@Test
public final void testDemergePatterns() {
public final void testDemergePatterns() throws Exception {
String original = "...........................A...R";
String removeBits = "...............................R";
assertThat(AclFormattingUtils.demergePatterns(original, removeBits)).isEqualTo(
@@ -76,7 +76,7 @@ public class AclFormattingUtilsTests {
}
@Test
public final void testMergePatternsParametersConstraints() {
public final void testMergePatternsParametersConstraints() throws Exception {
try {
AclFormattingUtils.mergePatterns(null, "SOME STRING");
fail("It should have thrown IllegalArgumentException");
@@ -106,7 +106,7 @@ public class AclFormattingUtilsTests {
}
@Test
public final void testMergePatterns() {
public final void testMergePatterns() throws Exception {
String original = "...............................R";
String extraBits = "...........................A....";
assertThat(AclFormattingUtils.mergePatterns(original, extraBits)).isEqualTo(
@@ -119,7 +119,7 @@ public class AclFormattingUtilsTests {
}
@Test
public final void testBinaryPrints() {
public final void testBinaryPrints() throws Exception {
assertThat(AclFormattingUtils.printBinary(15)).isEqualTo(
"............................****");
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -36,7 +36,7 @@ import java.util.List;
public class AclPermissionCacheOptimizerTests {
@Test
public void eagerlyLoadsRequiredAcls() {
public void eagerlyLoadsRequiredAcls() throws Exception {
AclService service = mock(AclService.class);
AclPermissionCacheOptimizer pco = new AclPermissionCacheOptimizer(service);
ObjectIdentityRetrievalStrategy oidStrat = mock(ObjectIdentityRetrievalStrategy.class);
@@ -1,11 +1,11 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -26,6 +26,8 @@ import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.Authentication;
@@ -37,18 +39,18 @@ import org.springframework.security.core.Authentication;
public class AclPermissionEvaluatorTests {
@Test
public void hasPermissionReturnsTrueIfAclGrantsPermission() {
public void hasPermissionReturnsTrueIfAclGrantsPermission() throws Exception {
AclService service = mock(AclService.class);
AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
ObjectIdentity oid = mock(ObjectIdentity.class);
ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
when(oidStrategy.getObjectIdentity(any(Object.class))).thenReturn(oid);
when(oidStrategy.getObjectIdentity(anyObject())).thenReturn(oid);
pe.setObjectIdentityRetrievalStrategy(oidStrategy);
pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
Acl acl = mock(Acl.class);
when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);
when(service.readAclById(any(ObjectIdentity.class), anyListOf(Sid.class))).thenReturn(acl);
when(acl.isGranted(anyListOf(Permission.class), anyListOf(Sid.class), eq(false))).thenReturn(true);
assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "READ")).isTrue();
}
@@ -62,13 +64,13 @@ public class AclPermissionEvaluatorTests {
AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
ObjectIdentity oid = mock(ObjectIdentity.class);
ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
when(oidStrategy.getObjectIdentity(any(Object.class))).thenReturn(oid);
when(oidStrategy.getObjectIdentity(anyObject())).thenReturn(oid);
pe.setObjectIdentityRetrievalStrategy(oidStrategy);
pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
Acl acl = mock(Acl.class);
when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);
when(service.readAclById(any(ObjectIdentity.class), anyListOf(Sid.class))).thenReturn(acl);
when(acl.isGranted(anyListOf(Permission.class), anyListOf(Sid.class), eq(false))).thenReturn(true);
assertThat(pe.hasPermission(mock(Authentication.class), new Object(), "write")).isTrue();
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -37,7 +37,7 @@ import java.util.List;
@SuppressWarnings({ "unchecked" })
public class AclEntryAfterInvocationCollectionFilteringProviderTests {
@Test
public void objectsAreRemovedIfPermissionDenied() {
public void objectsAreRemovedIfPermissionDenied() throws Exception {
AclService service = mock(AclService.class);
Acl acl = mock(Acl.class);
when(acl.isGranted(any(), any(), anyBoolean())).thenReturn(
@@ -63,7 +63,7 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
}
@Test
public void accessIsGrantedIfNoAttributesDefined() {
public void accessIsGrantedIfNoAttributesDefined() throws Exception {
AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider(
mock(AclService.class), Arrays.asList(mock(Permission.class)));
Object returned = new Object();
@@ -75,7 +75,7 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
}
@Test
public void nullReturnObjectIsIgnored() {
public void nullReturnObjectIsIgnored() throws Exception {
AclService service = mock(AclService.class);
AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider(
service, Arrays.asList(mock(Permission.class)));
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -37,7 +37,7 @@ import java.util.List;
public class AclEntryAfterInvocationProviderTests {
@Test(expected = IllegalArgumentException.class)
public void rejectsMissingPermissions() {
public void rejectsMissingPermissions() throws Exception {
try {
new AclEntryAfterInvocationProvider(mock(AclService.class), null);
fail("Exception expected");
@@ -72,7 +72,7 @@ public class AclEntryAfterInvocationProviderTests {
}
@Test
public void accessIsGrantedIfNoAttributesDefined() {
public void accessIsGrantedIfNoAttributesDefined() throws Exception {
AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
mock(AclService.class), Arrays.asList(mock(Permission.class)));
Object returned = new Object();
@@ -85,7 +85,7 @@ public class AclEntryAfterInvocationProviderTests {
}
@Test
public void accessIsGrantedIfObjectTypeNotSupported() {
public void accessIsGrantedIfObjectTypeNotSupported() throws Exception {
AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
mock(AclService.class), Arrays.asList(mock(Permission.class)));
provider.setProcessDomainObjectClass(String.class);
@@ -131,7 +131,7 @@ public class AclEntryAfterInvocationProviderTests {
}
@Test
public void nullReturnObjectIsIgnored() {
public void nullReturnObjectIsIgnored() throws Exception {
AclService service = mock(AclService.class);
AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(
service, Arrays.asList(mock(Permission.class)));
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -71,11 +71,11 @@ public class AccessControlImplEntryTests {
Sid sid = new PrincipalSid("johndoe");
// Create a sample entry
AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl,
AccessControlEntry ace = new AccessControlEntryImpl(Long.valueOf(1), mockAcl,
sid, BasePermission.ADMINISTRATION, true, true, true);
// and check every get() method
assertThat(ace.getId()).isEqualTo(1L);
assertThat(ace.getId()).isEqualTo(new Long(1));
assertThat(ace.getAcl()).isEqualTo(mockAcl);
assertThat(ace.getSid()).isEqualTo(sid);
assertThat(ace.isGranting()).isTrue();
@@ -92,26 +92,26 @@ public class AccessControlImplEntryTests {
when(mockAcl.getObjectIdentity()).thenReturn(oid);
Sid sid = new PrincipalSid("johndoe");
AccessControlEntry ace = new AccessControlEntryImpl(1L, mockAcl,
AccessControlEntry ace = new AccessControlEntryImpl(Long.valueOf(1), mockAcl,
sid, BasePermission.ADMINISTRATION, true, true, true);
assertThat(ace).isNotNull();
assertThat(ace).isNotEqualTo(100L);
assertThat(ace).isNotEqualTo(Long.valueOf(100));
assertThat(ace).isEqualTo(ace);
assertThat(ace).isEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
assertThat(ace).isEqualTo(new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid,
BasePermission.ADMINISTRATION, true, true, true));
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(2L, mockAcl, sid,
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(Long.valueOf(2), mockAcl, sid,
BasePermission.ADMINISTRATION, true, true, true));
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl,
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(Long.valueOf(1), mockAcl,
new PrincipalSid("scott"), BasePermission.ADMINISTRATION, true, true,
true));
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid,
BasePermission.WRITE, true, true, true));
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid,
BasePermission.ADMINISTRATION, false, true, true));
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid,
BasePermission.ADMINISTRATION, true, false, true));
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid,
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid,
BasePermission.ADMINISTRATION, true, true, false));
}
}
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -49,28 +49,26 @@ public class AclImplTests {
PermissionGrantingStrategy pgs;
AuditLogger mockAuditLogger;
ObjectIdentity objectIdentity = new ObjectIdentityImpl(TARGET_CLASS, 100);
private DefaultPermissionFactory permissionFactory;
// ~ Methods
// ========================================================================================================
@Before
public void setUp() {
public void setUp() throws Exception {
SecurityContextHolder.getContext().setAuthentication(auth);
authzStrategy = mock(AclAuthorizationStrategy.class);
mockAuditLogger = mock(AuditLogger.class);
pgs = new DefaultPermissionGrantingStrategy(mockAuditLogger);
auth.setAuthenticated(true);
permissionFactory = new DefaultPermissionFactory();
}
@After
public void tearDown() {
public void tearDown() throws Exception {
SecurityContextHolder.clearContext();
}
@Test(expected = IllegalArgumentException.class)
public void constructorsRejectNullObjectIdentity() {
public void constructorsRejectNullObjectIdentity() throws Exception {
try {
new AclImpl(null, 1, authzStrategy, pgs, null, null, true, new PrincipalSid(
"joe"));
@@ -82,7 +80,7 @@ public class AclImplTests {
}
@Test(expected = IllegalArgumentException.class)
public void constructorsRejectNullId() {
public void constructorsRejectNullId() throws Exception {
try {
new AclImpl(objectIdentity, null, authzStrategy, pgs, null, null, true,
new PrincipalSid("joe"));
@@ -95,7 +93,7 @@ public class AclImplTests {
@SuppressWarnings("deprecation")
@Test(expected = IllegalArgumentException.class)
public void constructorsRejectNullAclAuthzStrategy() {
public void constructorsRejectNullAclAuthzStrategy() throws Exception {
try {
new AclImpl(objectIdentity, 1, null, new DefaultPermissionGrantingStrategy(
mockAuditLogger), null, null, true, new PrincipalSid("joe"));
@@ -107,7 +105,7 @@ public class AclImplTests {
}
@Test
public void insertAceRejectsNullParameters() {
public void insertAceRejectsNullParameters() throws Exception {
MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
true, new PrincipalSid("joe"));
try {
@@ -125,7 +123,7 @@ public class AclImplTests {
}
@Test
public void insertAceAddsElementAtCorrectIndex() {
public void insertAceAddsElementAtCorrectIndex() throws Exception {
MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
true, new PrincipalSid("joe"));
MockAclService service = new MockAclService();
@@ -168,7 +166,7 @@ public class AclImplTests {
}
@Test(expected = NotFoundException.class)
public void insertAceFailsForNonExistentElement() {
public void insertAceFailsForNonExistentElement() throws Exception {
MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
true, new PrincipalSid("joe"));
MockAclService service = new MockAclService();
@@ -182,7 +180,7 @@ public class AclImplTests {
}
@Test
public void deleteAceKeepsInitialOrdering() {
public void deleteAceKeepsInitialOrdering() throws Exception {
MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
true, new PrincipalSid("joe"));
MockAclService service = new MockAclService();
@@ -219,7 +217,7 @@ public class AclImplTests {
}
@Test
public void deleteAceFailsForNonExistentElement() {
public void deleteAceFailsForNonExistentElement() throws Exception {
AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
@@ -234,7 +232,7 @@ public class AclImplTests {
}
@Test
public void isGrantingRejectsEmptyParameters() {
public void isGrantingRejectsEmptyParameters() throws Exception {
MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
true, new PrincipalSid("joe"));
Sid ben = new PrincipalSid("ben");
@@ -253,7 +251,7 @@ public class AclImplTests {
}
@Test
public void isGrantingGrantsAccessForAclWithNoParent() {
public void isGrantingGrantsAccessForAclWithNoParent() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
"ROLE_GENERAL", "ROLE_GUEST");
auth.setAuthenticated(true);
@@ -299,7 +297,7 @@ public class AclImplTests {
}
@Test
public void isGrantingGrantsAccessForInheritableAcls() {
public void isGrantingGrantsAccessForInheritableAcls() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
"ROLE_GENERAL");
auth.setAuthenticated(true);
@@ -381,7 +379,7 @@ public class AclImplTests {
}
@Test
public void updatedAceValuesAreCorrectlyReflectedInAcl() {
public void updatedAceValuesAreCorrectlyReflectedInAcl() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
"ROLE_GENERAL");
auth.setAuthenticated(true);
@@ -413,7 +411,7 @@ public class AclImplTests {
}
@Test
public void auditableEntryFlagsAreUpdatedCorrectly() {
public void auditableEntryFlagsAreUpdatedCorrectly() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
"ROLE_AUDITING", "ROLE_GENERAL");
auth.setAuthenticated(true);
@@ -451,7 +449,7 @@ public class AclImplTests {
}
@Test
public void gettersAndSettersAreConsistent() {
public void gettersAndSettersAreConsistent() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
"ROLE_GENERAL");
auth.setAuthenticated(true);
@@ -487,7 +485,7 @@ public class AclImplTests {
}
@Test
public void isSidLoadedBehavesAsExpected() {
public void isSidLoadedBehavesAsExpected() throws Exception {
List<Sid> loadedSids = Arrays.asList(new PrincipalSid("ben"),
new GrantedAuthoritySid("ROLE_IGNORED"));
MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null,
@@ -503,33 +501,34 @@ public class AclImplTests {
assertThat(acl.isSidLoaded(BEN)).isTrue();
assertThat(acl.isSidLoaded(null)).isTrue();
assertThat(acl.isSidLoaded(new ArrayList<>(0))).isTrue();
assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid(
assertThat(acl.isSidLoaded(Arrays.asList((Sid) new GrantedAuthoritySid(
"ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_IGNORED"))))
.isTrue();
assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid(
assertThat(acl.isSidLoaded(Arrays.asList((Sid) new GrantedAuthoritySid(
"ROLE_GENERAL"), new GrantedAuthoritySid("ROLE_IGNORED"))))
.isFalse();
assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid(
assertThat(acl.isSidLoaded(Arrays.asList((Sid) new GrantedAuthoritySid(
"ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_GENERAL"))))
.isFalse();
}
@Test(expected = NotFoundException.class)
public void insertAceRaisesNotFoundExceptionForIndexLessThanZero() {
public void insertAceRaisesNotFoundExceptionForIndexLessThanZero() throws Exception {
AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
true, new PrincipalSid("joe"));
acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true);
}
@Test(expected = NotFoundException.class)
public void deleteAceRaisesNotFoundExceptionForIndexLessThanZero() {
public void deleteAceRaisesNotFoundExceptionForIndexLessThanZero() throws Exception {
AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
true, new PrincipalSid("joe"));
acl.deleteAce(-1);
}
@Test(expected = NotFoundException.class)
public void insertAceRaisesNotFoundExceptionForIndexGreaterThanSize() {
public void insertAceRaisesNotFoundExceptionForIndexGreaterThanSize()
throws Exception {
AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
true, new PrincipalSid("joe"));
// Insert at zero, OK.
@@ -540,7 +539,7 @@ public class AclImplTests {
// SEC-1151
@Test(expected = NotFoundException.class)
public void deleteAceRaisesNotFoundExceptionForIndexEqualToSize() {
public void deleteAceRaisesNotFoundExceptionForIndexEqualToSize() throws Exception {
AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null,
true, new PrincipalSid("joe"));
acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
@@ -550,7 +549,7 @@ public class AclImplTests {
// SEC-1795
@Test
public void changingParentIsSuccessful() {
public void changingParentIsSuccessful() throws Exception {
AclImpl parentAcl = new AclImpl(objectIdentity, 1L, authzStrategy,
mockAuditLogger);
AclImpl childAcl = new AclImpl(objectIdentity, 2L, authzStrategy, mockAuditLogger);
@@ -561,58 +560,9 @@ public class AclImplTests {
childAcl.setParent(changeParentAcl);
}
// SEC-2342
@Test
public void maskPermissionGrantingStrategy() {
DefaultPermissionGrantingStrategy maskPgs = new MaskPermissionGrantingStrategy(mockAuditLogger);
MockAclService service = new MockAclService();
AclImpl acl = new AclImpl(objectIdentity, 1, authzStrategy, maskPgs, null, null,
true, new PrincipalSid("joe"));
Permission permission = permissionFactory.buildFromMask(BasePermission.READ.getMask() | BasePermission.WRITE.getMask());
Sid sid = new PrincipalSid("ben");
acl.insertAce(0, permission, sid, true);
service.updateAcl(acl);
List<Permission> permissions = Arrays.asList(BasePermission.READ);
List<Sid> sids = Arrays.asList(sid);
assertThat(acl.isGranted(permissions, sids, false)).isTrue();
}
@Test
public void hashCodeWithoutStackOverFlow() throws Exception {
//given
Sid sid = new PrincipalSid("pSid");
ObjectIdentity oid = new ObjectIdentityImpl("type", 1);
AclAuthorizationStrategy authStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("role"));
PermissionGrantingStrategy grantingStrategy = new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger());
AclImpl acl = new AclImpl(oid, 1L, authStrategy, grantingStrategy, null, null, false, sid);
AccessControlEntryImpl ace = new AccessControlEntryImpl(1L, acl, sid, BasePermission.READ, true, true, true);
Field fieldAces = FieldUtils.getField(AclImpl.class, "aces");
fieldAces.setAccessible(true);
List<AccessControlEntryImpl> aces = (List<AccessControlEntryImpl>) fieldAces.get(acl);
aces.add(ace);
//when - then none StackOverFlowError been raised
ace.hashCode();
}
// ~ Inner Classes
// ==================================================================================================
private static class MaskPermissionGrantingStrategy extends DefaultPermissionGrantingStrategy {
MaskPermissionGrantingStrategy(AuditLogger auditLogger) {
super(auditLogger);
}
@Override
protected boolean isGranted(AccessControlEntry ace, Permission p) {
if (p.getMask() != 0) {
return (p.getMask() & ace.getPermission().getMask()) != 0;
}
return super.isGranted(ace, p);
}
}
private class MockAclService implements MutableAclService {
public MutableAcl createAcl(ObjectIdentity objectIdentity)
throws AlreadyExistsException {
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -41,28 +41,28 @@ public class AclImplementationSecurityCheckTests {
// ========================================================================================================
@Before
public void setUp() {
public void setUp() throws Exception {
SecurityContextHolder.clearContext();
}
@After
public void tearDown() {
public void tearDown() throws Exception {
SecurityContextHolder.clearContext();
}
@Test
public void testSecurityCheckNoACEs() {
public void testSecurityCheckNoACEs() throws Exception {
Authentication auth = new TestingAuthenticationToken("user", "password",
"ROLE_GENERAL", "ROLE_AUDITING", "ROLE_OWNERSHIP");
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
Acl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy,
Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy,
new ConsoleAuditLogger());
aclAuthorizationStrategy.securityCheck(acl,
@@ -76,7 +76,7 @@ public class AclImplementationSecurityCheckTests {
AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority(
"ROLE_TWO"), new SimpleGrantedAuthority("ROLE_THREE"));
Acl acl2 = new AclImpl(identity, 1L, aclAuthorizationStrategy2,
Acl acl2 = new AclImpl(identity, new Long(1), aclAuthorizationStrategy2,
new ConsoleAuditLogger());
// Check access in case the principal has no authorization rights
try {
@@ -103,14 +103,14 @@ public class AclImplementationSecurityCheckTests {
}
@Test
public void testSecurityCheckWithMultipleACEs() {
public void testSecurityCheckWithMultipleACEs() throws Exception {
// Create a simple authentication with ROLE_GENERAL
Authentication auth = new TestingAuthenticationToken("user", "password",
"ROLE_GENERAL");
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
// Authorization strategy will require a different role for each access
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
@@ -118,7 +118,7 @@ public class AclImplementationSecurityCheckTests {
// Let's give the principal the ADMINISTRATION permission, without
// granting access
MutableAcl aclFirstDeny = new AclImpl(identity, 1L,
MutableAcl aclFirstDeny = new AclImpl(identity, new Long(1),
aclAuthorizationStrategy, new ConsoleAuditLogger());
aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth),
false);
@@ -160,7 +160,7 @@ public class AclImplementationSecurityCheckTests {
// Create another ACL and give the principal the ADMINISTRATION
// permission, with granting access
MutableAcl aclFirstAllow = new AclImpl(identity, 1L,
MutableAcl aclFirstAllow = new AclImpl(identity, new Long(1),
aclAuthorizationStrategy, new ConsoleAuditLogger());
aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth),
true);
@@ -184,7 +184,7 @@ public class AclImplementationSecurityCheckTests {
}
// Create an ACL with no ACE
MutableAcl aclNoACE = new AclImpl(identity, 1L,
MutableAcl aclNoACE = new AclImpl(identity, new Long(1),
aclAuthorizationStrategy, new ConsoleAuditLogger());
try {
aclAuthorizationStrategy.securityCheck(aclNoACE,
@@ -206,7 +206,7 @@ public class AclImplementationSecurityCheckTests {
}
@Test
public void testSecurityCheckWithInheritableACEs() {
public void testSecurityCheckWithInheritableACEs() throws Exception {
// Create a simple authentication with ROLE_GENERAL
Authentication auth = new TestingAuthenticationToken("user", "password",
"ROLE_GENERAL");
@@ -273,7 +273,7 @@ public class AclImplementationSecurityCheckTests {
}
@Test
public void testSecurityCheckPrincipalOwner() {
public void testSecurityCheckPrincipalOwner() throws Exception {
Authentication auth = new TestingAuthenticationToken("user", "password",
"ROLE_ONE");
auth.setAuthenticated(true);
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -44,7 +44,7 @@ public class AuditLoggerTests {
// ========================================================================================================
@Before
public void setUp() {
public void setUp() throws Exception {
logger = new ConsoleAuditLogger();
ace = mock(AuditableAccessControlEntry.class);
console = System.out;
@@ -52,7 +52,7 @@ public class AuditLoggerTests {
}
@After
public void tearDown() {
public void tearDown() throws Exception {
System.setOut(console);
bytes.reset();
}
@@ -65,14 +65,14 @@ public class AuditLoggerTests {
}
@Test
public void successIsNotLoggedIfAceDoesntRequireSuccessAudit() {
public void successIsNotLoggedIfAceDoesntRequireSuccessAudit() throws Exception {
when(ace.isAuditSuccess()).thenReturn(false);
logger.logIfNeeded(true, ace);
assertThat(bytes.size()).isZero();
}
@Test
public void successIsLoggedIfAceRequiresSuccessAudit() {
public void successIsLoggedIfAceRequiresSuccessAudit() throws Exception {
when(ace.isAuditSuccess()).thenReturn(true);
logger.logIfNeeded(true, ace);
@@ -80,14 +80,14 @@ public class AuditLoggerTests {
}
@Test
public void failureIsntLoggedIfAceDoesntRequireFailureAudit() {
public void failureIsntLoggedIfAceDoesntRequireFailureAudit() throws Exception {
when(ace.isAuditFailure()).thenReturn(false);
logger.logIfNeeded(false, ace);
assertThat(bytes.size()).isZero();
}
@Test
public void failureIsLoggedIfAceRequiresFailureAudit() {
public void failureIsLoggedIfAceRequiresFailureAudit() throws Exception {
when(ace.isAuditFailure()).thenReturn(true);
logger.logIfNeeded(false, ace);
assertThat(bytes.toString()).startsWith("DENIED due to ACE");
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -36,7 +36,7 @@ public class ObjectIdentityImplTests {
// ========================================================================================================
@Test
public void constructorsRespectRequiredFields() {
public void constructorsRespectRequiredFields() throws Exception {
// Check one-argument constructor required field
try {
new ObjectIdentityImpl(null);
@@ -47,7 +47,7 @@ public class ObjectIdentityImplTests {
// Check String-Serializable constructor required field
try {
new ObjectIdentityImpl("", 1L);
new ObjectIdentityImpl("", Long.valueOf(1));
fail("It should have thrown IllegalArgumentException");
}
catch (IllegalArgumentException expected) {
@@ -63,7 +63,7 @@ public class ObjectIdentityImplTests {
// The correct way of using String-Serializable constructor
try {
new ObjectIdentityImpl(DOMAIN_CLASS, 1L);
new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(1));
}
catch (IllegalArgumentException notExpected) {
fail("It shouldn't have thrown IllegalArgumentException");
@@ -79,14 +79,14 @@ public class ObjectIdentityImplTests {
}
@Test
public void gettersReturnExpectedValues() {
ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, 1L);
assertThat(obj.getIdentifier()).isEqualTo(1L);
public void gettersReturnExpectedValues() throws Exception {
ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(1));
assertThat(obj.getIdentifier()).isEqualTo(Long.valueOf(1));
assertThat(obj.getType()).isEqualTo(MockIdDomainObject.class.getName());
}
@Test
public void testGetIdMethodConstraints() {
public void testGetIdMethodConstraints() throws Exception {
// Check the getId() method is present
try {
new ObjectIdentityImpl("A_STRING_OBJECT");
@@ -116,7 +116,7 @@ public class ObjectIdentityImplTests {
}
// getId() should return a Serializable object
mockId.setId(100L);
mockId.setId(new Long(100));
try {
new ObjectIdentityImpl(mockId);
}
@@ -125,46 +125,46 @@ public class ObjectIdentityImplTests {
}
@Test(expected = IllegalArgumentException.class)
public void constructorRejectsInvalidTypeParameter() {
new ObjectIdentityImpl("", 1L);
public void constructorRejectsInvalidTypeParameter() throws Exception {
new ObjectIdentityImpl("", Long.valueOf(1));
}
@Test
public void testEquals() {
ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, 1L);
public void testEquals() throws Exception {
ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(1));
MockIdDomainObject mockObj = new MockIdDomainObject();
mockObj.setId(1L);
mockObj.setId(Long.valueOf(1));
String string = "SOME_STRING";
assertThat(string).isNotSameAs(obj);
assertThat(obj).isNotNull();
assertThat(obj).isNotEqualTo("DIFFERENT_OBJECT_TYPE");
assertThat(obj).isNotEqualTo(new ObjectIdentityImpl(DOMAIN_CLASS, 2L));
assertThat(obj).isNotEqualTo(new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(2)));
assertThat(obj).isNotEqualTo(new ObjectIdentityImpl(
"org.springframework.security.acls.domain.ObjectIdentityImplTests$MockOtherIdDomainObject",
1L));
Long.valueOf(1)));
assertThat(new ObjectIdentityImpl(DOMAIN_CLASS, 1L)).isEqualTo(obj);
assertThat(new ObjectIdentityImpl(mockObj)).isEqualTo(obj);
}
@Test
public void hashcodeIsDifferentForDifferentJavaTypes() {
ObjectIdentity obj = new ObjectIdentityImpl(Object.class, 1L);
ObjectIdentity obj2 = new ObjectIdentityImpl(String.class, 1L);
public void hashcodeIsDifferentForDifferentJavaTypes() throws Exception {
ObjectIdentity obj = new ObjectIdentityImpl(Object.class, Long.valueOf(1));
ObjectIdentity obj2 = new ObjectIdentityImpl(String.class, Long.valueOf(1));
assertThat(obj.hashCode()).isNotEqualTo(obj2.hashCode());
}
@Test
public void longAndIntegerIdsWithSameValueAreEqualAndHaveSameHashcode() {
ObjectIdentity obj = new ObjectIdentityImpl(Object.class, 5L);
ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, 5);
ObjectIdentity obj = new ObjectIdentityImpl(Object.class, new Long(5));
ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, Integer.valueOf(5));
assertThat(obj2).isEqualTo(obj);
assertThat(obj2.hashCode()).isEqualTo(obj.hashCode());
}
@Test
public void equalStringIdsAreEqualAndHaveSameHashcode() {
public void equalStringIdsAreEqualAndHaveSameHashcode() throws Exception {
ObjectIdentity obj = new ObjectIdentityImpl(Object.class, "1000");
ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, "1000");
assertThat(obj2).isEqualTo(obj);
@@ -172,9 +172,9 @@ public class ObjectIdentityImplTests {
}
@Test
public void stringAndNumericIdsAreNotEqual() {
public void stringAndNumericIdsAreNotEqual() throws Exception {
ObjectIdentity obj = new ObjectIdentityImpl(Object.class, "1000");
ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, 1000L);
ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, Long.valueOf(1000));
assertThat(obj).isNotEqualTo(obj2);
}
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -31,9 +31,9 @@ public class ObjectIdentityRetrievalStrategyImplTests {
// ~ Methods
// ========================================================================================================
@Test
public void testObjectIdentityCreation() {
public void testObjectIdentityCreation() throws Exception {
MockIdDomainObject domain = new MockIdDomainObject();
domain.setId(1);
domain.setId(Integer.valueOf(1));
ObjectIdentityRetrievalStrategy retStrategy = new ObjectIdentityRetrievalStrategyImpl();
ObjectIdentity identity = retStrategy.getObjectIdentity(domain);
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -129,10 +129,10 @@ public abstract class AbstractBasicLookupStrategyTests {
@Test
public void testAclsRetrievalWithDefaultBatchSize() throws Exception {
ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L);
ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(101));
// Deliberately use an integer for the child, to reproduce bug report in SEC-819
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102);
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(102));
Map<ObjectIdentity, Acl> map = this.strategy
.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
@@ -141,9 +141,9 @@ public abstract class AbstractBasicLookupStrategyTests {
@Test
public void testAclsRetrievalFromCacheOnly() throws Exception {
ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L);
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L);
ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(101));
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
// Objects were put in cache
strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
@@ -158,9 +158,9 @@ public abstract class AbstractBasicLookupStrategyTests {
@Test
public void testAclsRetrievalWithCustomBatchSize() throws Exception {
ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101);
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L);
ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(101));
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
// Set a batch size to allow multiple database queries in order to retrieve all
// acls
@@ -171,7 +171,7 @@ public abstract class AbstractBasicLookupStrategyTests {
}
private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity middleParentOid, ObjectIdentity childOid,
Map<ObjectIdentity, Acl> map) {
Map<ObjectIdentity, Acl> map) throws Exception {
assertThat(map).hasSize(3);
MutableAcl topParent = (MutableAcl) map.get(topParentOid);
@@ -238,14 +238,14 @@ public abstract class AbstractBasicLookupStrategyTests {
}
@Test
public void testAllParentsAreRetrievedWhenChildIsLoaded() {
public void testAllParentsAreRetrievedWhenChildIsLoaded() throws Exception {
String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,103,1,1,1);";
getJdbcTemplate().execute(query);
ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L);
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L);
ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, 103L);
ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(100));
ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(101));
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(102));
ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(103));
// Retrieve the child
Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(childOid), null);
@@ -266,7 +266,7 @@ public abstract class AbstractBasicLookupStrategyTests {
* Test created from SEC-590.
*/
@Test
public void testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached() {
public void testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached() throws Exception {
String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,105,null,1,1);"
+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (7,2,106,6,1,1);"
+ "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (8,2,107,6,1,1);"
@@ -274,10 +274,10 @@ public abstract class AbstractBasicLookupStrategyTests {
+ "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (7,6,0,1,1,1,0,0)";
getJdbcTemplate().execute(query);
ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
ObjectIdentity parent1Oid = new ObjectIdentityImpl(TARGET_CLASS, 105L);
ObjectIdentity parent2Oid = new ObjectIdentityImpl(TARGET_CLASS, 106);
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 107);
ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(104));
ObjectIdentity parent1Oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(105));
ObjectIdentity parent2Oid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(106));
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(107));
// First lookup only child, thus populating the cache with grandParent,
// parent1
@@ -317,7 +317,7 @@ public abstract class AbstractBasicLookupStrategyTests {
getJdbcTemplate().execute(query);
ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(104));
strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
}
@@ -1,11 +1,11 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,21 +16,21 @@
package org.springframework.security.acls.jdbc;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.core.convert.ConversionService;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.BDDMockito.given;
import java.io.Serializable;
import java.math.BigInteger;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.UUID;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.BDDMockito.given;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import org.springframework.core.convert.ConversionService;
/**
* Tests for {@link AclClassIdUtils}.
@@ -40,37 +40,44 @@ import static org.mockito.BDDMockito.given;
public class AclClassIdUtilsTest {
private static final Long DEFAULT_IDENTIFIER = 999L;
private static final BigInteger BIGINT_IDENTIFIER = new BigInteger("999");
private static final String DEFAULT_IDENTIFIER_AS_STRING = DEFAULT_IDENTIFIER.toString();
@Mock
private ResultSet resultSet;
@Mock
private ConversionService conversionService;
@InjectMocks
private AclClassIdUtils aclClassIdUtils;
@Before
public void setUp() {
aclClassIdUtils = new AclClassIdUtils();
public void setUp() throws Exception {
given(conversionService.canConvert(String.class, Long.class)).willReturn(true);
given(conversionService.convert(DEFAULT_IDENTIFIER, Long.class)).willReturn(new Long(DEFAULT_IDENTIFIER));
given(conversionService.convert(DEFAULT_IDENTIFIER_AS_STRING, Long.class)).willReturn(new Long(DEFAULT_IDENTIFIER));
}
@Test
public void shouldReturnLongIfIdentifierIsLong() throws SQLException {
public void shouldReturnLongIfIdentifierIsNotStringAndNoConversionService() throws SQLException {
// given
AclClassIdUtils aclClassIdUtilsWithoutConversionSvc = new AclClassIdUtils();
// when
Serializable newIdentifier = aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER, resultSet);
Serializable newIdentifier = aclClassIdUtilsWithoutConversionSvc.identifierFrom(DEFAULT_IDENTIFIER, resultSet);
// then
assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
}
@Test
public void shouldReturnLongIfIdentifierIsBigInteger() throws SQLException {
public void shouldReturnLongIfIdentifierIsNotString() throws SQLException {
// given
Long prevIdentifier = 999L;
// when
Serializable newIdentifier = aclClassIdUtils.identifierFrom(BIGINT_IDENTIFIER, resultSet);
Serializable newIdentifier = aclClassIdUtils.identifierFrom(prevIdentifier, resultSet);
// then
assertThat(newIdentifier).isEqualTo(DEFAULT_IDENTIFIER);
assertThat(newIdentifier).isEqualTo(prevIdentifier);
}
@Test
@@ -110,11 +117,10 @@ public class AclClassIdUtilsTest {
}
@Test
public void shouldReturnLongEvenIfCustomConversionServiceDoesNotSupportLongConversion() throws SQLException {
public void shouldReturnLongIfTypeClassCannotBeConverted() throws SQLException {
// given
given(resultSet.getString("class_id_type")).willReturn("java.lang.Long");
given(conversionService.canConvert(String.class, Long.class)).willReturn(false);
aclClassIdUtils.setConversionService(conversionService);
// when
Serializable newIdentifier = aclClassIdUtils.identifierFrom(DEFAULT_IDENTIFIER_AS_STRING, resultSet);
@@ -139,7 +145,10 @@ public class AclClassIdUtilsTest {
public void shouldReturnUUIDWhenUUIDClassIdType() throws SQLException {
// given
UUID identifier = UUID.randomUUID();
String identifierAsString = identifier.toString();
given(resultSet.getString("class_id_type")).willReturn("java.util.UUID");
given(conversionService.canConvert(String.class, UUID.class)).willReturn(true);
given(conversionService.convert(identifierAsString, UUID.class)).willReturn(UUID.fromString(identifierAsString));
// when
Serializable newIdentifier = aclClassIdUtils.identifierFrom(identifier.toString(), resultSet);
@@ -148,28 +157,4 @@ public class AclClassIdUtilsTest {
assertThat(newIdentifier).isEqualTo(identifier);
}
@Test
public void shouldReturnStringWhenStringClassIdType() throws SQLException {
// given
String identifier = "MY_STRING_IDENTIFIER";
given(resultSet.getString("class_id_type")).willReturn("java.lang.String");
// when
Serializable newIdentifier = aclClassIdUtils.identifierFrom(identifier, resultSet);
// then
assertThat(newIdentifier).isEqualTo(identifier);
}
@Test(expected = IllegalArgumentException.class)
public void shouldNotAcceptNullConversionServiceInConstruction() {
// when
new AclClassIdUtils(null);
}
@Test(expected = IllegalArgumentException.class)
public void shouldNotAcceptNullConversionServiceInSetter() {
// when
aclClassIdUtils.setConversionService(null);
}
}
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -37,7 +37,7 @@ public class BasicLookupStrategyTests extends AbstractBasicLookupStrategyTests {
}
@AfterClass
public static void dropDatabase() {
public static void dropDatabase() throws Exception {
DATABASE_HELPER.getDataSource().destroy();
}
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -63,18 +63,20 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
}
@AfterClass
public static void dropDatabase() {
public static void dropDatabase() throws Exception {
DATABASE_HELPER.getDataSource().destroy();
}
@Before
public void initializeBeans() {
super.initializeBeans();
AclClassIdUtils aclClassIdUtils = new AclClassIdUtils();
aclClassIdUtils.setConversionService(new DefaultConversionService());
uuidEnabledStrategy = new BasicLookupStrategy(getDataSource(), aclCache(), aclAuthStrategy(),
new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()));
uuidEnabledStrategy.setPermissionFactory(new DefaultPermissionFactory());
uuidEnabledStrategy.setAclClassIdSupported(true);
uuidEnabledStrategy.setConversionService(new DefaultConversionService());
uuidEnabledStrategy.setAclClassIdUtils(aclClassIdUtils);
}
@Before
@@ -101,7 +103,7 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
@Test
public void testReadObjectIdentityUsingLongTypeWithConversionServiceEnabled() {
ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
Map<ObjectIdentity, Acl> foundAcls = uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
Assert.assertEquals(1, foundAcls.size());
Assert.assertNotNull(foundAcls.get(oid));
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -71,12 +71,12 @@ public class EhCacheBasedAclCacheTests {
new ConsoleAuditLogger()), new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_USER")));
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(100));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
acl = new AclImpl(identity, 1L, aclAuthorizationStrategy,
acl = new AclImpl(identity, Long.valueOf(1), aclAuthorizationStrategy,
new ConsoleAuditLogger());
}
@@ -86,14 +86,14 @@ public class EhCacheBasedAclCacheTests {
}
@Test(expected = IllegalArgumentException.class)
public void constructorRejectsNullParameters() {
public void constructorRejectsNullParameters() throws Exception {
new EhCacheBasedAclCache(null, new DefaultPermissionGrantingStrategy(
new ConsoleAuditLogger()), new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_USER")));
}
@Test
public void methodsRejectNullParameters() {
public void methodsRejectNullParameters() throws Exception {
try {
Serializable id = null;
myCache.evictFromCache(id);
@@ -154,22 +154,22 @@ public class EhCacheBasedAclCacheTests {
Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy",
retrieved);
assertThat(retrieved1).isNull();
assertThat(retrieved1).isEqualTo(null);
Object retrieved2 = FieldUtils.getProtectedFieldValue(
"permissionGrantingStrategy", retrieved);
assertThat(retrieved2).isNull();
assertThat(retrieved2).isEqualTo(null);
}
@Test
public void clearCache() {
public void clearCache() throws Exception {
myCache.clearCache();
verify(cache).removeAll();
}
@Test
public void putInCache() {
public void putInCache() throws Exception {
myCache.putInCache(acl);
verify(cache, times(2)).put(element.capture());
@@ -181,18 +181,18 @@ public class EhCacheBasedAclCacheTests {
}
@Test
public void putInCacheAclWithParent() {
public void putInCacheAclWithParent() throws Exception {
Authentication auth = new TestingAuthenticationToken("user", "password",
"ROLE_GENERAL");
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS,
2L);
Long.valueOf(2));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
MutableAcl parentAcl = new AclImpl(identityParent, 2L,
MutableAcl parentAcl = new AclImpl(identityParent, Long.valueOf(2),
aclAuthorizationStrategy, new ConsoleAuditLogger());
acl.setParent(parentAcl);
@@ -216,14 +216,14 @@ public class EhCacheBasedAclCacheTests {
}
@Test
public void getFromCacheSerializable() {
public void getFromCacheSerializable() throws Exception {
when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
assertThat(myCache.getFromCache(acl.getId())).isEqualTo(acl);
}
@Test
public void getFromCacheSerializablePopulatesTransient() {
public void getFromCacheSerializablePopulatesTransient() throws Exception {
when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
myCache.putInCache(acl);
@@ -240,14 +240,14 @@ public class EhCacheBasedAclCacheTests {
}
@Test
public void getFromCacheObjectIdentity() {
public void getFromCacheObjectIdentity() throws Exception {
when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
assertThat(myCache.getFromCache(acl.getId())).isEqualTo(acl);
}
@Test
public void getFromCacheObjectIdentityPopulatesTransient() {
public void getFromCacheObjectIdentityPopulatesTransient() throws Exception {
when(cache.get(acl.getObjectIdentity()))
.thenReturn(new Element(acl.getId(), acl));
@@ -265,7 +265,7 @@ public class EhCacheBasedAclCacheTests {
}
@Test
public void evictCacheSerializable() {
public void evictCacheSerializable() throws Exception {
when(cache.get(acl.getObjectIdentity()))
.thenReturn(new Element(acl.getId(), acl));
@@ -276,7 +276,7 @@ public class EhCacheBasedAclCacheTests {
}
@Test
public void evictCacheObjectIdentity() {
public void evictCacheObjectIdentity() throws Exception {
when(cache.get(acl.getId())).thenReturn(new Element(acl.getId(), acl));
myCache.evictFromCache(acl.getId());
@@ -1,11 +1,11 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -15,16 +15,21 @@
*/
package org.springframework.security.acls.jdbc;
import org.junit.After;
import static org.mockito.Matchers.anyListOf;
import static org.mockito.Mockito.when;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabase;
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.Acl;
@@ -32,54 +37,19 @@ import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.Sid;
import javax.sql.DataSource;
import java.util.*;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.AdditionalMatchers.aryEq;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.when;
/**
* Unit and Integration tests the ACL JdbcAclService using an
* in-memory database.
*
* @author Nena Raab
*/
@RunWith(MockitoJUnitRunner.class)
public class JdbcAclServiceTests {
private EmbeddedDatabase embeddedDatabase;
@Mock
private DataSource dataSource;
@Mock
private LookupStrategy lookupStrategy;
@Mock
JdbcOperations jdbcOperations;
private JdbcAclService aclServiceIntegration;
private JdbcAclService aclService;
@Before
public void setUp() {
aclService = new JdbcAclService(jdbcOperations, lookupStrategy);
aclServiceIntegration = new JdbcAclService(embeddedDatabase, lookupStrategy);
}
@Before
public void setUpEmbeddedDatabase() {
embeddedDatabase = new EmbeddedDatabaseBuilder()//
.addScript("createAclSchemaWithAclClassIdType.sql")
.addScript("db/sql/test_data_hierarchy.sql")
.build();
}
@After
public void tearDownEmbeddedDatabase() {
embeddedDatabase.shutdown();
aclService = new JdbcAclService(dataSource, lookupStrategy);
}
// SEC-1898
@@ -87,113 +57,11 @@ public class JdbcAclServiceTests {
public void readAclByIdMissingAcl() {
Map<ObjectIdentity, Acl> result = new HashMap<>();
when(
lookupStrategy.readAclsById(anyList(),
anyList())).thenReturn(result);
lookupStrategy.readAclsById(anyListOf(ObjectIdentity.class),
anyListOf(Sid.class))).thenReturn(result);
ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1);
List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid("user"));
List<Sid> sids = Arrays.<Sid> asList(new PrincipalSid("user"));
aclService.readAclById(objectIdentity, sids);
}
@Test
public void findOneChildren() {
List<ObjectIdentity> result = new ArrayList<>();
result.add(new ObjectIdentityImpl(Object.class, "5577"));
Object[] args = {"1", "org.springframework.security.acls.jdbc.JdbcAclServiceTests$MockLongIdDomainObject"};
when(
jdbcOperations.query(anyString(),
aryEq(args), any(RowMapper.class))).thenReturn(result);
ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
List<ObjectIdentity> objectIdentities = aclService.findChildren(objectIdentity);
assertThat(objectIdentities.size()).isEqualTo(1);
assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo("5577");
}
@Test
public void findNoChildren() {
ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 1L);
List<ObjectIdentity> objectIdentities = aclService.findChildren(objectIdentity);
assertThat(objectIdentities).isNull();
}
// ~ Some integration tests
// ========================================================================================================
@Test
public void findChildrenWithoutIdType() {
ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockLongIdDomainObject.class, 4711L);
List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
assertThat(objectIdentities.size()).isEqualTo(1);
assertThat(objectIdentities.get(0).getType()).isEqualTo(MockUntypedIdDomainObject.class.getName());
assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo(5000L);
}
@Test
public void findChildrenForUnknownObject() {
ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 33);
List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
assertThat(objectIdentities).isNull();
}
@Test
public void findChildrenOfIdTypeLong() {
ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US-PAL");
List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
assertThat(objectIdentities.size()).isEqualTo(2);
assertThat(objectIdentities.get(0).getType()).isEqualTo(MockLongIdDomainObject.class.getName());
assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo(4711L);
assertThat(objectIdentities.get(1).getType()).isEqualTo(MockLongIdDomainObject.class.getName());
assertThat(objectIdentities.get(1).getIdentifier()).isEqualTo(4712L);
}
@Test
public void findChildrenOfIdTypeString() {
ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US");
aclServiceIntegration.setAclClassIdSupported(true);
List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
assertThat(objectIdentities.size()).isEqualTo(1);
assertThat(objectIdentities.get(0).getType()).isEqualTo("location");
assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo("US-PAL");
}
@Test
public void findChildrenOfIdTypeUUID() {
ObjectIdentity objectIdentity = new ObjectIdentityImpl(MockUntypedIdDomainObject.class, 5000L);
aclServiceIntegration.setAclClassIdSupported(true);
List<ObjectIdentity> objectIdentities = aclServiceIntegration.findChildren(objectIdentity);
assertThat(objectIdentities.size()).isEqualTo(1);
assertThat(objectIdentities.get(0).getType()).isEqualTo("costcenter");
assertThat(objectIdentities.get(0).getIdentifier()).isEqualTo(UUID.fromString("25d93b3f-c3aa-4814-9d5e-c7c96ced7762"));
}
private class MockLongIdDomainObject {
private Object id;
public Object getId() {
return id;
}
public void setId(Object id) {
this.id = id;
}
}
private class MockUntypedIdDomainObject {
private Object id;
public Object getId() {
return id;
}
public void setId(Object id) {
this.id = id;
}
}
}
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -78,11 +78,11 @@ public class JdbcMutableAclServiceTests extends
// ================================================================================================
private final ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS,
100L);
Long.valueOf(100));
private final ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS,
101L);
Long.valueOf(101));
private final ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS,
102L);
Long.valueOf(102));
@Autowired
private JdbcMutableAclService jdbcMutableAclService;
@@ -132,7 +132,7 @@ public class JdbcMutableAclServiceTests extends
}
@AfterTransaction
public void clearContextAndData() {
public void clearContextAndData() throws Exception {
SecurityContextHolder.clearContext();
jdbcTemplate.execute("drop table acl_entry");
jdbcTemplate.execute("drop table acl_object_identity");
@@ -285,7 +285,7 @@ public class JdbcMutableAclServiceTests extends
*/
@Test
@Transactional
public void deleteAclAlsoDeletesChildren() {
public void deleteAclAlsoDeletesChildren() throws Exception {
SecurityContextHolder.getContext().setAuthentication(auth);
jdbcMutableAclService.createAcl(getTopParentOid());
@@ -319,11 +319,11 @@ public class JdbcMutableAclServiceTests extends
Acl acl = jdbcMutableAclService.readAclById(getTopParentOid());
assertThat(acl).isNotNull();
assertThat(getTopParentOid()).isEqualTo(acl.getObjectIdentity());
assertThat(getTopParentOid()).isEqualTo(((MutableAcl) acl).getObjectIdentity());
}
@Test
public void constructorRejectsNullParameters() {
public void constructorRejectsNullParameters() throws Exception {
try {
new JdbcMutableAclService(null, lookupStrategy, aclCache);
fail("It should have thrown IllegalArgumentException");
@@ -347,7 +347,7 @@ public class JdbcMutableAclServiceTests extends
}
@Test
public void createAclRejectsNullParameter() {
public void createAclRejectsNullParameter() throws Exception {
try {
jdbcMutableAclService.createAcl(null);
fail("It should have thrown IllegalArgumentException");
@@ -358,10 +358,10 @@ public class JdbcMutableAclServiceTests extends
@Test
@Transactional
public void createAclForADuplicateDomainObject() {
public void createAclForADuplicateDomainObject() throws Exception {
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity duplicateOid = new ObjectIdentityImpl(TARGET_CLASS,
100L);
Long.valueOf(100));
jdbcMutableAclService.createAcl(duplicateOid);
// Try to add the same object second time
try {
@@ -374,7 +374,7 @@ public class JdbcMutableAclServiceTests extends
@Test
@Transactional
public void deleteAclRejectsNullParameters() {
public void deleteAclRejectsNullParameters() throws Exception {
try {
jdbcMutableAclService.deleteAcl(null, true);
fail("It should have thrown IllegalArgumentException");
@@ -385,7 +385,7 @@ public class JdbcMutableAclServiceTests extends
@Test
@Transactional
public void deleteAclWithChildrenThrowsException() {
public void deleteAclWithChildrenThrowsException() throws Exception {
SecurityContextHolder.getContext().setAuthentication(auth);
MutableAcl parent = jdbcMutableAclService.createAcl(getTopParentOid());
MutableAcl child = jdbcMutableAclService.createAcl(getMiddleParentOid());
@@ -411,7 +411,7 @@ public class JdbcMutableAclServiceTests extends
@Test
@Transactional
public void deleteAclRemovesRowsFromDatabase() {
public void deleteAclRemovesRowsFromDatabase() throws Exception {
SecurityContextHolder.getContext().setAuthentication(auth);
MutableAcl child = jdbcMutableAclService.createAcl(getChildOid());
child.insertAce(0, BasePermission.DELETE, new PrincipalSid(auth), false);
@@ -428,19 +428,19 @@ public class JdbcMutableAclServiceTests extends
// Check the cache
assertThat(aclCache.getFromCache(getChildOid())).isNull();
assertThat(aclCache.getFromCache(102L)).isNull();
assertThat(aclCache.getFromCache(Long.valueOf(102))).isNull();
}
/** SEC-1107 */
@Test
@Transactional
public void identityWithIntegerIdIsSupportedByCreateAcl() {
public void identityWithIntegerIdIsSupportedByCreateAcl() throws Exception {
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 101);
ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, Integer.valueOf(101));
jdbcMutableAclService.createAcl(oid);
assertThat(jdbcMutableAclService.readAclById(new ObjectIdentityImpl(
TARGET_CLASS, 101L))).isNotNull();
TARGET_CLASS, Long.valueOf(101)))).isNotNull();
}
/**
@@ -448,14 +448,14 @@ public class JdbcMutableAclServiceTests extends
*/
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentIsUpdated() {
public void childrenAreClearedFromCacheWhenParentIsUpdated() throws Exception {
Authentication auth = new TestingAuthenticationToken("ben", "ignored",
"ROLE_ADMINISTRATOR");
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 105L);
ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(104));
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(105));
MutableAcl parent = jdbcMutableAclService.createAcl(parentOid);
MutableAcl child = jdbcMutableAclService.createAcl(childOid);
@@ -486,16 +486,16 @@ public class JdbcMutableAclServiceTests extends
*/
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentisUpdated2() {
public void childrenAreClearedFromCacheWhenParentisUpdated2() throws Exception {
Authentication auth = new TestingAuthenticationToken("system", "secret",
"ROLE_IGNORED");
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS,
1L);
Long.valueOf(1));
MutableAcl parent = jdbcMutableAclService.createAcl(rootObject);
MutableAcl child = jdbcMutableAclService.createAcl(new ObjectIdentityImpl(
TARGET_CLASS, 2L));
TARGET_CLASS, Long.valueOf(2)));
child.setParent(parent);
jdbcMutableAclService.updateAcl(child);
@@ -507,7 +507,7 @@ public class JdbcMutableAclServiceTests extends
jdbcMutableAclService.updateAcl(parent);
child = (MutableAcl) jdbcMutableAclService.readAclById(new ObjectIdentityImpl(
TARGET_CLASS, 2L));
TARGET_CLASS, Long.valueOf(2)));
parent = (MutableAcl) child.getParentAcl();
@@ -528,7 +528,7 @@ public class JdbcMutableAclServiceTests extends
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS,
110L);
Long.valueOf(110));
MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
// Add an ACE permission entry
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -70,7 +70,7 @@ public class JdbcMutableAclServiceTestsWithAclClassId extends JdbcMutableAclServ
@Test
@Transactional
public void identityWithUuidIdIsSupportedByCreateAcl() {
public void identityWithUuidIdIsSupportedByCreateAcl() throws Exception {
SecurityContextHolder.getContext().setAuthentication(getAuth());
UUID id = UUID.randomUUID();
@@ -5,7 +5,7 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -65,16 +65,16 @@ public class SpringCacheBasedAclCacheTests {
}
@Test(expected = IllegalArgumentException.class)
public void constructorRejectsNullParameters() {
public void constructorRejectsNullParameters() throws Exception {
new SpringCacheBasedAclCache(null, null, null);
}
@SuppressWarnings("rawtypes")
@Test
public void cacheOperationsAclWithoutParent() {
public void cacheOperationsAclWithoutParent() throws Exception {
Cache cache = getCache();
Map realCache = (Map) cache.getNativeCache();
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100L);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(100));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
@@ -84,33 +84,33 @@ public class SpringCacheBasedAclCacheTests {
auditLogger);
SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache,
permissionGrantingStrategy, aclAuthorizationStrategy);
MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy,
MutableAcl acl = new AclImpl(identity, Long.valueOf(1), aclAuthorizationStrategy,
auditLogger);
assertThat(realCache).isEmpty();
myCache.putInCache(acl);
// Check we can get from cache the same objects we put in
assertThat(acl).isEqualTo(myCache.getFromCache(1L));
assertThat(acl).isEqualTo(myCache.getFromCache(Long.valueOf(1)));
assertThat(acl).isEqualTo(myCache.getFromCache(identity));
// Put another object in cache
ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, 101L);
MutableAcl acl2 = new AclImpl(identity2, 2L,
ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(101));
MutableAcl acl2 = new AclImpl(identity2, Long.valueOf(2),
aclAuthorizationStrategy, new ConsoleAuditLogger());
myCache.putInCache(acl2);
// Try to evict an entry that doesn't exist
myCache.evictFromCache(3L);
myCache.evictFromCache(new ObjectIdentityImpl(TARGET_CLASS, 102L));
myCache.evictFromCache(Long.valueOf(3));
myCache.evictFromCache(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(102)));
assertThat(realCache).hasSize(4);
myCache.evictFromCache(1L);
myCache.evictFromCache(Long.valueOf(1));
assertThat(realCache).hasSize(2);
// Check the second object inserted
assertThat(acl2).isEqualTo(myCache.getFromCache(2L));
assertThat(acl2).isEqualTo(myCache.getFromCache(Long.valueOf(2)));
assertThat(acl2).isEqualTo(myCache.getFromCache(identity2));
myCache.evictFromCache(identity2);
@@ -128,9 +128,9 @@ public class SpringCacheBasedAclCacheTests {
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 1L);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(1));
ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS,
2L);
Long.valueOf(2));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(
new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority(
"ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
@@ -141,9 +141,9 @@ public class SpringCacheBasedAclCacheTests {
SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache,
permissionGrantingStrategy, aclAuthorizationStrategy);
MutableAcl acl = new AclImpl(identity, 1L, aclAuthorizationStrategy,
MutableAcl acl = new AclImpl(identity, Long.valueOf(1), aclAuthorizationStrategy,
auditLogger);
MutableAcl parentAcl = new AclImpl(identityParent, 2L,
MutableAcl parentAcl = new AclImpl(identityParent, Long.valueOf(2),
aclAuthorizationStrategy, auditLogger);
acl.setParent(parentAcl);
@@ -153,7 +153,7 @@ public class SpringCacheBasedAclCacheTests {
assertThat(4).isEqualTo(realCache.size());
// Check we can get from cache the same objects we put in
AclImpl aclFromCache = (AclImpl) myCache.getFromCache(1L);
AclImpl aclFromCache = (AclImpl) myCache.getFromCache(Long.valueOf(1));
assertThat(aclFromCache).isEqualTo(acl);
// SEC-951 check transient fields are set on parent
assertThat(FieldUtils.getFieldValue(aclFromCache.getParentAcl(),
@@ -162,7 +162,7 @@ public class SpringCacheBasedAclCacheTests {
"permissionGrantingStrategy")).isNotNull();
assertThat(myCache.getFromCache(identity)).isEqualTo(acl);
assertThat(FieldUtils.getFieldValue(aclFromCache, "aclAuthorizationStrategy")).isNotNull();
AclImpl parentAclFromCache = (AclImpl) myCache.getFromCache(2L);
AclImpl parentAclFromCache = (AclImpl) myCache.getFromCache(Long.valueOf(2));
assertThat(parentAclFromCache).isEqualTo(parentAcl);
assertThat(FieldUtils.getFieldValue(parentAclFromCache,
"aclAuthorizationStrategy")).isNotNull();

Some files were not shown because too many files have changed in this diff Show More