fix acl issue

JasonHao123 · Jan 9, 2014 · f8825e2 · f8825e2
1 parent 2daca74
commit f8825e2
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 19 deletions.
diff --git a/src/main/java/org/springframework/security/samples/contacts/dao/impl/AclDaoJpa.java b/src/main/java/org/springframework/security/samples/contacts/dao/impl/AclDaoJpa.java
@@ -84,7 +84,7 @@ public AclClass createAclClass(AclClass clazz) {
     public void deleteEntries(AclObjectIdentity objectIdentity) {
         objectIdentity = entityManager.find(AclObjectIdentity.class, objectIdentity.getId());
         if(objectIdentity.getEntries()!=null) {
-            for(AccessControlEntry entry:objectIdentity.getEntries()) {
+            for(AclEntry entry:objectIdentity.getEntries()) {
                 entityManager.remove((AclEntry)entry);
             }
         }

diff --git a/src/main/java/org/springframework/security/samples/contacts/entity/AclObjectIdentity.java b/src/main/java/org/springframework/security/samples/contacts/entity/AclObjectIdentity.java
@@ -6,6 +6,7 @@
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
@@ -14,14 +15,7 @@
 import javax.persistence.OneToMany;
 import javax.persistence.Table;
 
-import org.springframework.security.acls.model.AccessControlEntry;
-import org.springframework.security.acls.model.Acl;
-import org.springframework.security.acls.model.MutableAcl;
-import org.springframework.security.acls.model.NotFoundException;
 import org.springframework.security.acls.model.ObjectIdentity;
-import org.springframework.security.acls.model.Permission;
-import org.springframework.security.acls.model.Sid;
-import org.springframework.security.acls.model.UnloadedSidException;
 
 @Entity
 @Table(name="ACL_OBJECT_IDENTITY")
@@ -48,7 +42,7 @@ public class AclObjectIdentity implements ObjectIdentity{
     @Column(name="ENTRIES_INHERITING")
     private Boolean entriesInheriting;
 
-    @OneToMany(mappedBy="aclObjectIdentity")
+    @OneToMany(mappedBy="aclObjectIdentity",fetch=FetchType.EAGER)
     private List<AclEntry> aclEntries;
 
     public List<AclEntry> getAclEntries() {
@@ -59,9 +53,9 @@ public void setAclEntries(List<AclEntry> aclEntries) {
         this.aclEntries = aclEntries;
     }
 
-    public List<AccessControlEntry> getEntries() {
+    public List<AclEntry> getEntries() {
         if(aclEntries!=null) {
-            return Arrays.asList(aclEntries.toArray(new AccessControlEntry[0]));
+            return aclEntries;
         }
         return null;
     }

diff --git a/src/main/java/org/springframework/security/samples/contacts/service/ContactManager.java b/src/main/java/org/springframework/security/samples/contacts/service/ContactManager.java
@@ -49,9 +49,9 @@ public interface ContactManager {
     @PreAuthorize("hasRole('ROLE_USER')")
     public List<String> getAllRecipients();
 
-//    @PreAuthorize(
-//            "hasPermission(#id, 'org.springframework.security.samples.contacts.entity.Contact', read) or " +
-//            "hasPermission(#id, 'org.springframework.security.samples.contacts.entity.Contact', admin)")
+    @PreAuthorize(
+            "hasPermission(#id, 'org.springframework.security.samples.contacts.entity.Contact', read) or " +
+            "hasPermission(#id, 'org.springframework.security.samples.contacts.entity.Contact', admin)")
     public Contact getById(Long id);
 
     public Contact getRandomContact();

diff --git a/...ava/org/springframework/security/samples/contacts/service/impl/ContactManagerService.java b/...ava/org/springframework/security/samples/contacts/service/impl/ContactManagerService.java
@@ -3,6 +3,7 @@
 import java.util.List;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PostFilter;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.acls.domain.AclImpl;
 import org.springframework.security.acls.domain.BasePermission;
@@ -31,14 +32,33 @@ public class ContactManagerService implements ContactManager {
     @Override
     @PreAuthorize("hasPermission(#contact, admin)")
     public void addPermission(Contact contact, Sid recipient, Permission permission) {
-        // TODO Auto-generated method stub
+        AclImpl acl = (AclImpl) mutableAclService.readAclById(new ObjectIdentityImpl(Contact.class,
+                                                                                     contact.getId()));
+        acl.insertAce(acl.getEntries().size(), permission, recipient, true);
 
+        mutableAclService.updateAcl(acl);
+
     }
 
     @Override
     @PreAuthorize("hasPermission(#contact, admin)")
     public void deletePermission(Contact contact, Sid recipient, Permission permission) {
-        // TODO Auto-generated method stub
+        AclImpl acl = (AclImpl) mutableAclService.readAclById(new ObjectIdentityImpl(Contact.class,
+                                                                                     contact.getId()));
+        int index = -1;
+        for(int i=0;i<acl.getEntries().size();i++) {
+            if(acl.getEntries().get(i).getSid().equals(recipient)) {
+                index = i;
+                break;
+            }
+        }
+        if(index>0) {
+            acl.deleteAce(index);
+
+            mutableAclService.updateAcl(acl);
+        }
+
+
 
     }
 
@@ -71,7 +91,7 @@ public void delete(Contact contact) {
 
     @Override
     @PreAuthorize("hasRole('ROLE_USER')")
-//    @PostFilter("hasPermission(filterObject, 'read') or hasPermission(filterObject, admin)")
+    @PostFilter("hasPermission(filterObject, read) or hasPermission(filterObject, admin)")
     public List<Contact> getAll() {
 
         return contactDao.findAll();
@@ -84,7 +104,7 @@ public List<String> getAllRecipients() {
     }
 
     @Override
-//    @PreAuthorize("hasPermission(#id, 'org.springframework.security.samples.contacts.entity.Contact', read) or hasPermission(#id, 'org.springframework.security.samples.contacts.entity.Contact', admin)")
+    @PreAuthorize("hasPermission(#id, 'org.springframework.security.samples.contacts.entity.Contact', read) or hasPermission(#id, 'org.springframework.security.samples.contacts.entity.Contact', admin)")
     public Contact getById(Long id) {
         // TODO Auto-generated method stub
         return contactDao.getById(id);

diff --git a/...java/org/springframework/security/samples/contacts/service/impl/JpaMutableAclService.java b/...java/org/springframework/security/samples/contacts/service/impl/JpaMutableAclService.java
@@ -303,7 +303,14 @@ protected void createEntries(final MutableAcl acl) {
             aclEntry.setAclObjectIdentity(aclDao.getObjectIdentity(objIdentity.getType(), objIdentity.getIdentifier()));
             aclEntry.setAceOrder(i);
             PrincipalSid sid = (PrincipalSid) entry.getSid();
-            aclEntry.setSid(aclDao.findAclSid(sid.getPrincipal()));
+            AclSid aclSid = aclDao.findAclSid(sid.getPrincipal());
+            if(aclSid==null) {
+                aclSid = new AclSid();
+                aclSid.setSid(sid.getPrincipal());
+                aclSid.setPrincipal(true);
+                aclSid = aclDao.createAclSid(aclSid);
+            }
+            aclEntry.setSid(aclSid);
             aclEntry.setMask(entry.getPermission().getMask());
             aclEntry.setGranting(entry.isGranting());
             aclEntry.setAuditSuccess(entry.isAuditSuccess());