├── .gitignore ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── .travis.yml ├── LICENSE ├── README.md ├── core ├── pom.xml └── src │ ├── main │ └── java │ │ └── com │ │ └── github │ │ └── lothar │ │ └── security │ │ └── acl │ │ ├── Acl.java │ │ ├── AclFeature.java │ │ ├── AclStrategy.java │ │ ├── AclStrategyProvider.java │ │ ├── AclStrategyProviderImpl.java │ │ ├── SimpleAclStrategy.java │ │ ├── activation │ │ ├── AclActivationUtils.java │ │ ├── AclSecurityActivator.java │ │ ├── AclStatus.java │ │ ├── test │ │ │ └── AclTestExecutionListener.java │ │ └── web │ │ │ └── AclActivatorFilter.java │ │ ├── compound │ │ ├── AbstractCompound.java │ │ ├── AclComposer.java │ │ ├── AclComposersRegistry.java │ │ ├── AclStrategyComposer.java │ │ ├── AclStrategyComposerProvider.java │ │ └── Operator.java │ │ ├── config │ │ ├── AclConfiguration.java │ │ └── AclProperties.java │ │ └── named │ │ └── NamedBean.java │ └── test │ ├── java │ └── com │ │ └── github │ │ └── lothar │ │ └── security │ │ └── acl │ │ ├── AclStrategyProviderImplTest.java │ │ ├── AclTestConfiguration.java │ │ ├── StringTesterComposer.java │ │ ├── StringTesterFeature.java │ │ ├── activation │ │ ├── test │ │ │ ├── AclTestExecutionListenerTest.java │ │ │ └── WithoutAclTestExecutionListenerTest.java │ │ └── web │ │ │ └── AclActivatorFilterTest.java │ │ ├── compound │ │ └── AclStrategyComposerTest.java │ │ ├── config │ │ ├── AclConfigurationTest.java │ │ ├── DefaultStrategyOverrideTest.java │ │ └── DenyAllDefaultConfiguration.java │ │ └── domain │ │ ├── AllowedToAllObject.java │ │ ├── DeniedToAllObject.java │ │ ├── NoAclObject.java │ │ ├── NoStrategyObject.java │ │ └── UnknownStrategyObject.java │ └── resources │ └── application.yml ├── elasticsearch ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── github │ │ │ └── lothar │ │ │ └── security │ │ │ └── acl │ │ │ └── elasticsearch │ │ │ ├── AclFilterProvider.java │ │ │ ├── ElasticSearchFeature.java │ │ │ ├── compound │ │ │ └── FilterBuilderComposer.java │ │ │ ├── config │ │ │ └── ElasticSearchAclConfiguration.java │ │ │ └── repository │ │ │ ├── AclElasticsearchRepository.java │ │ │ └── AclElasticsearchRepositoryFactoryBean.java │ └── resources │ │ └── META-INF │ │ └── spring.factories │ └── test │ ├── java │ └── com │ │ └── github │ │ └── lothar │ │ └── security │ │ └── acl │ │ └── elasticsearch │ │ ├── ElasticSearchTestConfiguration.java │ │ ├── config │ │ └── ElasticSearchAclConfigurationTest.java │ │ ├── domain │ │ ├── AllowedToAllObject.java │ │ ├── Customer.java │ │ ├── DeniedToAllObject.java │ │ ├── NoAclObject.java │ │ ├── NoStrategyObject.java │ │ ├── UnknownStrategyObject.java │ │ └── WithoutHandlerObject.java │ │ └── repository │ │ ├── AclElasticsearchRepositoryFactoryBeanTest.java │ │ ├── AllowedToAllRepository.java │ │ ├── CustomerRepository.java │ │ ├── CustomerRepositoryTest.java │ │ ├── DeniedToAllRepository.java │ │ ├── NoAclRepository.java │ │ ├── NoStrategyRepository.java │ │ ├── UnknownStrategyRepository.java │ │ └── WithoutHandlerRepository.java │ └── resources │ └── application.yml ├── grant ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── github │ │ │ └── lothar │ │ │ └── security │ │ │ └── acl │ │ │ └── grant │ │ │ ├── AclPermissionEvaluator.java │ │ │ ├── GrantEvaluator.java │ │ │ ├── GrantEvaluatorFeature.java │ │ │ ├── TypedGrantEvaluator.java │ │ │ ├── compound │ │ │ └── GrantEvaluatorComposer.java │ │ │ ├── config │ │ │ └── GrantEvaluatorAclConfiguration.java │ │ │ └── evaluators │ │ │ ├── AllowAllGrantEvaluator.java │ │ │ └── DenyAllGrantEvaluator.java │ └── resources │ │ └── META-INF │ │ └── spring.factories │ └── test │ ├── java │ └── com │ │ └── github │ │ └── lothar │ │ └── security │ │ └── acl │ │ └── grant │ │ ├── GrantEvaluatorTest.java │ │ ├── GrantEvaluatorTestConfiguration.java │ │ ├── compound │ │ └── GrantEvaluatorComposerTest.java │ │ ├── config │ │ └── GrantEvaluatorAclConfigurationTest.java │ │ └── domain │ │ ├── AllowedToAllObject.java │ │ ├── DeniedToAllObject.java │ │ ├── NoAclObject.java │ │ ├── NoStrategyObject.java │ │ ├── UnknownStrategyObject.java │ │ └── WithoutHandlerObject.java │ └── resources │ └── application.yml ├── jpa ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── github │ │ │ └── lothar │ │ │ └── security │ │ │ └── acl │ │ │ └── jpa │ │ │ ├── JpaSpecFeature.java │ │ │ ├── JpaSpecProvider.java │ │ │ ├── annotation │ │ │ └── NoAcl.java │ │ │ ├── compound │ │ │ └── JpaSpecComposer.java │ │ │ ├── config │ │ │ └── JpaSpecAclConfiguration.java │ │ │ ├── query │ │ │ ├── AclJpaQuery.java │ │ │ └── AclPredicateTargetSource.java │ │ │ ├── repository │ │ │ ├── AclJpaRepository.java │ │ │ └── AclJpaRepositoryFactoryBean.java │ │ │ └── spec │ │ │ ├── AclJpaSpecifications.java │ │ │ ├── AllowAllSpecification.java │ │ │ ├── BiFunctionSpecification.java │ │ │ └── DenyAllSpecification.java │ └── resources │ │ └── META-INF │ │ └── spring.factories │ └── test │ ├── java │ └── com │ │ └── github │ │ └── lothar │ │ └── security │ │ └── acl │ │ └── jpa │ │ ├── JpaSpecProviderTest.java │ │ ├── JpaSpecTestConfiguration.java │ │ ├── config │ │ └── JpaSpecAclConfigurationTest.java │ │ ├── domain │ │ ├── AllowedToAllObject.java │ │ ├── Customer.java │ │ ├── DeniedToAllObject.java │ │ ├── NoAclObject.java │ │ ├── NoStrategyObject.java │ │ ├── UnknownStrategyObject.java │ │ └── WithoutHandlerObject.java │ │ ├── multithread │ │ ├── CurrentUserLastNameSpec.java │ │ ├── MultithreadCustomerRepositoryTest.java │ │ ├── MultithreadTestConfiguration.java │ │ ├── Session.java │ │ └── TestDataPreparer.java │ │ ├── repository │ │ ├── AclJpaRepositoryFactoryBeanTest.java │ │ ├── AllowedToAllRepository.java │ │ ├── CustomerRepository.java │ │ ├── CustomerRepositoryTest.java │ │ ├── DeniedToAllRepository.java │ │ ├── NoAclRepository.java │ │ ├── NoStrategyRepository.java │ │ ├── UnknownStrategyRepository.java │ │ └── WithoutHandlerRepository.java │ │ └── spec │ │ └── CustomerSpecification.java │ └── resources │ └── application.yml ├── mvnw ├── mvnw.cmd ├── pom.xml └── sample ├── pom.xml └── src ├── main ├── java │ └── com │ │ └── github │ │ └── lothar │ │ └── security │ │ └── acl │ │ └── sample │ │ ├── SampleApplication.java │ │ ├── domain │ │ └── Customer.java │ │ ├── elasticsearch │ │ └── CustomerSearchRepository.java │ │ ├── grant │ │ ├── AbstractGrantEvaluator.java │ │ ├── CustomerGrantEvaluator.java │ │ ├── CustomerService.java │ │ └── Permission.java │ │ └── jpa │ │ └── CustomerRepository.java └── resources │ └── application.yml └── test └── java └── com └── github └── lothar └── security └── acl └── sample ├── SampleApplicationTests.java ├── elasticsearch └── CustomerSearchRepositoryTest.java ├── grant └── CustomerServiceTest.java └── jpa └── CustomerRepositoryTest.java /.gitignore: -------------------------------------------------------------------------------- 1 | *.class 2 | 3 | # Mobile Tools for Java (J2ME) 4 | .mtj.tmp/ 5 | 6 | # Package Files # 7 | *.war 8 | *.ear 9 | 10 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 11 | hs_err_pid* 12 | target/ 13 | 14 | # eclipse stuff 15 | .settings/ 16 | .project 17 | .classpath -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lordlothar99/strategy-spring-security-acl/d5f70d73f01031492a5017b085f63391fdcddeb7/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.9/apache-maven-3.3.9-bin.zip -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: java 3 | jdk: 4 | - oraclejdk8 5 | 6 | script: mvn verify 7 | 8 | after_success: mvn coveralls:report -Dcoveralls.repoToken=$COVERALLS_REPO_TOKEN 9 | 10 | sudo: false 11 | 12 | notifications: 13 | slack: 14 | on_success: never -------------------------------------------------------------------------------- /core/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0.0 4 | 5 | strategy-spring-security-acl-core 6 | 7 | 8 | com.github.lothar.security.acl 9 | strategy-spring-security-acl-parent 10 | 1.6.0-SNAPSHOT 11 | 12 | 13 | 14 | 15 | org.springframework 16 | spring-context-support 17 | 18 | 19 | org.springframework.boot 20 | spring-boot-autoconfigure 21 | 22 | 23 | org.slf4j 24 | slf4j-api 25 | 26 | 27 | org.springframework 28 | spring-test 29 | true 30 | 31 | 32 | org.springframework 33 | spring-web 34 | true 35 | 36 | 37 | javax.servlet 38 | javax.servlet-api 39 | provided 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/Acl.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl; 17 | 18 | import java.lang.annotation.Documented; 19 | import java.lang.annotation.ElementType; 20 | import java.lang.annotation.Inherited; 21 | import java.lang.annotation.Retention; 22 | import java.lang.annotation.RetentionPolicy; 23 | import java.lang.annotation.Target; 24 | 25 | @Target(ElementType.TYPE) 26 | @Retention(RetentionPolicy.RUNTIME) 27 | @Inherited 28 | @Documented 29 | public @interface Acl { 30 | 31 | /** 32 | * {@link AclStrategy} bean name 33 | */ 34 | String value() default "defaultAclStrategy"; 35 | 36 | } 37 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/AclFeature.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl; 17 | 18 | public interface AclFeature { 19 | } 20 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/AclStrategy.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl; 15 | 16 | @FunctionalInterface 17 | public interface AclStrategy { 18 | 19 | Handler handlerFor(AclFeature feature); 20 | } 21 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/AclStrategyProvider.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl; 15 | 16 | public interface AclStrategyProvider { 17 | 18 | AclStrategy strategyFor(Class entityClass); 19 | 20 | void setDefaultStrategy(AclStrategy strategy); 21 | } 22 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/SimpleAclStrategy.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl; 17 | 18 | import static org.springframework.util.Assert.notNull; 19 | 20 | import java.util.HashMap; 21 | import java.util.Map; 22 | import java.util.Objects; 23 | 24 | import org.slf4j.Logger; 25 | import org.slf4j.LoggerFactory; 26 | import com.github.lothar.security.acl.named.NamedBean; 27 | 28 | @SuppressWarnings("unchecked") 29 | public class SimpleAclStrategy extends NamedBean implements AclStrategy { 30 | 31 | private Logger logger = LoggerFactory.getLogger(getClass()); 32 | private Map, Object> handlersByFeature = new HashMap<>(); 33 | 34 | public void install(AclFeature feature, Handler handler) { 35 | notNull(feature, "Feature can't be null"); 36 | notNull(handler, "Can't register a null handler ; please use unregister(" 37 | + AclFeature.class.getSimpleName() + ")"); 38 | handlersByFeature.put(feature, handler); 39 | if (logger.isDebugEnabled()) { 40 | logger.debug("Installed {} handler in {} : {}", feature, name(), handler); 41 | } 42 | } 43 | 44 | public Handler uninstall(AclFeature feature) { 45 | Handler filter = (Handler) handlersByFeature.remove(feature); 46 | if (logger.isDebugEnabled()) { 47 | logger.debug("Uninstalled {} handler from {}", feature, name()); 48 | } 49 | return filter; 50 | } 51 | 52 | public Handler handlerFor(AclFeature feature) { 53 | return (Handler) handlersByFeature.get(feature); 54 | } 55 | 56 | public boolean hasHandler(AclFeature feature) { 57 | return handlersByFeature.containsKey(feature); 58 | } 59 | 60 | @Override 61 | public String toString() { 62 | return name() + ":" + Objects.toString(handlersByFeature); 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/activation/AclActivationUtils.java: -------------------------------------------------------------------------------- 1 | package com.github.lothar.security.acl.activation; 2 | 3 | import static com.github.lothar.security.acl.activation.AclStatus.DISABLED; 4 | import static com.github.lothar.security.acl.activation.AclStatus.ENABLED; 5 | 6 | import java.util.concurrent.Callable; 7 | 8 | public class AclActivationUtils { 9 | 10 | private AclSecurityActivator aclSecurityActivator; 11 | 12 | public AclActivationUtils(AclSecurityActivator aclSecurityActivator) { 13 | this.aclSecurityActivator = aclSecurityActivator; 14 | } 15 | 16 | public T doWithoutAcl(Callable callable) throws Exception { 17 | AclStatus previousStatus = setStatus(DISABLED); 18 | try { 19 | return callable.call(); 20 | } finally { 21 | aclSecurityActivator.setStatus(previousStatus); 22 | } 23 | } 24 | 25 | public void doWithoutAcl(Runnable runnable) { 26 | AclStatus previousStatus = setStatus(DISABLED); 27 | try { 28 | runnable.run(); 29 | } finally { 30 | aclSecurityActivator.setStatus(previousStatus); 31 | } 32 | } 33 | 34 | public T doWithAcl(Callable callable) throws Exception { 35 | AclStatus previousStatus = setStatus(ENABLED); 36 | try { 37 | return callable.call(); 38 | } finally { 39 | aclSecurityActivator.setStatus(previousStatus); 40 | } 41 | } 42 | 43 | public void doWithAcl(Runnable runnable) { 44 | AclStatus previousStatus = setStatus(ENABLED); 45 | try { 46 | runnable.run(); 47 | } finally { 48 | aclSecurityActivator.setStatus(previousStatus); 49 | } 50 | } 51 | 52 | private AclStatus setStatus(AclStatus status) { 53 | AclStatus previousStatus = aclSecurityActivator.getStatus(); 54 | if (!status.equals(previousStatus)) { 55 | aclSecurityActivator.setStatus(status); 56 | } 57 | return previousStatus; 58 | } 59 | 60 | } 61 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/activation/AclSecurityActivator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.activation; 15 | 16 | import static com.github.lothar.security.acl.activation.AclStatus.DISABLED; 17 | import static com.github.lothar.security.acl.activation.AclStatus.ENABLED; 18 | 19 | import org.slf4j.Logger; 20 | import org.slf4j.LoggerFactory; 21 | 22 | public class AclSecurityActivator { 23 | 24 | private Logger logger = LoggerFactory.getLogger(getClass()); 25 | private AclStatus status; 26 | 27 | public AclSecurityActivator() { 28 | this(true); 29 | } 30 | 31 | public AclSecurityActivator(boolean enabled) { 32 | super(); 33 | this.status = enabled ? ENABLED : DISABLED; 34 | } 35 | 36 | public AclSecurityActivator(AclStatus status) { 37 | super(); 38 | this.status = status; 39 | } 40 | 41 | public void enable() { 42 | setStatus(ENABLED); 43 | } 44 | 45 | public void disable() { 46 | setStatus(DISABLED); 47 | } 48 | 49 | public void setStatus(AclStatus status) { 50 | this.status = status; 51 | logger.debug("ACL {}", status); 52 | } 53 | 54 | public AclStatus getStatus() { 55 | return status; 56 | } 57 | 58 | public boolean isDisabled() { 59 | return DISABLED.equals(status); 60 | } 61 | 62 | public boolean isEnabled() { 63 | return ENABLED.equals(status); 64 | } 65 | 66 | } 67 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/activation/AclStatus.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.activation; 17 | 18 | public enum AclStatus { 19 | 20 | ENABLED(true), DISABLED(false); 21 | private boolean value; 22 | 23 | private AclStatus(boolean value) { 24 | this.value = value; 25 | } 26 | 27 | boolean value() { 28 | return value; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/activation/test/AclTestExecutionListener.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.activation.test; 15 | 16 | import static com.github.lothar.security.acl.activation.AclStatus.DISABLED; 17 | 18 | import org.springframework.context.ApplicationContext; 19 | import org.springframework.test.context.TestContext; 20 | import org.springframework.test.context.support.AbstractTestExecutionListener; 21 | import org.springframework.util.Assert; 22 | 23 | import com.github.lothar.security.acl.activation.AclSecurityActivator; 24 | import com.github.lothar.security.acl.activation.AclStatus; 25 | 26 | public class AclTestExecutionListener extends AbstractTestExecutionListener { 27 | 28 | private AclStatus statusDuringTest; 29 | private AclStatus initialStatus; 30 | 31 | public AclTestExecutionListener() { 32 | this(DISABLED); 33 | } 34 | 35 | public AclTestExecutionListener(AclStatus statusDuringTest) { 36 | super(); 37 | Assert.notNull(statusDuringTest, "Status should not be null"); 38 | this.statusDuringTest = statusDuringTest; 39 | } 40 | 41 | @Override 42 | public void beforeTestMethod(TestContext testContext) { 43 | AclSecurityActivator aclSecurityActivator = aclSecurityActivator(testContext); 44 | initialStatus = aclSecurityActivator.getStatus(); 45 | aclSecurityActivator.setStatus(statusDuringTest); 46 | } 47 | 48 | @Override 49 | public void afterTestMethod(TestContext testContext) { 50 | AclSecurityActivator aclSecurityActivator = aclSecurityActivator(testContext); 51 | aclSecurityActivator.setStatus(initialStatus); 52 | } 53 | 54 | private AclSecurityActivator aclSecurityActivator(TestContext testContext) { 55 | ApplicationContext context = testContext.getApplicationContext(); 56 | AclSecurityActivator aclSecurityActivator = context.getBean(AclSecurityActivator.class); 57 | return aclSecurityActivator; 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/activation/web/AclActivatorFilter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.activation.web; 15 | 16 | import static com.github.lothar.security.acl.activation.AclStatus.ENABLED; 17 | 18 | import java.io.IOException; 19 | 20 | import javax.servlet.Filter; 21 | import javax.servlet.FilterChain; 22 | import javax.servlet.FilterConfig; 23 | import javax.servlet.ServletException; 24 | import javax.servlet.ServletRequest; 25 | import javax.servlet.ServletResponse; 26 | 27 | import com.github.lothar.security.acl.activation.AclSecurityActivator; 28 | import com.github.lothar.security.acl.activation.AclStatus; 29 | 30 | public class AclActivatorFilter implements Filter { 31 | 32 | private AclStatus statusDuringTest; 33 | private AclSecurityActivator aclSecurityActivator; 34 | 35 | public AclActivatorFilter(AclSecurityActivator aclSecurityActivator) { 36 | this(ENABLED, aclSecurityActivator); 37 | } 38 | 39 | public AclActivatorFilter(AclStatus statusDuringTest, AclSecurityActivator aclSecurityActivator) { 40 | super(); 41 | this.statusDuringTest = statusDuringTest; 42 | this.aclSecurityActivator = aclSecurityActivator; 43 | } 44 | 45 | @Override 46 | public void init(FilterConfig filterConfig) throws ServletException {} 47 | 48 | @Override 49 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 50 | throws IOException, ServletException { 51 | AclStatus status = aclSecurityActivator.getStatus(); 52 | aclSecurityActivator.setStatus(statusDuringTest); 53 | try { 54 | chain.doFilter(request, response); 55 | } finally { 56 | aclSecurityActivator.setStatus(status); 57 | } 58 | } 59 | 60 | @Override 61 | public void destroy() {} 62 | } 63 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/compound/AbstractCompound.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.compound; 17 | 18 | import static org.springframework.util.Assert.notNull; 19 | 20 | public abstract class AbstractCompound> { 21 | 22 | protected final T lhs; 23 | protected final T rhs; 24 | protected final O operator; 25 | 26 | public AbstractCompound(T lhs, T rhs, O operator) { 27 | super(); 28 | notNull(operator, "Operator must not be null"); 29 | this.lhs = lhs; 30 | this.rhs = rhs; 31 | this.operator = operator; 32 | } 33 | 34 | @Override 35 | public String toString() { 36 | return operator.toString(lhs, rhs); 37 | } 38 | 39 | } 40 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/compound/AclComposer.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.compound; 15 | 16 | public interface AclComposer { 17 | 18 | Handler and(Handler lhs, Handler rhs); 19 | 20 | Handler or(Handler lhs, Handler rhs); 21 | 22 | } 23 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/compound/AclComposersRegistry.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.compound; 17 | 18 | import static org.springframework.util.Assert.notNull; 19 | 20 | import java.util.HashMap; 21 | import java.util.Map; 22 | import java.util.Objects; 23 | 24 | import org.slf4j.Logger; 25 | import org.slf4j.LoggerFactory; 26 | 27 | import com.github.lothar.security.acl.AclFeature; 28 | 29 | @SuppressWarnings("unchecked") 30 | public class AclComposersRegistry implements AclStrategyComposerProvider { 31 | 32 | private Logger logger = LoggerFactory.getLogger(getClass()); 33 | private Map, AclComposer> composers = new HashMap<>(); 34 | 35 | public void register(AclFeature feature, AclComposer composer) { 36 | notNull(feature, "Feature can't be null"); 37 | composers.put(feature, composer); 38 | logger.debug("Registered {} composer: {}", feature, composer); 39 | } 40 | 41 | public AclComposer unregister(AclFeature feature) { 42 | return (AclComposer) composers.remove(feature); 43 | } 44 | 45 | @Override 46 | public AclComposer composerFor(AclFeature feature) { 47 | return (AclComposer) composers.get(feature); 48 | } 49 | 50 | @Override 51 | public String toString() { 52 | return Objects.toString(composers); 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/compound/AclStrategyComposer.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.compound; 15 | 16 | import static org.springframework.util.Assert.notNull; 17 | 18 | import com.github.lothar.security.acl.AclFeature; 19 | import com.github.lothar.security.acl.AclStrategy; 20 | 21 | public class AclStrategyComposer implements AclComposer { 22 | 23 | private AclStrategyComposerProvider composerProvider; 24 | 25 | public AclStrategyComposer(AclStrategyComposerProvider composerProvider) { 26 | super(); 27 | this.composerProvider = composerProvider; 28 | } 29 | 30 | public AclStrategy and(AclStrategy lhs, AclStrategy rhs) { 31 | return new CompoundAclStrategy(lhs, rhs, StrategyOperator.AND); 32 | } 33 | 34 | public AclStrategy or(AclStrategy lhs, AclStrategy rhs) { 35 | return new CompoundAclStrategy(lhs, rhs, StrategyOperator.OR); 36 | } 37 | 38 | private class CompoundAclStrategy extends AbstractCompound 39 | implements AclStrategy { 40 | 41 | private CompoundAclStrategy(AclStrategy lhs, AclStrategy rhs, StrategyOperator operator) { 42 | super(lhs, rhs, operator); 43 | } 44 | 45 | @Override 46 | public Handler handlerFor(AclFeature feature) { 47 | AclComposer composer = composerProvider.composerFor(feature); 48 | notNull(composer, "No composer found for " + feature); 49 | return operator.apply(composer, lhs.handlerFor(feature), rhs.handlerFor(feature)); 50 | } 51 | } 52 | 53 | private static enum StrategyOperator implements Operator { 54 | 55 | AND { 56 | @Override 57 | Handler apply(AclComposer composer, Handler lhs, Handler rhs) { 58 | return composer.and(lhs, rhs); 59 | } 60 | }, 61 | 62 | OR { 63 | @Override 64 | Handler apply(AclComposer composer, Handler lhs, Handler rhs) { 65 | return composer.or(lhs, rhs); 66 | } 67 | }; 68 | 69 | abstract Handler apply(AclComposer composer, Handler lhs, Handler rhs); 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/compound/AclStrategyComposerProvider.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.compound; 15 | 16 | import com.github.lothar.security.acl.AclFeature; 17 | 18 | @FunctionalInterface 19 | public interface AclStrategyComposerProvider { 20 | 21 | AclComposer composerFor(AclFeature feature); 22 | 23 | } 24 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/compound/Operator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.compound; 17 | 18 | public interface Operator { 19 | 20 | default String toString(T lhs, T rhs) { 21 | return "(" + lhs + " " + toString() + " " + rhs + ")"; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/config/AclProperties.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.config; 15 | 16 | import org.springframework.boot.context.properties.ConfigurationProperties; 17 | 18 | @ConfigurationProperties("strategy-security-acl") 19 | public class AclProperties { 20 | 21 | private String overrideStrategy; 22 | private boolean disabled; 23 | 24 | public String getOverrideStrategy() { 25 | return overrideStrategy; 26 | } 27 | 28 | public void setOverrideStrategy(String overrideStrategy) { 29 | this.overrideStrategy = overrideStrategy; 30 | } 31 | 32 | public boolean isDisabled() { 33 | return disabled; 34 | } 35 | 36 | public void setDisabled(boolean disabled) { 37 | this.disabled = disabled; 38 | } 39 | 40 | } 41 | -------------------------------------------------------------------------------- /core/src/main/java/com/github/lothar/security/acl/named/NamedBean.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.named; 17 | 18 | import java.util.Objects; 19 | 20 | import org.springframework.beans.factory.BeanNameAware; 21 | 22 | public class NamedBean implements BeanNameAware, org.springframework.beans.factory.NamedBean { 23 | 24 | private String name; 25 | 26 | @Override 27 | public void setBeanName(String name) { 28 | this.name = name; 29 | } 30 | 31 | @Override 32 | public String getBeanName() { 33 | return name; 34 | } 35 | 36 | public String name() { 37 | return Objects.toString(name, getClass().getSimpleName()); 38 | } 39 | 40 | @Override 41 | public String toString() { 42 | return name(); 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/AclTestConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl; 17 | 18 | import org.springframework.boot.autoconfigure.SpringBootApplication; 19 | import org.springframework.context.annotation.Bean; 20 | import com.github.lothar.security.acl.compound.AclComposersRegistry; 21 | 22 | @SpringBootApplication 23 | public class AclTestConfiguration { 24 | 25 | private StringTesterFeature stringTesterFeature = new StringTesterFeature(); 26 | 27 | @Bean 28 | public StringTesterFeature stringTesterFeature() { 29 | return stringTesterFeature; 30 | } 31 | 32 | @Bean 33 | public StringTesterComposer stringTesterComposer(AclComposersRegistry composersRegistry) { 34 | StringTesterComposer stringTesterComposer = new StringTesterComposer(); 35 | composersRegistry.register(stringTesterFeature, stringTesterComposer); 36 | return stringTesterComposer; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/StringTesterComposer.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl; 17 | 18 | import java.util.function.Function; 19 | 20 | import com.github.lothar.security.acl.compound.AclComposer; 21 | 22 | public class StringTesterComposer implements AclComposer> { 23 | 24 | public Function and(Function lhs, 25 | Function rhs) { 26 | return (s) -> lhs.apply(s) && rhs.apply(s); 27 | } 28 | 29 | @Override 30 | public Function or(Function lhs, 31 | Function rhs) { 32 | return (s) -> lhs.apply(s) || rhs.apply(s); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/StringTesterFeature.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl; 15 | 16 | import java.util.function.Function; 17 | 18 | import com.github.lothar.security.acl.named.NamedBean; 19 | 20 | public class StringTesterFeature extends NamedBean 21 | implements AclFeature> { 22 | } 23 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/activation/test/AclTestExecutionListenerTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.activation.test; 17 | 18 | import static org.assertj.core.api.Assertions.assertThat; 19 | 20 | import javax.annotation.Resource; 21 | 22 | import org.junit.Test; 23 | import org.junit.runner.RunWith; 24 | import org.springframework.boot.test.context.SpringBootTest; 25 | import org.springframework.test.context.TestExecutionListeners; 26 | import org.springframework.test.context.junit4.SpringRunner; 27 | import org.springframework.test.context.support.DependencyInjectionTestExecutionListener; 28 | 29 | import com.github.lothar.security.acl.activation.AclSecurityActivator; 30 | import com.github.lothar.security.acl.config.AclConfiguration; 31 | 32 | @RunWith(SpringRunner.class) 33 | @SpringBootTest(classes = AclConfiguration.class) 34 | @TestExecutionListeners({AclTestExecutionListener.class, 35 | DependencyInjectionTestExecutionListener.class}) 36 | public class AclTestExecutionListenerTest { 37 | 38 | @Resource 39 | private AclSecurityActivator aclSecurityActivator; 40 | 41 | @Test 42 | public void should_acl_security_be_disabled_when_listener_is_installed() { 43 | assertThat(aclSecurityActivator.isEnabled()).isFalse(); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/activation/test/WithoutAclTestExecutionListenerTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.activation.test; 17 | 18 | import static org.assertj.core.api.Assertions.assertThat; 19 | 20 | import javax.annotation.Resource; 21 | 22 | import org.junit.Test; 23 | import org.junit.runner.RunWith; 24 | import org.springframework.boot.test.context.SpringBootTest; 25 | import org.springframework.test.context.junit4.SpringRunner; 26 | 27 | import com.github.lothar.security.acl.activation.AclSecurityActivator; 28 | import com.github.lothar.security.acl.config.AclConfiguration; 29 | 30 | @RunWith(SpringRunner.class) 31 | @SpringBootTest(classes = AclConfiguration.class) 32 | public class WithoutAclTestExecutionListenerTest { 33 | 34 | @Resource 35 | private AclSecurityActivator aclSecurityActivator; 36 | 37 | @Test 38 | public void should_acl_security_be_enabled_when_listener_is_not_installed() { 39 | assertThat(aclSecurityActivator.isEnabled()).isTrue(); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/activation/web/AclActivatorFilterTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.activation.web; 17 | 18 | import static org.assertj.core.api.Assertions.assertThat; 19 | 20 | import java.io.IOException; 21 | 22 | import javax.annotation.Resource; 23 | import javax.servlet.FilterChain; 24 | import javax.servlet.ServletException; 25 | import javax.servlet.ServletRequest; 26 | import javax.servlet.ServletResponse; 27 | 28 | import org.junit.Test; 29 | import org.junit.runner.RunWith; 30 | import org.springframework.boot.test.context.SpringBootTest; 31 | import org.springframework.test.context.TestExecutionListeners; 32 | import org.springframework.test.context.junit4.SpringRunner; 33 | import org.springframework.test.context.support.DependencyInjectionTestExecutionListener; 34 | 35 | import com.github.lothar.security.acl.activation.AclSecurityActivator; 36 | import com.github.lothar.security.acl.activation.test.AclTestExecutionListener; 37 | import com.github.lothar.security.acl.config.AclConfiguration; 38 | 39 | @RunWith(SpringRunner.class) 40 | @SpringBootTest(classes = AclConfiguration.class) 41 | @TestExecutionListeners({AclTestExecutionListener.class, 42 | DependencyInjectionTestExecutionListener.class}) 43 | public class AclActivatorFilterTest { 44 | 45 | @Resource 46 | private AclSecurityActivator aclSecurityActivator; 47 | 48 | @Test 49 | public void should_acl_security_be_enabled_when_filter_is_activated() 50 | throws IOException, ServletException { 51 | AclActivatorFilter filter = new AclActivatorFilter(aclSecurityActivator); 52 | FilterChain chainAssert = new FilterChain() { 53 | @Override 54 | public void doFilter(ServletRequest request, ServletResponse response) 55 | throws IOException, ServletException { 56 | assertThat(aclSecurityActivator.isEnabled()).isTrue(); 57 | } 58 | }; 59 | 60 | assertThat(aclSecurityActivator.isEnabled()).isFalse(); 61 | filter.doFilter(null, null, chainAssert); 62 | assertThat(aclSecurityActivator.isEnabled()).isFalse(); 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/compound/AclStrategyComposerTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.compound; 15 | 16 | import static org.assertj.core.api.Assertions.assertThat; 17 | 18 | import java.util.function.Function; 19 | 20 | import javax.annotation.Resource; 21 | 22 | import org.junit.Before; 23 | import org.junit.Test; 24 | import org.junit.runner.RunWith; 25 | import org.springframework.boot.test.context.SpringBootTest; 26 | import org.springframework.test.context.junit4.SpringRunner; 27 | 28 | import com.github.lothar.security.acl.AclStrategy; 29 | import com.github.lothar.security.acl.AclTestConfiguration; 30 | import com.github.lothar.security.acl.SimpleAclStrategy; 31 | import com.github.lothar.security.acl.StringTesterFeature; 32 | 33 | @RunWith(SpringRunner.class) 34 | @SpringBootTest(classes = AclTestConfiguration.class) 35 | public class AclStrategyComposerTest { 36 | 37 | @Resource 38 | private AclStrategyComposer aclStrategyComposer; 39 | @Resource 40 | private StringTesterFeature stringTesterFeature; 41 | private SimpleAclStrategy containsA; 42 | private SimpleAclStrategy containsB; 43 | 44 | @Before 45 | public void init() { 46 | containsA = new SimpleAclStrategy(); 47 | containsA.install(stringTesterFeature, s -> s.contains("A")); 48 | containsB = new SimpleAclStrategy(); 49 | containsB.install(stringTesterFeature, s -> s.contains("B")); 50 | } 51 | 52 | @Test 53 | public void test_and_strategy() { 54 | AclStrategy aAndB = aclStrategyComposer.and(containsA, containsB); 55 | Function stringTester = aAndB.handlerFor(stringTesterFeature); 56 | assertThat(stringTester.apply("A")).isFalse(); 57 | assertThat(stringTester.apply("B")).isFalse(); 58 | assertThat(stringTester.apply("C")).isFalse(); 59 | assertThat(stringTester.apply("AB")).isTrue(); 60 | assertThat(stringTester.apply("ABC")).isTrue(); 61 | assertThat(stringTester.apply("AC")).isFalse(); 62 | assertThat(stringTester.apply("BC")).isFalse(); 63 | } 64 | 65 | @Test 66 | public void test_or_strategy() { 67 | AclStrategy aOrB = aclStrategyComposer.or(containsA, containsB); 68 | Function stringTester = aOrB.handlerFor(stringTesterFeature); 69 | assertThat(stringTester.apply("A")).isTrue(); 70 | assertThat(stringTester.apply("B")).isTrue(); 71 | assertThat(stringTester.apply("C")).isFalse(); 72 | assertThat(stringTester.apply("AB")).isTrue(); 73 | assertThat(stringTester.apply("ABC")).isTrue(); 74 | assertThat(stringTester.apply("AC")).isTrue(); 75 | assertThat(stringTester.apply("BC")).isTrue(); 76 | } 77 | 78 | } 79 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/config/AclConfigurationTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.config; 15 | 16 | import static org.assertj.core.api.Assertions.assertThat; 17 | 18 | import javax.annotation.Resource; 19 | 20 | import org.junit.Test; 21 | import org.junit.runner.RunWith; 22 | import org.springframework.boot.test.context.SpringBootTest; 23 | import org.springframework.test.context.junit4.SpringRunner; 24 | 25 | import com.github.lothar.security.acl.AclStrategy; 26 | 27 | @RunWith(SpringRunner.class) 28 | @SpringBootTest(classes = AclConfiguration.class) 29 | public class AclConfigurationTest { 30 | 31 | @Resource 32 | private AclStrategy defaultAclStrategy; 33 | @Resource 34 | private AclStrategy allowAllStrategy; 35 | @Resource 36 | private AclStrategy denyAllStrategy; 37 | 38 | @Test 39 | public void should_default_and_allowAll_be_the_same() { 40 | assertThat(defaultAclStrategy).isSameAs(allowAllStrategy); 41 | } 42 | 43 | @Test 44 | public void should_denyAll_and_allowAll_be_different() { 45 | assertThat(denyAllStrategy).isNotSameAs(allowAllStrategy); 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/config/DefaultStrategyOverrideTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.config; 15 | 16 | import static org.assertj.core.api.Assertions.assertThat; 17 | 18 | import javax.annotation.Resource; 19 | 20 | import org.junit.Test; 21 | import org.junit.runner.RunWith; 22 | import org.springframework.boot.test.context.SpringBootTest; 23 | import org.springframework.test.context.junit4.SpringRunner; 24 | 25 | import com.github.lothar.security.acl.AclStrategy; 26 | 27 | @RunWith(SpringRunner.class) 28 | @SpringBootTest(classes = DenyAllDefaultConfiguration.class) 29 | public class DefaultStrategyOverrideTest { 30 | 31 | @Resource 32 | private AclStrategy defaultAclStrategy; 33 | @Resource 34 | private AclStrategy allowAllStrategy; 35 | @Resource 36 | private AclStrategy denyAllStrategy; 37 | 38 | @Test 39 | public void should_default_and_denyAll_be_the_same() { 40 | assertThat(defaultAclStrategy).isSameAs(denyAllStrategy); 41 | } 42 | 43 | @Test 44 | public void should_default_and_allowAll_be_different() { 45 | assertThat(defaultAclStrategy).isNotSameAs(allowAllStrategy); 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/config/DenyAllDefaultConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.config; 17 | 18 | import org.springframework.context.annotation.Bean; 19 | import org.springframework.context.annotation.Configuration; 20 | import org.springframework.context.annotation.Import; 21 | 22 | import com.github.lothar.security.acl.AclStrategy; 23 | 24 | @Configuration 25 | @Import(AclConfiguration.class) 26 | public class DenyAllDefaultConfiguration { 27 | 28 | @Bean 29 | public AclStrategy defaultAclStrategy(AclStrategy denyAllStrategy) { 30 | return denyAllStrategy; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/domain/AllowedToAllObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.domain; 17 | 18 | import com.github.lothar.security.acl.Acl; 19 | 20 | @Acl("allowAllStrategy") 21 | public class AllowedToAllObject { 22 | } 23 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/domain/DeniedToAllObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.domain; 17 | 18 | import com.github.lothar.security.acl.Acl; 19 | 20 | @Acl("denyAllStrategy") 21 | public class DeniedToAllObject { 22 | } 23 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/domain/NoAclObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.domain; 17 | 18 | public class NoAclObject { 19 | } 20 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/domain/NoStrategyObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.domain; 17 | 18 | import com.github.lothar.security.acl.Acl; 19 | 20 | @Acl 21 | public class NoStrategyObject { 22 | } 23 | -------------------------------------------------------------------------------- /core/src/test/java/com/github/lothar/security/acl/domain/UnknownStrategyObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.domain; 17 | 18 | import com.github.lothar.security.acl.Acl; 19 | 20 | @Acl("unknownStrategy") 21 | public class UnknownStrategyObject { 22 | } 23 | -------------------------------------------------------------------------------- /core/src/test/resources/application.yml: -------------------------------------------------------------------------------- 1 | logging: 2 | level: 3 | com.github.lothar.security.acl: debug 4 | strategy-security-acl: 5 | disabled: false -------------------------------------------------------------------------------- /elasticsearch/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0.0 4 | 5 | strategy-spring-security-acl-elasticsearch 6 | 7 | 8 | com.github.lothar.security.acl 9 | strategy-spring-security-acl-parent 10 | 1.6.0-SNAPSHOT 11 | 12 | 13 | 14 | 15 | com.github.lothar.security.acl 16 | strategy-spring-security-acl-core 17 | 18 | 19 | org.springframework.boot 20 | spring-boot-starter-data-elasticsearch 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /elasticsearch/src/main/java/com/github/lothar/security/acl/elasticsearch/AclFilterProvider.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.elasticsearch; 15 | 16 | import org.elasticsearch.index.query.QueryBuilder; 17 | import org.slf4j.Logger; 18 | import org.slf4j.LoggerFactory; 19 | 20 | import com.github.lothar.security.acl.AclStrategy; 21 | import com.github.lothar.security.acl.AclStrategyProvider; 22 | 23 | public class AclFilterProvider { 24 | 25 | private Logger logger = LoggerFactory.getLogger(getClass()); 26 | private AclStrategyProvider strategyProvider; 27 | private ElasticSearchFeature elasticSearchFeature; 28 | private QueryBuilder defaultQueryBuilder; 29 | 30 | public AclFilterProvider(AclStrategyProvider strategyProvider, 31 | ElasticSearchFeature elasticSearchFeature, QueryBuilder defaultQueryBuilder) { 32 | super(); 33 | this.strategyProvider = strategyProvider; 34 | this.elasticSearchFeature = elasticSearchFeature; 35 | this.defaultQueryBuilder = defaultQueryBuilder; 36 | } 37 | 38 | public QueryBuilder filterFor(Class domainType) { 39 | QueryBuilder filterBuilder = defaultQueryBuilder; 40 | 41 | AclStrategy strategy = strategyProvider.strategyFor(domainType); 42 | if (strategy == null) { 43 | logger.debug("No strategy found for '{}' in strategy provider", domainType.getSimpleName()); 44 | 45 | } else { 46 | QueryBuilder filter = strategy.handlerFor(elasticSearchFeature); 47 | if (filter == null) { 48 | logger.debug( 49 | "No ACL ElasticSearch found in strategy {} > fall back on default ACL ElasticSearch specification", 50 | strategy); 51 | } else { 52 | filterBuilder = filter; 53 | } 54 | } 55 | 56 | logger.debug("Using ACL ElasticSearch filter builder for {} using strategy {}: {}", 57 | domainType.getSimpleName(), strategy, filterBuilder); 58 | return filterBuilder; 59 | } 60 | 61 | } 62 | -------------------------------------------------------------------------------- /elasticsearch/src/main/java/com/github/lothar/security/acl/elasticsearch/ElasticSearchFeature.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch; 17 | 18 | import org.elasticsearch.index.query.QueryBuilder; 19 | 20 | import com.github.lothar.security.acl.AclFeature; 21 | import com.github.lothar.security.acl.named.NamedBean; 22 | 23 | public final class ElasticSearchFeature extends NamedBean implements AclFeature { 24 | } 25 | -------------------------------------------------------------------------------- /elasticsearch/src/main/java/com/github/lothar/security/acl/elasticsearch/compound/FilterBuilderComposer.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch.compound; 17 | 18 | import static org.elasticsearch.index.query.QueryBuilders.andQuery; 19 | import static org.elasticsearch.index.query.QueryBuilders.orQuery; 20 | 21 | import org.elasticsearch.index.query.QueryBuilder; 22 | 23 | import com.github.lothar.security.acl.compound.AclComposer; 24 | 25 | @SuppressWarnings("deprecation") 26 | public class FilterBuilderComposer implements AclComposer { 27 | 28 | @Override 29 | public QueryBuilder and(QueryBuilder lhs, QueryBuilder rhs) { 30 | return andQuery(lhs, rhs); 31 | } 32 | 33 | @Override 34 | public QueryBuilder or(QueryBuilder lhs, QueryBuilder rhs) { 35 | return orQuery(lhs, rhs); 36 | } 37 | 38 | } 39 | -------------------------------------------------------------------------------- /elasticsearch/src/main/java/com/github/lothar/security/acl/elasticsearch/config/ElasticSearchAclConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.elasticsearch.config; 15 | 16 | import static org.elasticsearch.index.query.QueryBuilders.boolQuery; 17 | import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery; 18 | 19 | import org.elasticsearch.index.query.QueryBuilder; 20 | import org.slf4j.Logger; 21 | import org.slf4j.LoggerFactory; 22 | import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; 23 | import org.springframework.context.annotation.Bean; 24 | import org.springframework.context.annotation.Configuration; 25 | import org.springframework.context.annotation.Import; 26 | 27 | import com.github.lothar.security.acl.AclStrategyProvider; 28 | import com.github.lothar.security.acl.SimpleAclStrategy; 29 | import com.github.lothar.security.acl.compound.AclComposersRegistry; 30 | import com.github.lothar.security.acl.config.AclConfiguration; 31 | import com.github.lothar.security.acl.elasticsearch.AclFilterProvider; 32 | import com.github.lothar.security.acl.elasticsearch.ElasticSearchFeature; 33 | import com.github.lothar.security.acl.elasticsearch.compound.FilterBuilderComposer; 34 | 35 | @Configuration 36 | @Import(AclConfiguration.class) 37 | public class ElasticSearchAclConfiguration { 38 | 39 | private ElasticSearchFeature elasticSearchFeature = new ElasticSearchFeature(); 40 | private Logger logger = LoggerFactory.getLogger(ElasticSearchAclConfiguration.class); 41 | 42 | public ElasticSearchAclConfiguration() { 43 | logger.info("Configured feature : {}", elasticSearchFeature); 44 | } 45 | 46 | @Bean 47 | public ElasticSearchFeature elasticSearchFeature() { 48 | return elasticSearchFeature; 49 | } 50 | 51 | @Bean 52 | @ConditionalOnMissingBean(FilterBuilderComposer.class) 53 | public FilterBuilderComposer filterBuilderComposer(AclComposersRegistry registry) { 54 | FilterBuilderComposer composer = new FilterBuilderComposer(); 55 | registry.register(elasticSearchFeature, composer); 56 | return composer; 57 | } 58 | 59 | @Bean 60 | public AclFilterProvider aclFilterProvider(AclStrategyProvider strategyProvider, 61 | QueryBuilder defaultFilter) { 62 | return new AclFilterProvider(strategyProvider, elasticSearchFeature, defaultFilter); 63 | } 64 | 65 | @Bean(name = {"allowAllFilter", "defaultFilter"}) 66 | public QueryBuilder allowAllFilter(SimpleAclStrategy allowAllStrategy) { 67 | QueryBuilder allowAllFilter = matchAllQuery(); 68 | allowAllStrategy.install(elasticSearchFeature, allowAllFilter); 69 | return allowAllFilter; 70 | } 71 | 72 | @Bean 73 | public QueryBuilder denyAllFilter(SimpleAclStrategy denyAllStrategy) { 74 | QueryBuilder denyAllFilter = boolQuery().mustNot(matchAllQuery()); 75 | denyAllStrategy.install(elasticSearchFeature, denyAllFilter); 76 | return denyAllFilter; 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /elasticsearch/src/main/resources/META-INF/spring.factories: -------------------------------------------------------------------------------- 1 | org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.github.lothar.security.acl.elasticsearch.config.ElasticSearchAclConfiguration -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/ElasticSearchTestConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.elasticsearch; 15 | 16 | import static org.elasticsearch.index.query.QueryBuilders.matchQuery; 17 | 18 | import org.elasticsearch.index.query.MatchQueryBuilder; 19 | import org.springframework.boot.autoconfigure.SpringBootApplication; 20 | import org.springframework.context.annotation.Bean; 21 | import org.springframework.data.elasticsearch.repository.config.EnableElasticsearchRepositories; 22 | 23 | import com.github.lothar.security.acl.AclStrategy; 24 | import com.github.lothar.security.acl.SimpleAclStrategy; 25 | import com.github.lothar.security.acl.elasticsearch.repository.AclElasticsearchRepositoryFactoryBean; 26 | 27 | @SpringBootApplication 28 | @EnableElasticsearchRepositories(value = "com.github.lothar.security.acl.elasticsearch.repository", 29 | repositoryFactoryBeanClass = AclElasticsearchRepositoryFactoryBean.class) 30 | public class ElasticSearchTestConfiguration { 31 | 32 | private SimpleAclStrategy customerStrategy = new SimpleAclStrategy(); 33 | 34 | @Bean 35 | public AclStrategy withoutHandlerStrategy() { 36 | return new SimpleAclStrategy(); 37 | } 38 | 39 | @Bean 40 | public SimpleAclStrategy customerStrategy() { 41 | return customerStrategy; 42 | } 43 | 44 | @Bean 45 | public MatchQueryBuilder smithFamilyFilter(ElasticSearchFeature elasticSearchFeature) { 46 | MatchQueryBuilder smithFamilyFilter = matchQuery("lastName", "Smith"); 47 | customerStrategy.install(elasticSearchFeature, smithFamilyFilter); 48 | return smithFamilyFilter; 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/config/ElasticSearchAclConfigurationTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch.config; 17 | 18 | import static org.assertj.core.api.Assertions.assertThat; 19 | 20 | import javax.annotation.Resource; 21 | 22 | import org.junit.Test; 23 | import org.junit.runner.RunWith; 24 | import org.springframework.boot.test.context.SpringBootTest; 25 | import org.springframework.test.context.junit4.SpringRunner; 26 | 27 | import com.github.lothar.security.acl.elasticsearch.ElasticSearchFeature; 28 | import com.github.lothar.security.acl.elasticsearch.ElasticSearchTestConfiguration; 29 | 30 | @RunWith(SpringRunner.class) 31 | @SpringBootTest(classes = ElasticSearchTestConfiguration.class) 32 | public class ElasticSearchAclConfigurationTest { 33 | 34 | @Resource 35 | private ElasticSearchFeature elasticSearchFeature; 36 | 37 | @Test 38 | public void should_elasticSearchFeature_be_loaded() { 39 | assertThat(elasticSearchFeature).isNotNull(); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/domain/AllowedToAllObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.elasticsearch.domain; 15 | 16 | import org.springframework.data.annotation.Id; 17 | import org.springframework.data.elasticsearch.annotations.Document; 18 | 19 | import com.github.lothar.security.acl.Acl; 20 | 21 | @Document(indexName = "allowedToAll") 22 | @Acl("allowAllStrategy") 23 | public class AllowedToAllObject { 24 | 25 | @Id 26 | private Long id; 27 | 28 | public Long getId() { 29 | return id; 30 | } 31 | 32 | public void setId(Long id) { 33 | this.id = id; 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/domain/Customer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | */ 14 | 15 | package com.github.lothar.security.acl.elasticsearch.domain; 16 | 17 | import java.io.Serializable; 18 | import java.util.Objects; 19 | 20 | import org.springframework.data.annotation.Id; 21 | import org.springframework.data.elasticsearch.annotations.Document; 22 | 23 | import com.github.lothar.security.acl.Acl; 24 | 25 | @Document(indexName = "customer") 26 | @Acl("customerStrategy") 27 | public class Customer implements Serializable { 28 | 29 | private static final long serialVersionUID = 1L; 30 | 31 | @Id 32 | private String id; 33 | 34 | private String firstName; 35 | 36 | private String lastName; 37 | 38 | public Customer() {} 39 | 40 | public Customer(String id, String firstName, String lastName) { 41 | this.id = id; 42 | this.firstName = firstName; 43 | this.lastName = lastName; 44 | } 45 | 46 | public String getId() { 47 | return this.id; 48 | } 49 | 50 | public void setId(String id) { 51 | this.id = id; 52 | } 53 | 54 | public String getFirstName() { 55 | return this.firstName; 56 | } 57 | 58 | public void setFirstName(String firstName) { 59 | this.firstName = firstName; 60 | } 61 | 62 | public String getLastName() { 63 | return this.lastName; 64 | } 65 | 66 | public void setLastName(String lastName) { 67 | this.lastName = lastName; 68 | } 69 | 70 | @Override 71 | public boolean equals(Object obj) { 72 | if (!(obj instanceof Customer)) { 73 | return false; 74 | } 75 | Customer customer = (Customer) obj; 76 | return Objects.equals(customer.id, id); 77 | } 78 | 79 | @Override 80 | public int hashCode() { 81 | return Objects.hashCode(id); 82 | } 83 | 84 | @Override 85 | public String toString() { 86 | return String.format("Customer[id=%s, firstName='%s', lastName='%s']", this.id, this.firstName, 87 | this.lastName); 88 | } 89 | 90 | } 91 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/domain/DeniedToAllObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch.domain; 17 | 18 | import org.springframework.data.annotation.Id; 19 | import org.springframework.data.elasticsearch.annotations.Document; 20 | 21 | import com.github.lothar.security.acl.Acl; 22 | 23 | @Document(indexName = "deniedToAll") 24 | @Acl("denyAllStrategy") 25 | public class DeniedToAllObject { 26 | 27 | @Id 28 | private Long id; 29 | 30 | public Long getId() { 31 | return id; 32 | } 33 | 34 | public void setId(Long id) { 35 | this.id = id; 36 | } 37 | 38 | 39 | } 40 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/domain/NoAclObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch.domain; 17 | 18 | import org.springframework.data.annotation.Id; 19 | import org.springframework.data.elasticsearch.annotations.Document; 20 | 21 | @Document(indexName = "noAcl") 22 | public class NoAclObject { 23 | 24 | @Id 25 | private Long id; 26 | 27 | public Long getId() { 28 | return id; 29 | } 30 | 31 | public void setId(Long id) { 32 | this.id = id; 33 | } 34 | 35 | 36 | } 37 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/domain/NoStrategyObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch.domain; 17 | 18 | import org.springframework.data.annotation.Id; 19 | import org.springframework.data.elasticsearch.annotations.Document; 20 | 21 | import com.github.lothar.security.acl.Acl; 22 | 23 | @Document(indexName = "noStrategy") 24 | @Acl 25 | public class NoStrategyObject { 26 | 27 | @Id 28 | private Long id; 29 | 30 | public Long getId() { 31 | return id; 32 | } 33 | 34 | public void setId(Long id) { 35 | this.id = id; 36 | } 37 | 38 | 39 | } 40 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/domain/UnknownStrategyObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch.domain; 17 | 18 | import org.springframework.data.annotation.Id; 19 | import org.springframework.data.elasticsearch.annotations.Document; 20 | 21 | import com.github.lothar.security.acl.Acl; 22 | 23 | @Document(indexName = "unknownStrategy") 24 | @Acl("unknownStrategy") 25 | public class UnknownStrategyObject { 26 | 27 | @Id 28 | private Long id; 29 | 30 | public Long getId() { 31 | return id; 32 | } 33 | 34 | public void setId(Long id) { 35 | this.id = id; 36 | } 37 | 38 | 39 | } 40 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/domain/WithoutHandlerObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch.domain; 17 | 18 | import org.springframework.data.annotation.Id; 19 | import org.springframework.data.elasticsearch.annotations.Document; 20 | 21 | import com.github.lothar.security.acl.Acl; 22 | 23 | @Document(indexName = "withoutHandler") 24 | @Acl("withoutHandlerStrategy") 25 | public class WithoutHandlerObject { 26 | 27 | @Id 28 | private Long id; 29 | 30 | public Long getId() { 31 | return id; 32 | } 33 | 34 | public void setId(Long id) { 35 | this.id = id; 36 | } 37 | 38 | } 39 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/repository/AclElasticsearchRepositoryFactoryBeanTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.elasticsearch.repository; 15 | 16 | import static org.assertj.core.api.Assertions.assertThat; 17 | 18 | import javax.annotation.Resource; 19 | 20 | import org.elasticsearch.index.query.QueryBuilder; 21 | import org.junit.Test; 22 | import org.junit.runner.RunWith; 23 | import org.springframework.boot.test.context.SpringBootTest; 24 | import org.springframework.test.context.junit4.SpringRunner; 25 | 26 | import com.github.lothar.security.acl.elasticsearch.AclFilterProvider; 27 | import com.github.lothar.security.acl.elasticsearch.ElasticSearchTestConfiguration; 28 | import com.github.lothar.security.acl.elasticsearch.domain.AllowedToAllObject; 29 | import com.github.lothar.security.acl.elasticsearch.domain.DeniedToAllObject; 30 | import com.github.lothar.security.acl.elasticsearch.domain.NoAclObject; 31 | import com.github.lothar.security.acl.elasticsearch.domain.NoStrategyObject; 32 | import com.github.lothar.security.acl.elasticsearch.domain.UnknownStrategyObject; 33 | import com.github.lothar.security.acl.elasticsearch.domain.WithoutHandlerObject; 34 | 35 | @RunWith(SpringRunner.class) 36 | @SpringBootTest(classes = ElasticSearchTestConfiguration.class) 37 | public class AclElasticsearchRepositoryFactoryBeanTest { 38 | 39 | @Resource 40 | private AclFilterProvider filterProvider; 41 | @Resource 42 | private QueryBuilder allowAllFilter; 43 | @Resource 44 | private QueryBuilder denyAllFilter; 45 | 46 | @Test 47 | public void should_provider_return_allowAll_filter() { 48 | assertThat(filterProvider.filterFor(AllowedToAllObject.class)).isSameAs(allowAllFilter); 49 | } 50 | 51 | @Test 52 | public void should_provider_return_denyAll_spec() { 53 | assertThat(filterProvider.filterFor(DeniedToAllObject.class)).isSameAs(denyAllFilter); 54 | } 55 | 56 | @Test 57 | public void should_provider_return_allowAll_filter_for_noAcl() { 58 | assertThat(filterProvider.filterFor(NoAclObject.class)).isSameAs(allowAllFilter); 59 | } 60 | 61 | @Test 62 | public void should_provider_return_allowAll_filter_for_noStrategy() { 63 | assertThat(filterProvider.filterFor(NoStrategyObject.class)).isSameAs(allowAllFilter); 64 | } 65 | 66 | @Test 67 | public void should_provider_return_allowAll_filter_for_unknownStrategy() { 68 | assertThat(filterProvider.filterFor(UnknownStrategyObject.class)).isSameAs(allowAllFilter); 69 | } 70 | 71 | @Test 72 | public void should_provider_return_allowAll_filter_for_withoutHandlerStrategy() { 73 | assertThat(filterProvider.filterFor(WithoutHandlerObject.class)).isSameAs(allowAllFilter); 74 | } 75 | 76 | } 77 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/repository/AllowedToAllRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch.repository; 17 | 18 | import org.springframework.data.elasticsearch.repository.ElasticsearchRepository; 19 | import org.springframework.stereotype.Repository; 20 | 21 | import com.github.lothar.security.acl.elasticsearch.domain.AllowedToAllObject; 22 | 23 | @Repository 24 | public interface AllowedToAllRepository extends ElasticsearchRepository { 25 | 26 | } 27 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/repository/CustomerRepository.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | */ 14 | 15 | package com.github.lothar.security.acl.elasticsearch.repository; 16 | 17 | import java.util.List; 18 | 19 | import org.springframework.data.elasticsearch.repository.ElasticsearchRepository; 20 | 21 | import com.github.lothar.security.acl.elasticsearch.domain.Customer; 22 | 23 | public interface CustomerRepository extends ElasticsearchRepository { 24 | 25 | Customer findByFirstName(String firstName); 26 | 27 | List findByLastName(String lastName); 28 | 29 | int countByLastName(String lastName); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/repository/DeniedToAllRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.elasticsearch.repository; 15 | 16 | import org.springframework.data.elasticsearch.repository.ElasticsearchRepository; 17 | import org.springframework.stereotype.Repository; 18 | 19 | import com.github.lothar.security.acl.elasticsearch.domain.DeniedToAllObject; 20 | 21 | @Repository 22 | public interface DeniedToAllRepository extends ElasticsearchRepository { 23 | 24 | } 25 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/repository/NoAclRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.elasticsearch.repository; 15 | 16 | import org.springframework.data.elasticsearch.repository.ElasticsearchRepository; 17 | import org.springframework.stereotype.Repository; 18 | 19 | import com.github.lothar.security.acl.elasticsearch.domain.NoAclObject; 20 | 21 | @Repository 22 | public interface NoAclRepository extends ElasticsearchRepository { 23 | 24 | } 25 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/repository/NoStrategyRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.elasticsearch.repository; 15 | 16 | import org.springframework.data.elasticsearch.repository.ElasticsearchRepository; 17 | import org.springframework.stereotype.Repository; 18 | 19 | import com.github.lothar.security.acl.elasticsearch.domain.NoStrategyObject; 20 | 21 | @Repository 22 | public interface NoStrategyRepository extends ElasticsearchRepository { 23 | 24 | } 25 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/repository/UnknownStrategyRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.elasticsearch.repository; 15 | 16 | import org.springframework.data.elasticsearch.repository.ElasticsearchRepository; 17 | import org.springframework.stereotype.Repository; 18 | 19 | import com.github.lothar.security.acl.elasticsearch.domain.UnknownStrategyObject; 20 | 21 | @Repository 22 | public interface UnknownStrategyRepository 23 | extends ElasticsearchRepository { 24 | 25 | } 26 | -------------------------------------------------------------------------------- /elasticsearch/src/test/java/com/github/lothar/security/acl/elasticsearch/repository/WithoutHandlerRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.elasticsearch.repository; 17 | 18 | import org.springframework.data.elasticsearch.repository.ElasticsearchRepository; 19 | import org.springframework.stereotype.Repository; 20 | 21 | import com.github.lothar.security.acl.elasticsearch.domain.WithoutHandlerObject; 22 | 23 | @Repository 24 | public interface WithoutHandlerRepository extends ElasticsearchRepository { 25 | 26 | } 27 | -------------------------------------------------------------------------------- /elasticsearch/src/test/resources/application.yml: -------------------------------------------------------------------------------- 1 | spring: 2 | data: 3 | elasticsearch: 4 | cluster-name: 5 | cluster-nodes: 6 | properties: 7 | path: 8 | logs: target/elasticsearch/log 9 | data: target/elasticsearch/data 10 | logging: 11 | level: 12 | com.github.lothar.security.acl: debug -------------------------------------------------------------------------------- /grant/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0.0 4 | 5 | strategy-spring-security-acl-grant 6 | 7 | 8 | com.github.lothar.security.acl 9 | strategy-spring-security-acl-parent 10 | 1.6.0-SNAPSHOT 11 | 12 | 13 | 14 | 15 | com.github.lothar.security.acl 16 | strategy-spring-security-acl-core 17 | 18 | 19 | org.springframework.boot 20 | spring-boot-starter-security 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /grant/src/main/java/com/github/lothar/security/acl/grant/GrantEvaluator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant; 17 | 18 | import java.io.Serializable; 19 | 20 | import org.springframework.security.core.Authentication; 21 | 22 | public interface GrantEvaluator { 23 | 24 | boolean isGranted(Object permission, Authentication authentication, Object domainObject); 25 | 26 | boolean isGranted(Object permission, Authentication authentication, Serializable targetId, 27 | String targetType); 28 | 29 | } 30 | -------------------------------------------------------------------------------- /grant/src/main/java/com/github/lothar/security/acl/grant/GrantEvaluatorFeature.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant; 17 | 18 | import com.github.lothar.security.acl.AclFeature; 19 | import com.github.lothar.security.acl.named.NamedBean; 20 | 21 | public final class GrantEvaluatorFeature extends NamedBean implements AclFeature { 22 | } 23 | -------------------------------------------------------------------------------- /grant/src/main/java/com/github/lothar/security/acl/grant/TypedGrantEvaluator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant; 17 | 18 | import java.io.Serializable; 19 | 20 | import org.springframework.security.core.Authentication; 21 | import com.github.lothar.security.acl.named.NamedBean; 22 | 23 | /** 24 | * @author Francois Lecomte 25 | * 26 | * @param Object type 27 | * @param Object ID type 28 | * @param {@link Authentication} 29 | * @param

Permission 30 | */ 31 | @SuppressWarnings("unchecked") 32 | public abstract class TypedGrantEvaluator extends NamedBean 33 | implements GrantEvaluator { 34 | 35 | @Override 36 | public boolean isGranted(Object permission, Authentication authentication, Object domainObject) { 37 | P thePermission = mapPermission(permission); 38 | A theAuthentication = mapAuthentication(authentication); 39 | T theDomainObject = mapDomainObject(domainObject); 40 | return isGranted(thePermission, theAuthentication, theDomainObject); 41 | } 42 | 43 | public abstract boolean isGranted(P permission, A authentication, T domainObject); 44 | 45 | @Override 46 | public boolean isGranted(Object permission, Authentication authentication, Serializable targetId, 47 | String targetType) { 48 | P thePermission = mapPermission(permission); 49 | A theAuthentication = mapAuthentication(authentication); 50 | ID theTargetId = mapTargetId(targetId); 51 | Class theTargetType = mapTargetType(targetType); 52 | return isGranted(thePermission, theAuthentication, theTargetId, theTargetType); 53 | } 54 | 55 | public abstract boolean isGranted(P permission, A authentication, ID targetId, 56 | Class targetType); 57 | 58 | // ------------------------ 59 | // Mappers ---------------- 60 | // ------------------------ 61 | 62 | protected P mapPermission(Object permission) { 63 | return (P) permission; 64 | } 65 | 66 | protected A mapAuthentication(Authentication authentication) { 67 | return (A) authentication; 68 | } 69 | 70 | protected T mapDomainObject(Object domainObject) { 71 | return (T) domainObject; 72 | } 73 | 74 | protected ID mapTargetId(Serializable targetId) { 75 | return (ID) targetId; 76 | } 77 | 78 | private Class mapTargetType(String targetType) { 79 | try { 80 | return (Class) Class.forName(targetType); 81 | } catch (ClassNotFoundException e) { 82 | throw new IllegalArgumentException("Unable to find target type '" + targetType + "'"); 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /grant/src/main/java/com/github/lothar/security/acl/grant/compound/GrantEvaluatorComposer.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.grant.compound; 15 | 16 | import java.io.Serializable; 17 | import java.util.function.Supplier; 18 | 19 | import org.springframework.security.core.Authentication; 20 | 21 | import com.github.lothar.security.acl.compound.AbstractCompound; 22 | import com.github.lothar.security.acl.compound.AclComposer; 23 | import com.github.lothar.security.acl.compound.Operator; 24 | import com.github.lothar.security.acl.grant.GrantEvaluator; 25 | 26 | public class GrantEvaluatorComposer implements AclComposer { 27 | 28 | @Override 29 | public GrantEvaluator and(GrantEvaluator lhs, GrantEvaluator rhs) { 30 | return new CompoundGrantEvaluator(lhs, rhs, GrantEvaluatorOperator.AND); 31 | } 32 | 33 | @Override 34 | public GrantEvaluator or(GrantEvaluator lhs, GrantEvaluator rhs) { 35 | return new CompoundGrantEvaluator(lhs, rhs, GrantEvaluatorOperator.OR); 36 | } 37 | 38 | public static class CompoundGrantEvaluator 39 | extends AbstractCompoundimplements GrantEvaluator { 40 | 41 | private CompoundGrantEvaluator(GrantEvaluator lhs, GrantEvaluator rhs, 42 | GrantEvaluatorOperator operator) { 43 | super(lhs, rhs, operator); 44 | } 45 | 46 | @Override 47 | public boolean isGranted(Object permission, Authentication authentication, 48 | Serializable targetId, String targetType) { 49 | return operator.apply( // 50 | () -> lhs.isGranted(permission, authentication, targetId, targetType), // 51 | () -> rhs.isGranted(permission, authentication, targetId, targetType) // 52 | ); 53 | } 54 | 55 | @Override 56 | public boolean isGranted(Object permission, Authentication authentication, 57 | Object domainObject) { 58 | return operator.apply( // 59 | () -> lhs.isGranted(permission, authentication, domainObject), // 60 | () -> rhs.isGranted(permission, authentication, domainObject) // 61 | ); 62 | } 63 | } 64 | 65 | private static enum GrantEvaluatorOperator implements Operator { 66 | 67 | AND { 68 | @Override 69 | boolean apply(Supplier lhs, Supplier rhs) { 70 | return lhs.get() && rhs.get(); 71 | } 72 | }, 73 | 74 | OR { 75 | @Override 76 | boolean apply(Supplier lhs, Supplier rhs) { 77 | return lhs.get() || rhs.get(); 78 | } 79 | }; 80 | 81 | abstract boolean apply(Supplier lhs, Supplier rhs); 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /grant/src/main/java/com/github/lothar/security/acl/grant/config/GrantEvaluatorAclConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.grant.config; 15 | 16 | import org.slf4j.Logger; 17 | import org.slf4j.LoggerFactory; 18 | import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; 19 | import org.springframework.context.annotation.Bean; 20 | import org.springframework.context.annotation.Configuration; 21 | import org.springframework.context.annotation.Import; 22 | 23 | import com.github.lothar.security.acl.AclStrategyProvider; 24 | import com.github.lothar.security.acl.SimpleAclStrategy; 25 | import com.github.lothar.security.acl.compound.AclComposersRegistry; 26 | import com.github.lothar.security.acl.config.AclConfiguration; 27 | import com.github.lothar.security.acl.grant.AclPermissionEvaluator; 28 | import com.github.lothar.security.acl.grant.GrantEvaluator; 29 | import com.github.lothar.security.acl.grant.GrantEvaluatorFeature; 30 | import com.github.lothar.security.acl.grant.compound.GrantEvaluatorComposer; 31 | import com.github.lothar.security.acl.grant.evaluators.AllowAllGrantEvaluator; 32 | import com.github.lothar.security.acl.grant.evaluators.DenyAllGrantEvaluator; 33 | 34 | @Configuration 35 | @Import(AclConfiguration.class) 36 | public class GrantEvaluatorAclConfiguration { 37 | 38 | private GrantEvaluatorFeature grantEvaluatorFeature = new GrantEvaluatorFeature(); 39 | private Logger logger = LoggerFactory.getLogger(GrantEvaluatorAclConfiguration.class); 40 | 41 | public GrantEvaluatorAclConfiguration() { 42 | logger.info("Configured feature : {}", grantEvaluatorFeature); 43 | } 44 | 45 | @Bean 46 | public GrantEvaluatorFeature grantEvaluatorFeature() { 47 | return grantEvaluatorFeature; 48 | } 49 | 50 | @Bean 51 | @ConditionalOnMissingBean(GrantEvaluatorComposer.class) 52 | public GrantEvaluatorComposer grantEvaluatorComposer(AclComposersRegistry registry) { 53 | GrantEvaluatorComposer composer = new GrantEvaluatorComposer(); 54 | registry.register(grantEvaluatorFeature, composer); 55 | return composer; 56 | } 57 | 58 | @Bean 59 | public AclPermissionEvaluator aclPermissionEvaluator(AclStrategyProvider strategyProvider, 60 | GrantEvaluator defaultGrantEvaluator) { 61 | return new AclPermissionEvaluator(strategyProvider, grantEvaluatorFeature, 62 | defaultGrantEvaluator); 63 | } 64 | 65 | @Bean(name = {"allowAllGrantEvaluator", "defaultGrantEvaluator"}) 66 | public GrantEvaluator allowAllGrantEvaluator(SimpleAclStrategy allowAllStrategy) { 67 | GrantEvaluator allowAllGrantEvaluator = new AllowAllGrantEvaluator(); 68 | allowAllStrategy.install(grantEvaluatorFeature, allowAllGrantEvaluator); 69 | return allowAllGrantEvaluator; 70 | } 71 | 72 | @Bean 73 | public GrantEvaluator denyAllGrantEvaluator(SimpleAclStrategy denyAllStrategy) { 74 | GrantEvaluator denyAllGrantEvaluator = new DenyAllGrantEvaluator(); 75 | denyAllStrategy.install(grantEvaluatorFeature, denyAllGrantEvaluator); 76 | return denyAllGrantEvaluator; 77 | } 78 | 79 | } 80 | -------------------------------------------------------------------------------- /grant/src/main/java/com/github/lothar/security/acl/grant/evaluators/AllowAllGrantEvaluator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant.evaluators; 17 | 18 | import java.io.Serializable; 19 | 20 | import org.springframework.security.core.Authentication; 21 | 22 | import com.github.lothar.security.acl.grant.GrantEvaluator; 23 | import com.github.lothar.security.acl.named.NamedBean; 24 | 25 | public class AllowAllGrantEvaluator extends NamedBean implements GrantEvaluator { 26 | 27 | @Override 28 | public boolean isGranted(Object permission, Authentication authentication, Object domainObject) { 29 | return true; 30 | } 31 | 32 | @Override 33 | public boolean isGranted(Object permission, Authentication authentication, Serializable targetId, 34 | String targetType) { 35 | return true; 36 | } 37 | 38 | } 39 | -------------------------------------------------------------------------------- /grant/src/main/java/com/github/lothar/security/acl/grant/evaluators/DenyAllGrantEvaluator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant.evaluators; 17 | 18 | import java.io.Serializable; 19 | 20 | import org.springframework.security.core.Authentication; 21 | 22 | import com.github.lothar.security.acl.grant.GrantEvaluator; 23 | import com.github.lothar.security.acl.named.NamedBean; 24 | 25 | public class DenyAllGrantEvaluator extends NamedBean implements GrantEvaluator { 26 | 27 | @Override 28 | public boolean isGranted(Object permission, Authentication authentication, Object domainObject) { 29 | return false; 30 | } 31 | 32 | @Override 33 | public boolean isGranted(Object permission, Authentication authentication, Serializable targetId, 34 | String targetType) { 35 | return false; 36 | } 37 | 38 | } 39 | -------------------------------------------------------------------------------- /grant/src/main/resources/META-INF/spring.factories: -------------------------------------------------------------------------------- 1 | org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.github.lothar.security.acl.grant.config.GrantEvaluatorAclConfiguration -------------------------------------------------------------------------------- /grant/src/test/java/com/github/lothar/security/acl/grant/GrantEvaluatorTestConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.grant; 15 | 16 | import org.springframework.boot.autoconfigure.SpringBootApplication; 17 | import org.springframework.context.annotation.Bean; 18 | 19 | import com.github.lothar.security.acl.AclStrategy; 20 | import com.github.lothar.security.acl.SimpleAclStrategy; 21 | 22 | @SpringBootApplication 23 | public class GrantEvaluatorTestConfiguration { 24 | 25 | @Bean 26 | public AclStrategy withoutHandlerStrategy() { 27 | return new SimpleAclStrategy(); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /grant/src/test/java/com/github/lothar/security/acl/grant/config/GrantEvaluatorAclConfigurationTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant.config; 17 | 18 | import static org.assertj.core.api.Assertions.assertThat; 19 | 20 | import javax.annotation.Resource; 21 | 22 | import org.junit.Test; 23 | import org.junit.runner.RunWith; 24 | import org.springframework.boot.test.context.SpringBootTest; 25 | import org.springframework.security.access.PermissionEvaluator; 26 | import org.springframework.test.context.junit4.SpringRunner; 27 | 28 | import com.github.lothar.security.acl.grant.AclPermissionEvaluator; 29 | import com.github.lothar.security.acl.grant.GrantEvaluator; 30 | import com.github.lothar.security.acl.grant.GrantEvaluatorFeature; 31 | import com.github.lothar.security.acl.grant.GrantEvaluatorTestConfiguration; 32 | 33 | @RunWith(SpringRunner.class) 34 | @SpringBootTest(classes = GrantEvaluatorTestConfiguration.class) 35 | public class GrantEvaluatorAclConfigurationTest { 36 | 37 | @Resource 38 | private PermissionEvaluator permissionEvaluator; 39 | @Resource 40 | private GrantEvaluatorFeature grantEvaluatorFeature; 41 | @Resource 42 | private GrantEvaluator allowAllGrantEvaluator; 43 | @Resource 44 | private GrantEvaluator defaultGrantEvaluator; 45 | @Resource 46 | private GrantEvaluator denyAllGrantEvaluator; 47 | 48 | @Test 49 | public void should_grantEvaluatorFeature_be_loaded() { 50 | assertThat(grantEvaluatorFeature).isNotNull(); 51 | } 52 | 53 | @Test 54 | public void should_permissionEvaluator_be_loaded() { 55 | assertThat(permissionEvaluator).isInstanceOf(AclPermissionEvaluator.class); 56 | } 57 | 58 | @Test 59 | public void should_default_and_allowAll_be_the_same() { 60 | assertThat(defaultGrantEvaluator).isSameAs(allowAllGrantEvaluator); 61 | } 62 | 63 | @Test 64 | public void should_denyAll_and_allowAll_be_different() { 65 | assertThat(denyAllGrantEvaluator).isNotSameAs(allowAllGrantEvaluator); 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /grant/src/test/java/com/github/lothar/security/acl/grant/domain/AllowedToAllObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant.domain; 17 | 18 | import com.github.lothar.security.acl.Acl; 19 | 20 | @Acl("allowAllStrategy") 21 | public class AllowedToAllObject { 22 | } 23 | -------------------------------------------------------------------------------- /grant/src/test/java/com/github/lothar/security/acl/grant/domain/DeniedToAllObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant.domain; 17 | 18 | import com.github.lothar.security.acl.Acl; 19 | 20 | @Acl("denyAllStrategy") 21 | public class DeniedToAllObject { 22 | } 23 | -------------------------------------------------------------------------------- /grant/src/test/java/com/github/lothar/security/acl/grant/domain/NoAclObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant.domain; 17 | 18 | public class NoAclObject { 19 | } 20 | -------------------------------------------------------------------------------- /grant/src/test/java/com/github/lothar/security/acl/grant/domain/NoStrategyObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant.domain; 17 | 18 | import com.github.lothar.security.acl.Acl; 19 | 20 | @Acl 21 | public class NoStrategyObject { 22 | } 23 | -------------------------------------------------------------------------------- /grant/src/test/java/com/github/lothar/security/acl/grant/domain/UnknownStrategyObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant.domain; 17 | 18 | import com.github.lothar.security.acl.Acl; 19 | 20 | @Acl("unknownStrategy") 21 | public class UnknownStrategyObject { 22 | } 23 | -------------------------------------------------------------------------------- /grant/src/test/java/com/github/lothar/security/acl/grant/domain/WithoutHandlerObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.grant.domain; 17 | 18 | import com.github.lothar.security.acl.Acl; 19 | 20 | @Acl("withoutHandlerStrategy") 21 | public class WithoutHandlerObject { 22 | } 23 | -------------------------------------------------------------------------------- /grant/src/test/resources/application.yml: -------------------------------------------------------------------------------- 1 | logging: 2 | level: 3 | com.github.lothar.security.acl: debug -------------------------------------------------------------------------------- /jpa/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0.0 4 | 5 | strategy-spring-security-acl-jpa 6 | 7 | 8 | com.github.lothar.security.acl 9 | strategy-spring-security-acl-parent 10 | 1.6.0-SNAPSHOT 11 | 12 | 13 | 14 | 15 | com.github.lothar.security.acl 16 | strategy-spring-security-acl-core 17 | 18 | 19 | org.springframework.boot 20 | spring-boot-starter-data-jpa 21 | 22 | 23 | 24 | com.h2database 25 | h2 26 | test 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/JpaSpecFeature.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa; 17 | 18 | import org.springframework.data.jpa.domain.Specification; 19 | 20 | import com.github.lothar.security.acl.AclFeature; 21 | import com.github.lothar.security.acl.named.NamedBean; 22 | 23 | public final class JpaSpecFeature extends NamedBean implements AclFeature> { 24 | } 25 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/JpaSpecProvider.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa; 15 | 16 | import org.slf4j.Logger; 17 | import org.slf4j.LoggerFactory; 18 | import org.springframework.data.jpa.domain.Specification; 19 | 20 | import com.github.lothar.security.acl.AclStrategy; 21 | import com.github.lothar.security.acl.AclStrategyProvider; 22 | 23 | public class JpaSpecProvider { 24 | 25 | private Logger logger = LoggerFactory.getLogger(getClass()); 26 | private AclStrategyProvider strategyProvider; 27 | private JpaSpecFeature jpaSpecFeature; 28 | private Specification defaultJpaSpec; 29 | 30 | public JpaSpecProvider(AclStrategyProvider strategyProvider, JpaSpecFeature jpaSpecFeature, 31 | Specification defaultJpaSpec) { 32 | super(); 33 | this.strategyProvider = strategyProvider; 34 | this.jpaSpecFeature = jpaSpecFeature; 35 | this.defaultJpaSpec = defaultJpaSpec; 36 | } 37 | 38 | public Specification jpaSpecFor(Class domainType) { 39 | Specification aclJpaSpec = defaultJpaSpec; 40 | 41 | AclStrategy strategy = strategyProvider.strategyFor(domainType); 42 | if (strategy == null) { 43 | logger.debug("No strategy found for '{}' in strategy provider", domainType.getSimpleName()); 44 | 45 | } else { 46 | Specification aclJpaSpecification = strategy.handlerFor(jpaSpecFeature); 47 | if (aclJpaSpecification == null) { 48 | logger.debug( 49 | "No ACL JPA specification found in strategy {} > fall back on default ACL JPA specification", 50 | strategy); 51 | } else { 52 | aclJpaSpec = aclJpaSpecification; 53 | } 54 | } 55 | 56 | logger.debug("Using ACL JPA specification for '{}': {}", domainType.getSimpleName(), 57 | aclJpaSpec); 58 | return aclJpaSpec; 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/annotation/NoAcl.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa.annotation; 15 | 16 | import java.lang.annotation.Documented; 17 | import java.lang.annotation.ElementType; 18 | import java.lang.annotation.Inherited; 19 | import java.lang.annotation.Retention; 20 | import java.lang.annotation.RetentionPolicy; 21 | import java.lang.annotation.Target; 22 | 23 | /** 24 | * Disable acl on query method 25 | */ 26 | @Target(ElementType.METHOD) 27 | @Retention(RetentionPolicy.RUNTIME) 28 | @Inherited 29 | @Documented 30 | public @interface NoAcl { 31 | 32 | } 33 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/compound/JpaSpecComposer.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.compound; 17 | 18 | import static org.springframework.data.jpa.domain.Specifications.where; 19 | 20 | import org.springframework.data.jpa.domain.Specification; 21 | 22 | import com.github.lothar.security.acl.compound.AclComposer; 23 | 24 | public class JpaSpecComposer implements AclComposer> { 25 | 26 | @Override 27 | public Specification and(Specification lhs, Specification rhs) { 28 | return where(lhs).and(rhs); 29 | } 30 | 31 | @Override 32 | public Specification or(Specification lhs, Specification rhs) { 33 | return where(lhs).or(rhs); 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/config/JpaSpecAclConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa.config; 15 | 16 | import org.slf4j.Logger; 17 | import org.slf4j.LoggerFactory; 18 | import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; 19 | import org.springframework.context.annotation.Bean; 20 | import org.springframework.context.annotation.Configuration; 21 | import org.springframework.context.annotation.Import; 22 | import org.springframework.data.jpa.domain.Specification; 23 | import com.github.lothar.security.acl.AclStrategyProvider; 24 | import com.github.lothar.security.acl.SimpleAclStrategy; 25 | import com.github.lothar.security.acl.compound.AclComposersRegistry; 26 | import com.github.lothar.security.acl.config.AclConfiguration; 27 | import com.github.lothar.security.acl.jpa.JpaSpecFeature; 28 | import com.github.lothar.security.acl.jpa.JpaSpecProvider; 29 | import com.github.lothar.security.acl.jpa.compound.JpaSpecComposer; 30 | import com.github.lothar.security.acl.jpa.spec.AllowAllSpecification; 31 | import com.github.lothar.security.acl.jpa.spec.DenyAllSpecification; 32 | 33 | @Configuration 34 | @Import(AclConfiguration.class) 35 | public class JpaSpecAclConfiguration { 36 | 37 | private JpaSpecFeature jpaSpecFeature = new JpaSpecFeature<>(); 38 | private Logger logger = LoggerFactory.getLogger(JpaSpecAclConfiguration.class); 39 | 40 | public JpaSpecAclConfiguration() { 41 | logger.info("Configured feature : {}", jpaSpecFeature); 42 | } 43 | 44 | @Bean 45 | public JpaSpecFeature jpaSpecFeature() { 46 | return jpaSpecFeature; 47 | } 48 | 49 | @Bean 50 | @ConditionalOnMissingBean(JpaSpecComposer.class) 51 | public JpaSpecComposer jpaSpecComposer(AclComposersRegistry registry) { 52 | JpaSpecComposer composer = new JpaSpecComposer<>(); 53 | registry.register(jpaSpecFeature, composer); 54 | return composer; 55 | } 56 | 57 | @Bean 58 | public JpaSpecProvider jpaSpecProvider(AclStrategyProvider strategyProvider, 59 | Specification defaultAclSpecification) { 60 | return new JpaSpecProvider<>(strategyProvider, jpaSpecFeature, defaultAclSpecification); 61 | } 62 | 63 | @Bean(name = {"allowAllSpecification", "defaultAclSpecification"}) 64 | public AllowAllSpecification allowAllSpecification(SimpleAclStrategy allowAllStrategy) { 65 | AllowAllSpecification allowAllSpecification = new AllowAllSpecification<>(); 66 | allowAllStrategy.install(jpaSpecFeature, allowAllSpecification); 67 | return allowAllSpecification; 68 | } 69 | 70 | @Bean 71 | public DenyAllSpecification denyAllSpecification(SimpleAclStrategy denyAllStrategy) { 72 | DenyAllSpecification denyAllSpecification = new DenyAllSpecification<>(); 73 | denyAllStrategy.install(jpaSpecFeature, denyAllSpecification); 74 | return denyAllSpecification; 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/query/AclPredicateTargetSource.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa.query; 15 | 16 | import javax.persistence.criteria.CriteriaBuilder; 17 | import javax.persistence.criteria.Predicate; 18 | 19 | import org.slf4j.Logger; 20 | import org.slf4j.LoggerFactory; 21 | import org.springframework.aop.TargetSource; 22 | 23 | public class AclPredicateTargetSource implements TargetSource { 24 | 25 | private Logger logger = LoggerFactory.getLogger(getClass()); 26 | private Predicate original; 27 | private Predicate current; 28 | private CriteriaBuilder criteriaBuilder; 29 | 30 | public AclPredicateTargetSource(CriteriaBuilder criteriaBuilder, Predicate original) { 31 | this.criteriaBuilder = criteriaBuilder; 32 | this.original = original; 33 | setCurrent(original); 34 | logger.debug("Original predicate : {}", original); 35 | } 36 | 37 | public void installAcl(Predicate aclPredicate) { 38 | Predicate enhancedPredicate = criteriaBuilder.and(original, aclPredicate); 39 | setCurrent(enhancedPredicate); 40 | logger.debug("Enhanced predicate : {}", enhancedPredicate); 41 | } 42 | 43 | public void uninstallAcl() { 44 | setCurrent(original); 45 | } 46 | 47 | @Override 48 | public Class getTargetClass() { 49 | return getTarget().getClass(); 50 | } 51 | 52 | @Override 53 | public boolean isStatic() { 54 | return false; 55 | } 56 | 57 | @Override 58 | public Object getTarget() { 59 | return current; 60 | } 61 | 62 | @Override 63 | public void releaseTarget(Object target) throws Exception {} 64 | 65 | private void setCurrent(Predicate predicate) { 66 | this.current = predicate; 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/spec/AclJpaSpecifications.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.spec; 17 | 18 | import static java.util.stream.Collectors.toList; 19 | import static java.util.stream.StreamSupport.stream; 20 | 21 | import java.io.Serializable; 22 | import java.util.Collection; 23 | 24 | import org.springframework.data.jpa.domain.Specification; 25 | 26 | public class AclJpaSpecifications { 27 | 28 | private AclJpaSpecifications() {} 29 | 30 | public static Specification idsIn(Iterable ids) { 31 | return new BiFunctionSpecification<>((root, cb) -> root.get("ids").in(collection(ids))); 32 | } 33 | 34 | public static Specification idEqualTo(ID id) { 35 | return new BiFunctionSpecification<>((root, cb) -> cb.equal(root.get("id"), id)); 36 | } 37 | 38 | public static Collection collection(Iterable iterable) { 39 | if (iterable instanceof Collection) { 40 | return (Collection) iterable; 41 | } else { 42 | return stream(iterable.spliterator(), false).collect(toList()); 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/spec/AllowAllSpecification.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.spec; 17 | 18 | import javax.persistence.criteria.CriteriaBuilder; 19 | import javax.persistence.criteria.CriteriaQuery; 20 | import javax.persistence.criteria.Predicate; 21 | import javax.persistence.criteria.Root; 22 | 23 | import org.springframework.data.jpa.domain.Specification; 24 | 25 | import com.github.lothar.security.acl.named.NamedBean; 26 | 27 | public class AllowAllSpecification extends NamedBean implements Specification { 28 | 29 | @Override 30 | public Predicate toPredicate(Root root, CriteriaQuery query, CriteriaBuilder cb) { 31 | return cb.conjunction(); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/spec/BiFunctionSpecification.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.spec; 17 | 18 | import java.util.function.BiFunction; 19 | 20 | import javax.persistence.criteria.CriteriaBuilder; 21 | import javax.persistence.criteria.CriteriaQuery; 22 | import javax.persistence.criteria.Predicate; 23 | import javax.persistence.criteria.Root; 24 | 25 | import org.springframework.data.jpa.domain.Specification; 26 | 27 | public class BiFunctionSpecification implements Specification { 28 | 29 | private BiFunction, CriteriaBuilder, Predicate> predicateFunction; 30 | 31 | public BiFunctionSpecification( 32 | BiFunction, CriteriaBuilder, Predicate> predicateFunction) { 33 | this.predicateFunction = predicateFunction; 34 | } 35 | 36 | @Override 37 | public Predicate toPredicate(Root root, CriteriaQuery query, CriteriaBuilder cb) { 38 | return predicateFunction.apply(root, cb); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /jpa/src/main/java/com/github/lothar/security/acl/jpa/spec/DenyAllSpecification.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.spec; 17 | 18 | import javax.persistence.criteria.CriteriaBuilder; 19 | import javax.persistence.criteria.CriteriaQuery; 20 | import javax.persistence.criteria.Predicate; 21 | import javax.persistence.criteria.Root; 22 | 23 | import org.springframework.data.jpa.domain.Specification; 24 | 25 | public class DenyAllSpecification implements Specification { 26 | 27 | @Override 28 | public Predicate toPredicate(Root root, CriteriaQuery query, CriteriaBuilder cb) { 29 | return cb.disjunction(); 30 | } 31 | 32 | @Override 33 | public String toString() { 34 | return getClass().getSimpleName(); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /jpa/src/main/resources/META-INF/spring.factories: -------------------------------------------------------------------------------- 1 | org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.github.lothar.security.acl.jpa.config.JpaSpecAclConfiguration -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/JpaSpecProviderTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa; 15 | 16 | import static org.assertj.core.api.Assertions.assertThat; 17 | 18 | import javax.annotation.Resource; 19 | 20 | import org.junit.Test; 21 | import org.junit.runner.RunWith; 22 | import org.springframework.boot.test.context.SpringBootTest; 23 | import org.springframework.data.jpa.domain.Specification; 24 | import org.springframework.test.context.junit4.SpringRunner; 25 | 26 | import com.github.lothar.security.acl.jpa.domain.NoStrategyObject; 27 | import com.github.lothar.security.acl.jpa.domain.UnknownStrategyObject; 28 | import com.github.lothar.security.acl.jpa.domain.WithoutHandlerObject; 29 | import com.github.lothar.security.acl.jpa.repository.AllowedToAllRepository; 30 | import com.github.lothar.security.acl.jpa.repository.DeniedToAllRepository; 31 | import com.github.lothar.security.acl.jpa.repository.NoAclRepository; 32 | import com.github.lothar.security.acl.jpa.repository.NoStrategyRepository; 33 | import com.github.lothar.security.acl.jpa.repository.UnknownStrategyRepository; 34 | import com.github.lothar.security.acl.jpa.repository.WithoutHandlerRepository; 35 | 36 | @RunWith(SpringRunner.class) 37 | @SpringBootTest(classes = JpaSpecTestConfiguration.class) 38 | public class JpaSpecProviderTest { 39 | 40 | @Resource 41 | private JpaSpecProvider jpaSpecProvider; 42 | @Resource 43 | private Specification defaultAclSpecification; 44 | @Resource 45 | private AllowedToAllRepository allowedToAllRepository; 46 | @Resource 47 | private DeniedToAllRepository deniedToAllRepository; 48 | @Resource 49 | private NoAclRepository noAclRepository; 50 | @Resource 51 | private NoStrategyRepository noStrategyRepository; 52 | @Resource 53 | private UnknownStrategyRepository unknownStrategyRepository; 54 | @Resource 55 | private WithoutHandlerRepository withoutHandlerRepository; 56 | 57 | @Test 58 | public void should_all_acl_repositories_be_loaded() { 59 | assertThat(allowedToAllRepository).isNotNull(); 60 | assertThat(deniedToAllRepository).isNotNull(); 61 | assertThat(noAclRepository).isNotNull(); 62 | assertThat(noStrategyRepository).isNotNull(); 63 | assertThat(unknownStrategyRepository).isNotNull(); 64 | assertThat(withoutHandlerRepository).isNotNull(); 65 | } 66 | 67 | @Test 68 | public void should_use_default_handler_when_none_defined() { 69 | assertThat(jpaSpecProvider.jpaSpecFor(WithoutHandlerObject.class)).isSameAs(defaultAclSpecification); 70 | } 71 | 72 | @Test 73 | public void should_use_default_handler_when_unknown_defined() { 74 | assertThat(jpaSpecProvider.jpaSpecFor(UnknownStrategyObject.class)).isSameAs(defaultAclSpecification); 75 | } 76 | 77 | @Test 78 | public void should_use_default_handler_when_no_strategy_defined() { 79 | assertThat(jpaSpecProvider.jpaSpecFor(NoStrategyObject.class)).isSameAs(defaultAclSpecification); 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/JpaSpecTestConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa; 15 | 16 | import javax.annotation.PostConstruct; 17 | import javax.annotation.Resource; 18 | 19 | import org.springframework.boot.autoconfigure.SpringBootApplication; 20 | import org.springframework.context.annotation.Bean; 21 | import org.springframework.data.jpa.repository.config.EnableJpaRepositories; 22 | 23 | import com.github.lothar.security.acl.AclStrategy; 24 | import com.github.lothar.security.acl.SimpleAclStrategy; 25 | import com.github.lothar.security.acl.jpa.domain.Customer; 26 | import com.github.lothar.security.acl.jpa.repository.AclJpaRepositoryFactoryBean; 27 | import com.github.lothar.security.acl.jpa.spec.AllowAllSpecification; 28 | import com.github.lothar.security.acl.jpa.spec.CustomerSpecification; 29 | 30 | @SpringBootApplication 31 | @EnableJpaRepositories(value = "com.github.lothar.security.acl.jpa.repository", 32 | repositoryFactoryBeanClass = AclJpaRepositoryFactoryBean.class) 33 | public class JpaSpecTestConfiguration { 34 | 35 | @Resource 36 | private SimpleAclStrategy allowAllStrategy; 37 | @Resource 38 | private AllowAllSpecification allowAllSpecification; 39 | @Resource 40 | private JpaSpecFeature jpaSpecFeature; 41 | private SimpleAclStrategy customerStrategy = new SimpleAclStrategy(); 42 | private CustomerSpecification smithFamilySpec = new CustomerSpecification("Smith"); 43 | 44 | @Bean 45 | public AclStrategy withoutHandlerStrategy() { 46 | return new SimpleAclStrategy(); 47 | } 48 | 49 | @Bean 50 | public AclStrategy customerStrategy() { 51 | return customerStrategy; 52 | } 53 | 54 | @Bean 55 | public CustomerSpecification smithFamilySpec() { 56 | return smithFamilySpec; 57 | } 58 | 59 | @PostConstruct 60 | public void installStrategy() { 61 | customerStrategy.install(jpaSpecFeature, smithFamilySpec); 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/config/JpaSpecAclConfigurationTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.config; 17 | 18 | import static org.assertj.core.api.Assertions.assertThat; 19 | 20 | import javax.annotation.Resource; 21 | 22 | import org.junit.Test; 23 | import org.junit.runner.RunWith; 24 | import org.springframework.boot.test.context.SpringBootTest; 25 | import org.springframework.data.jpa.domain.Specification; 26 | import org.springframework.test.context.junit4.SpringRunner; 27 | 28 | import com.github.lothar.security.acl.jpa.JpaSpecFeature; 29 | import com.github.lothar.security.acl.jpa.JpaSpecTestConfiguration; 30 | 31 | @RunWith(SpringRunner.class) 32 | @SpringBootTest(classes = JpaSpecTestConfiguration.class) 33 | public class JpaSpecAclConfigurationTest { 34 | 35 | @Resource 36 | private Specification allowAllSpecification; 37 | @Resource 38 | private Specification denyAllSpecification; 39 | @Resource 40 | private JpaSpecFeature jpaSpecFeature; 41 | 42 | @Test 43 | public void should_jpaSpecFeature_be_loaded() { 44 | assertThat(jpaSpecFeature).isNotNull(); 45 | } 46 | 47 | @Test 48 | public void should_allowAllSpec_be_loaded() { 49 | assertThat(allowAllSpecification).isNotNull(); 50 | } 51 | 52 | @Test 53 | public void should_denyAllSpec_be_loaded() { 54 | assertThat(denyAllSpecification).isNotNull(); 55 | } 56 | 57 | } 58 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/domain/AllowedToAllObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa.domain; 15 | 16 | import javax.persistence.Entity; 17 | import javax.persistence.Id; 18 | 19 | import com.github.lothar.security.acl.Acl; 20 | 21 | @Entity 22 | @Acl("allowAllStrategy") 23 | public class AllowedToAllObject { 24 | 25 | @Id 26 | private Long id; 27 | 28 | public Long getId() { 29 | return id; 30 | } 31 | 32 | public void setId(Long id) { 33 | this.id = id; 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/domain/Customer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | */ 14 | 15 | package com.github.lothar.security.acl.jpa.domain; 16 | 17 | import java.io.Serializable; 18 | import java.util.Objects; 19 | 20 | import javax.persistence.Entity; 21 | import javax.persistence.GeneratedValue; 22 | import javax.persistence.GenerationType; 23 | import javax.persistence.Id; 24 | import javax.persistence.Table; 25 | 26 | import com.github.lothar.security.acl.Acl; 27 | 28 | @Entity 29 | @Table(name = "customer") 30 | @Acl("customerStrategy") 31 | public class Customer implements Serializable { 32 | 33 | private static final long serialVersionUID = 1L; 34 | 35 | @Id 36 | @GeneratedValue(strategy = GenerationType.AUTO) 37 | private String id; 38 | 39 | private String firstName; 40 | 41 | private String lastName; 42 | 43 | public Customer() { 44 | } 45 | 46 | public Customer(String firstName, String lastName) { 47 | this.firstName = firstName; 48 | this.lastName = lastName; 49 | } 50 | 51 | public String getId() { 52 | return this.id; 53 | } 54 | 55 | public void setId(String id) { 56 | this.id = id; 57 | } 58 | 59 | public String getFirstName() { 60 | return this.firstName; 61 | } 62 | 63 | public void setFirstName(String firstName) { 64 | this.firstName = firstName; 65 | } 66 | 67 | public String getLastName() { 68 | return this.lastName; 69 | } 70 | 71 | public void setLastName(String lastName) { 72 | this.lastName = lastName; 73 | } 74 | 75 | @Override 76 | public String toString() { 77 | return String.format("Customer[id=%s, firstName='%s', lastName='%s']", this.id, 78 | this.firstName, this.lastName); 79 | } 80 | 81 | @Override 82 | public boolean equals(Object obj) { 83 | if (obj == null) { 84 | return false; 85 | } 86 | if (!(obj instanceof Customer)) { 87 | return false; 88 | } 89 | Customer customer = (Customer) obj; 90 | return Objects.equals(this.id, customer.id); 91 | } 92 | 93 | @Override 94 | public int hashCode() { 95 | return Objects.hash(id); 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/domain/DeniedToAllObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.domain; 17 | 18 | import javax.persistence.Entity; 19 | import javax.persistence.Id; 20 | 21 | import com.github.lothar.security.acl.Acl; 22 | 23 | @Entity 24 | @Acl("denyAllStrategy") 25 | public class DeniedToAllObject { 26 | 27 | @Id 28 | private Long id; 29 | 30 | public Long getId() { 31 | return id; 32 | } 33 | 34 | public void setId(Long id) { 35 | this.id = id; 36 | } 37 | 38 | 39 | } 40 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/domain/NoAclObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.domain; 17 | 18 | import javax.persistence.Entity; 19 | import javax.persistence.Id; 20 | 21 | @Entity 22 | public class NoAclObject { 23 | 24 | @Id 25 | private Long id; 26 | 27 | public Long getId() { 28 | return id; 29 | } 30 | 31 | public void setId(Long id) { 32 | this.id = id; 33 | } 34 | 35 | 36 | } 37 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/domain/NoStrategyObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.domain; 17 | 18 | import javax.persistence.Entity; 19 | import javax.persistence.Id; 20 | 21 | import com.github.lothar.security.acl.Acl; 22 | 23 | @Entity 24 | @Acl 25 | public class NoStrategyObject { 26 | 27 | @Id 28 | private Long id; 29 | 30 | public Long getId() { 31 | return id; 32 | } 33 | 34 | public void setId(Long id) { 35 | this.id = id; 36 | } 37 | 38 | 39 | } 40 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/domain/UnknownStrategyObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.domain; 17 | 18 | import javax.persistence.Entity; 19 | import javax.persistence.Id; 20 | 21 | import com.github.lothar.security.acl.Acl; 22 | 23 | @Entity 24 | @Acl("unknownStrategy") 25 | public class UnknownStrategyObject { 26 | 27 | @Id 28 | private Long id; 29 | 30 | public Long getId() { 31 | return id; 32 | } 33 | 34 | public void setId(Long id) { 35 | this.id = id; 36 | } 37 | 38 | 39 | } 40 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/domain/WithoutHandlerObject.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.domain; 17 | 18 | import javax.persistence.Entity; 19 | import javax.persistence.Id; 20 | 21 | import com.github.lothar.security.acl.Acl; 22 | 23 | @Entity 24 | @Acl("withoutHandlerStrategy") 25 | public class WithoutHandlerObject { 26 | 27 | @Id 28 | private Long id; 29 | 30 | public Long getId() { 31 | return id; 32 | } 33 | 34 | public void setId(Long id) { 35 | this.id = id; 36 | } 37 | 38 | 39 | } 40 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/multithread/CurrentUserLastNameSpec.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa.multithread; 15 | 16 | import javax.persistence.criteria.CriteriaBuilder; 17 | import javax.persistence.criteria.CriteriaQuery; 18 | import javax.persistence.criteria.Predicate; 19 | import javax.persistence.criteria.Root; 20 | 21 | import org.springframework.data.jpa.domain.Specification; 22 | 23 | import com.github.lothar.security.acl.jpa.domain.Customer; 24 | 25 | public class CurrentUserLastNameSpec implements Specification { 26 | 27 | @Override 28 | public Predicate toPredicate(Root root, CriteriaQuery query, CriteriaBuilder cb) { 29 | String currentUserLastName = Session.currentUserLastName(); 30 | if (currentUserLastName == null) { 31 | return cb.conjunction(); 32 | } else { 33 | return cb.equal(root.get("lastName"), currentUserLastName); 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/multithread/MultithreadTestConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa.multithread; 15 | 16 | import javax.annotation.PostConstruct; 17 | import javax.annotation.Resource; 18 | 19 | import org.springframework.boot.autoconfigure.SpringBootApplication; 20 | import org.springframework.context.annotation.Bean; 21 | import org.springframework.context.annotation.ComponentScan; 22 | import org.springframework.data.jpa.repository.config.EnableJpaRepositories; 23 | 24 | import com.github.lothar.security.acl.AclStrategy; 25 | import com.github.lothar.security.acl.SimpleAclStrategy; 26 | import com.github.lothar.security.acl.jpa.JpaSpecFeature; 27 | import com.github.lothar.security.acl.jpa.domain.Customer; 28 | import com.github.lothar.security.acl.jpa.repository.AclJpaRepositoryFactoryBean; 29 | import com.github.lothar.security.acl.jpa.spec.AllowAllSpecification; 30 | 31 | @SpringBootApplication 32 | @ComponentScan("com.github.lothar.security.acl.jpa") 33 | @EnableJpaRepositories(value = "com.github.lothar.security.acl.jpa.repository", 34 | repositoryFactoryBeanClass = AclJpaRepositoryFactoryBean.class) 35 | public class MultithreadTestConfiguration { 36 | 37 | @Resource 38 | private SimpleAclStrategy allowAllStrategy; 39 | @Resource 40 | private AllowAllSpecification allowAllSpecification; 41 | @Resource 42 | private JpaSpecFeature jpaSpecFeature; 43 | private SimpleAclStrategy customerStrategy = new SimpleAclStrategy(); 44 | private CurrentUserLastNameSpec currentUserLastNameSpec = new CurrentUserLastNameSpec(); 45 | 46 | @Bean 47 | public AclStrategy withoutHandlerStrategy() { 48 | return new SimpleAclStrategy(); 49 | } 50 | 51 | @Bean 52 | public AclStrategy customerStrategy() { 53 | return customerStrategy; 54 | } 55 | 56 | @Bean 57 | public CurrentUserLastNameSpec currentUserLastNameSpec() { 58 | return currentUserLastNameSpec; 59 | } 60 | 61 | @PostConstruct 62 | public void installStrategy() { 63 | customerStrategy.install(jpaSpecFeature, currentUserLastNameSpec); 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/multithread/Session.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa.multithread; 15 | 16 | public class Session { 17 | 18 | private static final ThreadLocal user = new ThreadLocal<>(); 19 | 20 | private Session() {} 21 | 22 | public static String currentUserLastName() { 23 | return user.get(); 24 | } 25 | 26 | public static void login(String userLastName) { 27 | user.set(userLastName); 28 | } 29 | 30 | public static void logout() { 31 | user.remove(); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/multithread/TestDataPreparer.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa.multithread; 15 | 16 | import org.springframework.context.ApplicationContext; 17 | import org.springframework.stereotype.Component; 18 | import org.springframework.test.context.TestContext; 19 | import org.springframework.test.context.support.AbstractTestExecutionListener; 20 | 21 | import com.github.lothar.security.acl.jpa.domain.Customer; 22 | import com.github.lothar.security.acl.jpa.repository.CustomerRepository; 23 | 24 | @Component 25 | public class TestDataPreparer extends AbstractTestExecutionListener { 26 | 27 | private Customer aliceSmith; 28 | private Customer bobSmith; 29 | private Customer johnDoe; 30 | 31 | @Override 32 | public void beforeTestClass(TestContext testContext) throws Exception { 33 | CustomerRepository repository = repository(testContext); 34 | aliceSmith = repository.saveAndFlush(new Customer("Alice", "Smith")); 35 | bobSmith = repository.saveAndFlush(new Customer("Bob", "Smith")); 36 | johnDoe = repository.saveAndFlush(new Customer("John", "Doe")); 37 | } 38 | 39 | @Override 40 | public void afterTestClass(TestContext testContext) throws Exception { 41 | CustomerRepository repository = repository(testContext); 42 | repository.delete(aliceSmith); 43 | repository.delete(bobSmith); 44 | repository.delete(johnDoe); 45 | } 46 | 47 | private CustomerRepository repository(TestContext testContext) { 48 | ApplicationContext context = testContext.getApplicationContext(); 49 | CustomerRepository customerRepository = context.getBean(CustomerRepository.class); 50 | return customerRepository; 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/repository/AclJpaRepositoryFactoryBeanTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.jpa.repository; 15 | 16 | import static org.assertj.core.api.Assertions.assertThat; 17 | 18 | import javax.annotation.Resource; 19 | 20 | import org.junit.Test; 21 | import org.junit.runner.RunWith; 22 | import org.springframework.boot.test.context.SpringBootTest; 23 | import org.springframework.test.context.junit4.SpringRunner; 24 | 25 | import com.github.lothar.security.acl.jpa.JpaSpecProvider; 26 | import com.github.lothar.security.acl.jpa.JpaSpecTestConfiguration; 27 | import com.github.lothar.security.acl.jpa.domain.AllowedToAllObject; 28 | import com.github.lothar.security.acl.jpa.domain.DeniedToAllObject; 29 | import com.github.lothar.security.acl.jpa.domain.NoAclObject; 30 | import com.github.lothar.security.acl.jpa.domain.NoStrategyObject; 31 | import com.github.lothar.security.acl.jpa.domain.UnknownStrategyObject; 32 | import com.github.lothar.security.acl.jpa.domain.WithoutHandlerObject; 33 | import com.github.lothar.security.acl.jpa.spec.AllowAllSpecification; 34 | import com.github.lothar.security.acl.jpa.spec.DenyAllSpecification; 35 | 36 | @RunWith(SpringRunner.class) 37 | @SpringBootTest(classes = JpaSpecTestConfiguration.class) 38 | public class AclJpaRepositoryFactoryBeanTest { 39 | 40 | @Resource 41 | private JpaSpecProvider jpaSpecProvider; 42 | @Resource 43 | private AllowAllSpecification allowAllSpec; 44 | @Resource 45 | private DenyAllSpecification denyAllSpec; 46 | 47 | @Test 48 | public void should_provider_return_allowAll_spec() { 49 | assertThat(jpaSpecProvider.jpaSpecFor(AllowedToAllObject.class)).isSameAs(allowAllSpec); 50 | } 51 | 52 | @Test 53 | public void should_provider_return_denyAll_spec() { 54 | assertThat(jpaSpecProvider.jpaSpecFor(DeniedToAllObject.class)).isSameAs(denyAllSpec); 55 | } 56 | 57 | @Test 58 | public void should_provider_return_allowAll_spec_for_noAcl() { 59 | assertThat(jpaSpecProvider.jpaSpecFor(NoAclObject.class)).isSameAs(allowAllSpec); 60 | } 61 | 62 | @Test 63 | public void should_provider_return_allowAll_spec_for_noStrategy() { 64 | assertThat(jpaSpecProvider.jpaSpecFor(NoStrategyObject.class)).isSameAs(allowAllSpec); 65 | } 66 | 67 | @Test 68 | public void should_provider_return_allowAll_spec_for_unknownStrategy() { 69 | assertThat(jpaSpecProvider.jpaSpecFor(UnknownStrategyObject.class)).isSameAs(allowAllSpec); 70 | } 71 | 72 | @Test 73 | public void should_provider_return_allowAll_spec_for_withoutHandlerStrategy() { 74 | assertThat(jpaSpecProvider.jpaSpecFor(WithoutHandlerObject.class)).isSameAs(allowAllSpec); 75 | } 76 | 77 | } 78 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/repository/AllowedToAllRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.repository; 17 | 18 | import org.springframework.data.jpa.repository.JpaRepository; 19 | import org.springframework.stereotype.Repository; 20 | 21 | import com.github.lothar.security.acl.jpa.domain.AllowedToAllObject; 22 | 23 | @Repository 24 | public interface AllowedToAllRepository extends JpaRepository { 25 | 26 | } 27 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/repository/CustomerRepository.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | */ 14 | 15 | package com.github.lothar.security.acl.jpa.repository; 16 | 17 | import java.util.List; 18 | 19 | import org.springframework.data.domain.Pageable; 20 | import org.springframework.data.domain.Sort; 21 | import org.springframework.data.jpa.repository.JpaRepository; 22 | 23 | import com.github.lothar.security.acl.jpa.annotation.NoAcl; 24 | import com.github.lothar.security.acl.jpa.domain.Customer; 25 | 26 | public interface CustomerRepository extends JpaRepository { 27 | 28 | Customer findByFirstName(String firstName); 29 | 30 | List findByLastName(String lastName); 31 | 32 | List findByFirstNameContains(String firstNameContains, Sort sort); 33 | 34 | List findByFirstNameContains(String firstNameContains, Pageable pageable); 35 | 36 | int countByLastName(String lastName); 37 | 38 | @NoAcl 39 | int countByLastNameContains(String firstName); 40 | } 41 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/repository/DeniedToAllRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.repository; 17 | 18 | import org.springframework.data.jpa.repository.JpaRepository; 19 | import org.springframework.stereotype.Repository; 20 | 21 | import com.github.lothar.security.acl.jpa.domain.DeniedToAllObject; 22 | 23 | @Repository 24 | public interface DeniedToAllRepository extends JpaRepository { 25 | 26 | } 27 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/repository/NoAclRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.repository; 17 | 18 | import org.springframework.data.jpa.repository.JpaRepository; 19 | import org.springframework.stereotype.Repository; 20 | 21 | import com.github.lothar.security.acl.jpa.domain.NoAclObject; 22 | 23 | @Repository 24 | public interface NoAclRepository extends JpaRepository { 25 | 26 | } 27 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/repository/NoStrategyRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.repository; 17 | 18 | import org.springframework.data.jpa.repository.JpaRepository; 19 | import org.springframework.stereotype.Repository; 20 | 21 | import com.github.lothar.security.acl.jpa.domain.NoStrategyObject; 22 | 23 | @Repository 24 | public interface NoStrategyRepository extends JpaRepository { 25 | 26 | } 27 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/repository/UnknownStrategyRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.repository; 17 | 18 | import org.springframework.data.jpa.repository.JpaRepository; 19 | import org.springframework.stereotype.Repository; 20 | 21 | import com.github.lothar.security.acl.jpa.domain.UnknownStrategyObject; 22 | 23 | @Repository 24 | public interface UnknownStrategyRepository extends JpaRepository { 25 | 26 | } 27 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/repository/WithoutHandlerRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.repository; 17 | 18 | import org.springframework.data.jpa.repository.JpaRepository; 19 | import org.springframework.stereotype.Repository; 20 | 21 | import com.github.lothar.security.acl.jpa.domain.WithoutHandlerObject; 22 | 23 | @Repository 24 | public interface WithoutHandlerRepository extends JpaRepository { 25 | 26 | } 27 | -------------------------------------------------------------------------------- /jpa/src/test/java/com/github/lothar/security/acl/jpa/spec/CustomerSpecification.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.jpa.spec; 17 | 18 | import javax.persistence.criteria.CriteriaBuilder; 19 | import javax.persistence.criteria.CriteriaQuery; 20 | import javax.persistence.criteria.Predicate; 21 | import javax.persistence.criteria.Root; 22 | 23 | import org.springframework.data.jpa.domain.Specification; 24 | 25 | import com.github.lothar.security.acl.jpa.domain.Customer; 26 | 27 | public class CustomerSpecification implements Specification { 28 | 29 | private String lastName; 30 | 31 | public CustomerSpecification(String lastName) { 32 | this.lastName = lastName; 33 | } 34 | 35 | @Override 36 | public Predicate toPredicate(Root root, CriteriaQuery query, CriteriaBuilder cb) { 37 | return cb.equal(root.get("lastName"), lastName); 38 | } 39 | 40 | public void setLastName(String lastName) { 41 | this.lastName = lastName; 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /jpa/src/test/resources/application.yml: -------------------------------------------------------------------------------- 1 | spring: 2 | jpa: 3 | hibernate: 4 | ddl-auto: create 5 | properties: 6 | hibernate.cache.use_second_level_cache: false 7 | hibernate.cache.use_query_cache: false 8 | hibernate.format_sql: true 9 | logging: 10 | level: 11 | # org.hibernate.SQL: debug 12 | # org.hibernate.type: trace 13 | # com.github.lothar.security.acl: debug -------------------------------------------------------------------------------- /sample/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0.0 4 | 5 | strategy-spring-security-acl-sample 6 | 7 | 8 | com.github.lothar.security.acl 9 | strategy-spring-security-acl-parent 10 | 1.6.0-SNAPSHOT 11 | 12 | 13 | 14 | 15 | com.github.lothar.security.acl 16 | strategy-spring-security-acl-elasticsearch 17 | 18 | 19 | com.github.lothar.security.acl 20 | strategy-spring-security-acl-grant 21 | 22 | 23 | com.github.lothar.security.acl 24 | strategy-spring-security-acl-jpa 25 | 26 | 27 | com.h2database 28 | h2 29 | 30 | 31 | 32 | org.springframework.security 33 | spring-security-test 34 | test 35 | 36 | 37 | 38 | 39 | 40 | 41 | org.springframework.boot 42 | spring-boot-maven-plugin 43 | 44 | 45 | maven-deploy-plugin 46 | 47 | true 48 | 49 | 50 | 51 | com.github.github 52 | site-maven-plugin 53 | 54 | true 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | -------------------------------------------------------------------------------- /sample/src/main/java/com/github/lothar/security/acl/sample/domain/Customer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.github.lothar.security.acl.sample.domain; 18 | 19 | import java.io.Serializable; 20 | 21 | import javax.persistence.Entity; 22 | import javax.persistence.GeneratedValue; 23 | import javax.persistence.GenerationType; 24 | import javax.persistence.Id; 25 | import javax.persistence.Table; 26 | 27 | import org.springframework.data.elasticsearch.annotations.Document; 28 | 29 | import com.github.lothar.security.acl.Acl; 30 | 31 | @Entity 32 | @Table(name = "customer") 33 | @Acl("customerStrategy") 34 | @Document(indexName = "customer", type = "customer", shards = 1, replicas = 0, refreshInterval = "-1") 35 | public class Customer implements Serializable { 36 | 37 | private static final long serialVersionUID = 1L; 38 | 39 | @Id 40 | @GeneratedValue(strategy = GenerationType.AUTO) 41 | private String id; 42 | 43 | private String firstName; 44 | 45 | private String lastName; 46 | 47 | public Customer() { 48 | } 49 | 50 | public Customer(String firstName, String lastName) { 51 | this.firstName = firstName; 52 | this.lastName = lastName; 53 | } 54 | 55 | public String getId() { 56 | return this.id; 57 | } 58 | 59 | public void setId(String id) { 60 | this.id = id; 61 | } 62 | 63 | public String getFirstName() { 64 | return this.firstName; 65 | } 66 | 67 | public void setFirstName(String firstName) { 68 | this.firstName = firstName; 69 | } 70 | 71 | public String getLastName() { 72 | return this.lastName; 73 | } 74 | 75 | public void setLastName(String lastName) { 76 | this.lastName = lastName; 77 | } 78 | 79 | @Override 80 | public String toString() { 81 | return String.format("Customer[id=%s, firstName='%s', lastName='%s']", this.id, 82 | this.firstName, this.lastName); 83 | } 84 | 85 | } 86 | -------------------------------------------------------------------------------- /sample/src/main/java/com/github/lothar/security/acl/sample/elasticsearch/CustomerSearchRepository.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.github.lothar.security.acl.sample.elasticsearch; 18 | 19 | import java.util.List; 20 | 21 | import org.springframework.data.elasticsearch.repository.ElasticsearchRepository; 22 | 23 | import com.github.lothar.security.acl.sample.domain.Customer; 24 | 25 | public interface CustomerSearchRepository extends ElasticsearchRepository { 26 | 27 | Customer findByFirstName(String firstName); 28 | 29 | List findByLastName(String lastName); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /sample/src/main/java/com/github/lothar/security/acl/sample/grant/AbstractGrantEvaluator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.sample.grant; 17 | 18 | import static org.springframework.util.Assert.notNull; 19 | 20 | import java.io.Serializable; 21 | 22 | import org.springframework.security.core.Authentication; 23 | import com.github.lothar.security.acl.grant.TypedGrantEvaluator; 24 | 25 | public abstract class AbstractGrantEvaluator 26 | extends TypedGrantEvaluator { 27 | 28 | @Override 29 | protected Permission mapPermission(Object permission) { 30 | notNull(permission, "Permission must be not null"); 31 | return Permission.valueOf(String.valueOf(permission)); 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /sample/src/main/java/com/github/lothar/security/acl/sample/grant/CustomerGrantEvaluator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.sample.grant; 15 | 16 | import static com.github.lothar.security.acl.jpa.spec.AclJpaSpecifications.idEqualTo; 17 | 18 | import org.springframework.security.core.Authentication; 19 | 20 | import com.github.lothar.security.acl.sample.domain.Customer; 21 | import com.github.lothar.security.acl.sample.jpa.CustomerRepository; 22 | 23 | public class CustomerGrantEvaluator extends AbstractGrantEvaluator { 24 | 25 | private CustomerRepository repository; 26 | 27 | public CustomerGrantEvaluator(CustomerRepository repository) { 28 | super(); 29 | this.repository = repository; 30 | } 31 | 32 | @Override 33 | public boolean isGranted(Permission permission, Authentication authentication, 34 | Customer domainObject) { 35 | return "Smith".equals(domainObject.getLastName()); 36 | } 37 | 38 | @Override 39 | public boolean isGranted(Permission permission, Authentication authentication, String targetId, 40 | Class targetType) { 41 | // thanks to JpaSpecFeature, repository will count only authorized customers ! 42 | return repository.count(idEqualTo(targetId)) == 1; 43 | // if Jpa feature was not enabled, we would use 44 | // return repository.countByLastName("Smith") 45 | } 46 | 47 | } 48 | -------------------------------------------------------------------------------- /sample/src/main/java/com/github/lothar/security/acl/sample/grant/CustomerService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.sample.grant; 17 | 18 | import javax.annotation.Resource; 19 | 20 | import org.springframework.security.access.prepost.PreAuthorize; 21 | import org.springframework.stereotype.Service; 22 | import org.springframework.transaction.annotation.Transactional; 23 | 24 | import com.github.lothar.security.acl.sample.domain.Customer; 25 | import com.github.lothar.security.acl.sample.jpa.CustomerRepository; 26 | 27 | @Service 28 | public class CustomerService { 29 | 30 | @Resource 31 | private CustomerRepository repository; 32 | 33 | @Transactional 34 | @PreAuthorize("hasPermission(#customer, 'SAVE')") 35 | public Customer save(Customer customer) { 36 | return repository.save(customer); 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /sample/src/main/java/com/github/lothar/security/acl/sample/grant/Permission.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.sample.grant; 17 | 18 | public enum Permission { 19 | 20 | SAVE, DELETE, READ 21 | } 22 | -------------------------------------------------------------------------------- /sample/src/main/java/com/github/lothar/security/acl/sample/jpa/CustomerRepository.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | */ 14 | 15 | package com.github.lothar.security.acl.sample.jpa; 16 | 17 | import java.util.List; 18 | 19 | import org.springframework.data.jpa.repository.JpaRepository; 20 | import org.springframework.data.jpa.repository.JpaSpecificationExecutor; 21 | 22 | import com.github.lothar.security.acl.sample.domain.Customer; 23 | 24 | public interface CustomerRepository 25 | extends JpaRepository, JpaSpecificationExecutor { 26 | 27 | Customer findByFirstName(String firstName); 28 | 29 | List findByLastName(String lastName); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /sample/src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | spring: 2 | jpa: 3 | hibernate: 4 | ddl-auto: create 5 | data: 6 | elasticsearch: 7 | cluster-name: 8 | cluster-nodes: 9 | properties: 10 | path: 11 | logs: target/elasticsearch/log 12 | data: target/elasticsearch/data 13 | logging: 14 | level: 15 | org.hibernate.SQL: debug 16 | com.github.lothar.security.acl: debug -------------------------------------------------------------------------------- /sample/src/test/java/com/github/lothar/security/acl/sample/SampleApplicationTests.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.sample; 17 | 18 | import org.junit.Test; 19 | import org.junit.runner.RunWith; 20 | import org.springframework.boot.test.context.SpringBootTest; 21 | import org.springframework.test.context.junit4.SpringRunner; 22 | 23 | @RunWith(SpringRunner.class) 24 | @SpringBootTest(classes = SampleApplication.class) 25 | public class SampleApplicationTests { 26 | 27 | @Test 28 | public void contextLoads() { 29 | } 30 | 31 | } 32 | -------------------------------------------------------------------------------- /sample/src/test/java/com/github/lothar/security/acl/sample/elasticsearch/CustomerSearchRepositoryTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.sample.elasticsearch; 17 | 18 | import static org.assertj.core.api.Assertions.assertThat; 19 | import static org.elasticsearch.index.query.QueryBuilders.matchQuery; 20 | 21 | import javax.annotation.Resource; 22 | 23 | import org.junit.Before; 24 | import org.junit.Ignore; 25 | import org.junit.Test; 26 | import org.junit.runner.RunWith; 27 | import org.springframework.boot.test.context.SpringBootTest; 28 | import org.springframework.test.context.junit4.SpringRunner; 29 | 30 | import com.github.lothar.security.acl.sample.SampleApplication; 31 | import com.github.lothar.security.acl.sample.domain.Customer; 32 | 33 | @RunWith(SpringRunner.class) 34 | @SpringBootTest(classes = SampleApplication.class) 35 | public class CustomerSearchRepositoryTest { 36 | 37 | @Resource 38 | private CustomerSearchRepository searchRepository; 39 | 40 | @Before 41 | public void init() { 42 | searchRepository.deleteAll(); 43 | searchRepository.save(new Customer("Alice", "Smith")); 44 | searchRepository.save(new Customer("Bob", "Smith")); 45 | searchRepository.save(new Customer("John", "Doe")); 46 | } 47 | 48 | @Test 49 | public void should_find_authorized_customers_only_when_strategy_applied() { 50 | assertThat(searchRepository.count()).isEqualTo(2); 51 | } 52 | 53 | @Ignore("Not yet implemented #12") 54 | @Test 55 | public void should_not_find_members_of_Doe_family_when_strategy_applied() { 56 | assertThat(searchRepository.findByLastName("Doe")).isEmpty(); 57 | } 58 | 59 | @Test 60 | public void should_search_retrieve_authorized_customers_only_when_strategy_applied() { 61 | assertThat(searchRepository.search(matchQuery("name", "Doe"))).isEmpty(); 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /sample/src/test/java/com/github/lothar/security/acl/sample/grant/CustomerServiceTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 | * in compliance with the License. You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software distributed under the License 10 | * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 | * or implied. See the License for the specific language governing permissions and limitations under 12 | * the License. 13 | *******************************************************************************/ 14 | package com.github.lothar.security.acl.sample.grant; 15 | 16 | import static org.assertj.core.api.Assertions.assertThat; 17 | 18 | import javax.annotation.Resource; 19 | 20 | import org.junit.Test; 21 | import org.junit.runner.RunWith; 22 | import org.springframework.boot.test.context.SpringBootTest; 23 | import org.springframework.security.access.AccessDeniedException; 24 | import org.springframework.security.test.context.support.WithMockUser; 25 | import org.springframework.test.context.junit4.SpringRunner; 26 | import org.springframework.transaction.annotation.Transactional; 27 | 28 | import com.github.lothar.security.acl.SimpleAclStrategy; 29 | import com.github.lothar.security.acl.sample.SampleApplication; 30 | import com.github.lothar.security.acl.sample.domain.Customer; 31 | 32 | @RunWith(SpringRunner.class) 33 | @SpringBootTest(classes = SampleApplication.class) 34 | @Transactional 35 | @WithMockUser 36 | public class CustomerServiceTest { 37 | 38 | @Resource 39 | private CustomerService service; 40 | @Resource 41 | private SimpleAclStrategy customerStrategy; 42 | 43 | @Test 44 | public void should_save_an_authorized_customer() { 45 | Customer savedCustomer = service.save(new Customer("Alice", "Smith")); 46 | assertThat(savedCustomer.getLastName()).isEqualTo("Smith"); 47 | } 48 | 49 | @Test(expected = AccessDeniedException.class) 50 | public void should_throw_AccessDenied_when_try_to_save_an_unauthorized_customer() { 51 | service.save(new Customer("John", "Doe")); 52 | } 53 | 54 | } 55 | -------------------------------------------------------------------------------- /sample/src/test/java/com/github/lothar/security/acl/sample/jpa/CustomerRepositoryTest.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2002-2016 the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package com.github.lothar.security.acl.sample.jpa; 17 | 18 | import static org.assertj.core.api.Assertions.assertThat; 19 | 20 | import javax.annotation.Resource; 21 | 22 | import org.junit.Before; 23 | import org.junit.Test; 24 | import org.junit.runner.RunWith; 25 | import org.slf4j.Logger; 26 | import org.slf4j.LoggerFactory; 27 | import org.springframework.boot.test.context.SpringBootTest; 28 | import org.springframework.data.jpa.domain.Specification; 29 | import org.springframework.test.context.junit4.SpringRunner; 30 | import org.springframework.transaction.annotation.Transactional; 31 | 32 | import com.github.lothar.security.acl.SimpleAclStrategy; 33 | import com.github.lothar.security.acl.jpa.JpaSpecFeature; 34 | import com.github.lothar.security.acl.sample.SampleApplication; 35 | import com.github.lothar.security.acl.sample.domain.Customer; 36 | 37 | @RunWith(SpringRunner.class) 38 | @SpringBootTest(classes = SampleApplication.class) 39 | @Transactional 40 | public class CustomerRepositoryTest { 41 | 42 | @Resource 43 | private CustomerRepository repository; 44 | @Resource 45 | private SimpleAclStrategy customerStrategy; 46 | @Resource 47 | private JpaSpecFeature jpaSpecFeature; 48 | private Logger logger = LoggerFactory.getLogger(getClass()); 49 | 50 | @Before 51 | public void init() { 52 | repository.save(new Customer("Alice", "Smith")); 53 | repository.save(new Customer("Bob", "Smith")); 54 | repository.save(new Customer("John", "Doe")); 55 | logger.info("Customer strategy : {}", customerStrategy); 56 | } 57 | 58 | @Test 59 | public void should_customer_spec_be_registered_in_customer_strategy() { 60 | Specification customerSpec = customerStrategy.handlerFor(jpaSpecFeature); 61 | assertThat(customerSpec) // 62 | .as("Customer ACL JPA specification not registered") // 63 | .isNotNull(); 64 | } 65 | 66 | @Test 67 | public void should_find_authorized_customers_only_when_strategy_applied() { 68 | assertThat(repository.count()).isEqualTo(2); 69 | } 70 | 71 | @Test 72 | public void should_find_all_customers_only_when_strategy_not_applied() { 73 | doWithoutCustomerSpec(new Runnable() { 74 | @Override 75 | public void run() { 76 | assertThat(repository.count()).isEqualTo(3); 77 | } 78 | }); 79 | } 80 | 81 | private void doWithoutCustomerSpec(Runnable runnable) { 82 | Specification customerSpec = customerStrategy.uninstall(jpaSpecFeature); 83 | try { 84 | runnable.run(); 85 | } finally { 86 | customerStrategy.install(jpaSpecFeature, customerSpec); 87 | } 88 | } 89 | 90 | @Test 91 | public void should_not_find_members_of_Doe_family_when_strategy_applied() { 92 | assertThat(repository.findByLastName("Doe")).isEmpty(); 93 | } 94 | 95 | } 96 | --------------------------------------------------------------------------------