Java 类java.nio.file.attribute.AclEntryPermission 实例源码
项目:openjdk-jdk10
文件:TestVMOptionsFile.java
private static void makeFileNonReadable(String file) throws IOException {
Path filePath = Paths.get(file);
Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews();
if (supportedAttr.contains("posix")) {
Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----"));
} else if (supportedAttr.contains("acl")) {
UserPrincipal fileOwner = Files.getOwner(filePath);
AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class);
AclEntry entry = AclEntry.newBuilder()
.setType(AclEntryType.DENY)
.setPrincipal(fileOwner)
.setPermissions(AclEntryPermission.READ_DATA)
.build();
List<AclEntry> acl = view.getAcl();
acl.add(0, entry);
view.setAcl(acl);
}
}
项目:openjdk9
文件:TestVMOptionsFile.java
private static void makeFileNonReadable(String file) throws IOException {
Path filePath = Paths.get(file);
Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews();
if (supportedAttr.contains("posix")) {
Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----"));
} else if (supportedAttr.contains("acl")) {
UserPrincipal fileOwner = Files.getOwner(filePath);
AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class);
AclEntry entry = AclEntry.newBuilder()
.setType(AclEntryType.DENY)
.setPrincipal(fileOwner)
.setPermissions(AclEntryPermission.READ_DATA)
.build();
List<AclEntry> acl = view.getAcl();
acl.add(0, entry);
view.setAcl(acl);
}
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManager.java
@Override
public boolean checkAccessAllowed(CloudPath path, UserPrincipal userOrGroup,
Set<AclEntryPermission> checkPermissions) {
// Get the view for the path
CloudFileAttributesView cloudFileAttributeView = Files.getFileAttributeView(path, CloudFileAttributesView.class);
if (cloudFileAttributeView == null) {
LOG.warn("Could not get {} attribute view from path {}", CloudFileAttributesView.class, path);
return false;
}
CloudAclFileAttributes aclFileAttributes;
try {
aclFileAttributes = cloudFileAttributeView.readAttributes();
} catch (IOException e) {
LOG.warn("Could not read ACL file attributes for {}", path);
return false;
}
return checkAccessAllowed(aclFileAttributes.getAclSet(), userOrGroup, checkPermissions);
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManager.java
/**
* Checks the access for the given user/group such that the <em>all</em> of the permissions in
* <em>checkPermissions</em> are allowed in the <em>cloudAclEntrySet</em>
*
* @param cloudAclEntrySet Asset ACL permissions
* @param userOrGroup A {@link UserPrincipal} or {@link GroupPrincipal}, which can be null for
* anonymous
* @param checkPermissions Permissions to check for
* @return true if access is allowed with the given permissions, false otherwise
*/
@Override
public boolean checkAccessAllowed(CloudAclEntrySet assetPermissions, UserPrincipal userOrGroup,
Set<AclEntryPermission> checkPermissions) {
boolean isGroup = userOrGroup != null ? GroupPrincipal.class.isAssignableFrom(userOrGroup.getClass()) : false;
// Get a user's groups if required
Set<GroupPrincipal> userGroups;
if (!isGroup && userPrincipalLookupService != null && userOrGroup != null) {
userGroups = userPrincipalLookupService.getUserPrincipalGroups(userOrGroup);
} else {
userGroups = null;
}
return doesUserHaveAccess(assetPermissions, userOrGroup, userGroups, checkPermissions);
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudFileSystemImplementation.java
/**
* File access is checked using {@link #checkAccess(BlobStoreContext, CloudPath, Set)}
* always with {@link AclEntryPermission#WRITE_DATA} and {@link AclEntryPermission#ADD_FILE},
* and optionally with {@link AclEntryPermission#APPEND_DATA} if <em>options</em> contains
* {@link StandardOpenOption#APPEND}.
* @see CloudFileChannel
*/
@Override
public CloudFileChannel newByteChannel(BlobStoreContext context, CloudPath path,
Set<? extends OpenOption> options, FileAttribute<?>... attrs) throws IOException {
EnumSet<AclEntryPermission> channelPerms = EnumSet.noneOf(AclEntryPermission.class);
options.forEach(o -> {
AclEntryPermission aclPerm = openOptionToAclEntryPermission(o);
if (aclPerm != null) {
channelPerms.add(aclPerm);
}
});
// Check the parent path for file add
if (channelPerms.remove(AclEntryPermission.ADD_FILE)) {
checkAccess(context, path.getParent(), CREATE_NEW_FILE_PERMS);
}
// Check file access if the file exists
if (path.exists()) {
checkAccess(context, path, channelPerms);
}
// Create the channel
return new CloudFileChannel(context, path, getCloudFileChannelTransport(), options, attrs);
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudFileSystemImplementation.java
/**
* Transforms a {@link StandardOpenOption} into an {@link AclEntryPermission}. Other
* {@link OpenOption} types are ignored.
* @param o
* @return The option as an ACL permission or null if this is not applicable.
*/
protected AclEntryPermission openOptionToAclEntryPermission(OpenOption o) {
if (o instanceof StandardOpenOption) {
switch ((StandardOpenOption)o) {
case APPEND: return AclEntryPermission.APPEND_DATA;
case CREATE: return AclEntryPermission.ADD_FILE;
case CREATE_NEW: return AclEntryPermission.ADD_FILE;
case DELETE_ON_CLOSE: return AclEntryPermission.DELETE;
case READ: return AclEntryPermission.READ_DATA;
case TRUNCATE_EXISTING: return AclEntryPermission.APPEND_DATA;
case WRITE: return AclEntryPermission.WRITE_DATA;
default: return null;
}
}
return null;
}
项目:java-cloud-filesystem-provider
文件:CloudAclFileAttributes.java
/**
* <p>
* This constructor can only discern some very basic permissions. It assumes that because you have access
* to this container then you have all CRUD operation access. This may not be true. More sophisticated
* implementations should be able to tell the exact permissions.
* </p>
* <p>
* There is a lone {@link CloudAclEntry} created which has the default permissions. It is of type
* {@link PublicPrivateCloudPermissionsPrincipal}.
* </p>
* <p>
* Subclasses may implement different permissions.
* </p>
*/
public CloudAclFileAttributes(CloudAclEntryConflictChecker conflictChecker, BlobMetadata blobMetadata, BlobAccess blobAccess) {
super(blobMetadata);
aclSet = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, conflictChecker);
CloudAclEntry<PublicPrivateCloudPermissionsPrincipal> entry =
new CloudAclEntryBuilder<>(PublicPrivateCloudPermissionsPrincipal.class)
.addPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA,
AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY,
AclEntryPermission.DELETE, AclEntryPermission.DELETE_CHILD, AclEntryPermission.LIST_DIRECTORY,
AclEntryPermission.READ_ACL, AclEntryPermission.WRITE_ACL,
AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.READ_ATTRIBUTES)
.setType(AclEntryType.ALLOW)
.setPrincipal(new PublicPrivateCloudPermissionsPrincipal(blobAccess))
.build();
addAcl(AnonymousUserPrincipal.INSTANCE, entry);
}
项目:java-cloud-filesystem-provider
文件:CloudFileSystemProviderDelegate.java
@Override
public void checkAccess(Path path, AccessMode... modes) throws IOException {
CloudPath cloudPath = getCloudPath(path);
CloudFileSystemImplementation sourceCloudFileSystemImplementation = getCloudFileSystemImplementation(cloudPath);
// Work out permissions to check
Set<AclEntryPermission> checkPermissions = EnumSet.noneOf(AclEntryPermission.class);
Arrays.stream(modes).forEach(m ->
{
if (AccessMode.EXECUTE.equals(m)) {
checkPermissions.add(AclEntryPermission.EXECUTE);
} else if (AccessMode.READ.equals(m)) {
checkPermissions.add(AclEntryPermission.READ_DATA);
} else if (AccessMode.WRITE.equals(m)) {
checkPermissions.add(AclEntryPermission.WRITE_DATA);
}
});
sourceCloudFileSystemImplementation.checkAccess(getBlobStoreContext(cloudPath), cloudPath, checkPermissions);
}
项目:java-cloud-filesystem-provider
文件:CloudFile.java
boolean hasPermissions(EnumSet<AclEntryPermission> permissions) {
CloudHostConfiguration cloudHostConfiguration = cloudPath.getFileSystem().getCloudHostConfiguration();
CloudHostSecurityManager cloudHostSecurityManager = cloudHostConfiguration.getCloudHostSecurityManager();
UserGroupLookupService<?> userPrincipalLookupService =
cloudHostConfiguration.getUserGroupLookupService();
if (cloudHostSecurityManager == null) {
// No security manager, allow access
LOG.debug("No {} found in cloud host configuration {}, default action is to allow all access",
CloudHostSecurityManager.class, cloudHostConfiguration);
return true;
}
UserPrincipal currentUser = null; // Anonymous
if (userPrincipalLookupService != null) {
currentUser = userPrincipalLookupService.getCurrentUser();
} else {
LOG.debug("Cannot find current user, no {} in cloud host configuration {}",
UserGroupLookupService.class, cloudHostConfiguration);
currentUser = AnonymousUserPrincipal.INSTANCE;
}
return cloudHostSecurityManager.checkAccessAllowed(cloudPath, currentUser, permissions);
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessFailsForAUserWithAnAnonymousGroupAllowRuleButAnonymousUserDenyRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(AnonymousGroupPrincipal.INSTANCE)
.build();
CloudAclEntry<UserPrincipal> entry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.DENY)
.setPrincipal(new AnonymousUserPrincipal())
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1, entry2);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessFailsForAUserGroupWithAnAllowRuleAndAUserWithADenyRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.DENY)
.setPrincipal(user)
.build();
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2);
CloudAclEntry<GroupPrincipal> entry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(group2)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1, entry2);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUserPrincipalWithMultipleCheckPermissionsAndMultipleAssetPermissionsAllowed() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)
.setType(AclEntryType.ALLOW)
.setPrincipal(user)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null,
EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.WRITE_ACL)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null,
EnumSet.of(AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null,
EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForUsersGroupWithMultipleCheckPermissionsAndMultipleAssetPermissionsAllowed() {
UserPrincipal user = new TestUserImpl("user1");
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2);
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)
.setType(AclEntryType.ALLOW)
.setPrincipal(group2)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups,
EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.WRITE_ACL)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups,
EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForTheSamePermissionsForAUserConflicts() {
UserPrincipal user1 = new TestUserImpl("user1");
UserPrincipal user2 = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.DELETE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForDifferentUsersDoesNotConflict() {
UserPrincipal user1 = new TestUserImpl("user1");
UserPrincipal user2 = new TestUserImpl("user2");
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.DELETE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForTheSamePermissionsForAGroupConflicts() {
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group1");
CloudAclEntry<GroupPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForDifferentGroupsDoesNotConflict() {
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
CloudAclEntry<GroupPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillReturnFalseForAUserNotInAGroup() {
UserPrincipal user1 = new TestUserImpl("user1");
GroupPrincipal group2 = new TestGroupImpl("group1");
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillReturnFalseByDefaultForAUserInAGroupWithConflictingPermissions() {
UserPrincipal user1 = new TestUserImpl("user1");
TestGroupImpl group2 = new TestGroupImpl("group1");
group2.addMember(user1);
Assert.assertTrue(group2.isMember(user1));
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillReturnTrueIfTheGroupMembershipCheckIsEnabledForAUserInAGroupWithConflictingPermissions() {
checker = new DefaultCloudAclEntryConflictChecker(true);
UserPrincipal user1 = new TestUserImpl("user1");
TestGroupImpl group2 = new TestGroupImpl("group1");
group2.addMember(user1);
Assert.assertTrue(group2.isMember(user1));
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testMergeAclForTwoAllowRulesWillMergeThePermissionsAndFlagsOfTwoAclsForTheSameUser() {
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(new TestUserImpl("user1"))
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.addFlag(AclEntryFlag.DIRECTORY_INHERIT)
.build();
CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(new TestUserImpl("user1"))
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.DELETE)
.addFlag(AclEntryFlag.FILE_INHERIT)
.build();
CloudAclEntry<?> mergedAcl = checker.mergeAcl(new ConflictingCloudAclEntry(cloudAclEntry1, cloudAclEntry2));
Assert.assertEquals("user1", ((TestUserImpl)mergedAcl.getPrincipal()).getName());
Assert.assertEquals(AclEntryType.ALLOW, mergedAcl.getType());
Assert.assertEquals(EnumSet.of(AclEntryPermission.DELETE, AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY),
mergedAcl.getPermissions());
Assert.assertEquals(EnumSet.of(AclEntryFlag.DIRECTORY_INHERIT, AclEntryFlag.FILE_INHERIT), mergedAcl.getFlags());
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testMergeAclForTwoDenyRulesWillMergeThePermissionsAndFlagsOfTwoAclsForTheSameUser() {
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(new TestUserImpl("user1"))
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.addFlag(AclEntryFlag.DIRECTORY_INHERIT)
.build();
CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(new TestUserImpl("user1"))
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.DELETE)
.addFlag(AclEntryFlag.FILE_INHERIT)
.build();
CloudAclEntry<?> mergedAcl = checker.mergeAcl(new ConflictingCloudAclEntry(cloudAclEntry1, cloudAclEntry2));
Assert.assertEquals("user1", ((TestUserImpl)mergedAcl.getPrincipal()).getName());
Assert.assertEquals(AclEntryType.DENY, mergedAcl.getType());
Assert.assertEquals(EnumSet.of(AclEntryPermission.DELETE, AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY),
mergedAcl.getPermissions());
Assert.assertEquals(EnumSet.of(AclEntryFlag.DIRECTORY_INHERIT, AclEntryFlag.FILE_INHERIT), mergedAcl.getFlags());
}
项目:java-cloud-filesystem-provider
文件:CloudFileAttributesViewTest.java
@Test
public void testCheckAccessForADirectoryWithAnAnonymousUserWillAllowAccessIfTheSecurityManagerAllowsIt() throws IOException {
CloudHostSecurityManager securityManager = context.mock(CloudHostSecurityManager.class);
EnumSet<AclEntryPermission> perms = EnumSet.of(AclEntryPermission.ADD_FILE);
context.checking(new Expectations() {{
allowing(config).getUserGroupLookupService();
will(returnValue(null));
allowing(config).getCloudHostSecurityManager();
will(returnValue(securityManager));
allowing(blobStore).directoryExists(TEST_CONTAINER, TEST_PATH);
will(returnValue(true));
exactly(1).of(securityManager).checkAccessAllowed(with(any(CloudAclEntrySet.class)),
with(equal(AnonymousUserPrincipal.INSTANCE)), with(equal(perms)));
will(returnValue(true));
}});
view.checkAccess(perms);
}
项目:java-cloud-filesystem-provider
文件:CloudAclEntrySetTest.java
@Test
public void testCloneProducesACloneEqualsToTheOriginalSet() throws NotOwnerException {
UserPrincipal user1 = new TestUserImpl("user1");
TestGroupImpl group1 = new TestGroupImpl("group1");
CloudAclEntrySet acls = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE);
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group1)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertTrue(acls.addAllEntries(AnonymousUserPrincipal.INSTANCE,
Arrays.asList(new CloudAclEntry<?>[] {cloudAclEntry1, cloudAclEntry2})));
CloudAclEntrySet clone = acls.clone();
Assert.assertEquals(acls, clone);
}
项目:mssqlapplylogs
文件:FSHelper.java
/**
* Add the proper File-System permissions to a file so that SQL Server can run a RESTORE query.
*
* @param username The username that SQL Server runs as, e.g. "NETWORK SERVICE"
* @param file The file whose permissions will be modified.
* @throws IOException
*/
public static void addRestorePermissions(String username, Path file) throws IOException
{
AclFileAttributeView aclAttr = Files.getFileAttributeView(file, AclFileAttributeView.class);
UserPrincipalLookupService currULS = file.getFileSystem().getUserPrincipalLookupService();
UserPrincipal principal = currULS.lookupPrincipalByName(username);
AclEntry.Builder builder = AclEntry.newBuilder();
builder.setPermissions(EnumSet.of(AclEntryPermission.READ_DATA,
AclEntryPermission.READ_ACL,
AclEntryPermission.READ_ATTRIBUTES,
AclEntryPermission.READ_NAMED_ATTRS,
AclEntryPermission.EXECUTE,
AclEntryPermission.SYNCHRONIZE));
builder.setPrincipal(principal);
builder.setType(AclEntryType.ALLOW);
aclAttr.setAcl(Collections.singletonList(builder.build()));
}
项目:wildfly-core
文件:PersistanceResourceTestCase.java
private AclEntry createConfigurationAccessACLEntry(UserPrincipal user) {
AclEntry entry = AclEntry
.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(user)
.setPermissions(
AclEntryPermission.WRITE_NAMED_ATTRS,
AclEntryPermission.WRITE_DATA,
AclEntryPermission.WRITE_ATTRIBUTES,
AclEntryPermission.READ_ATTRIBUTES,
AclEntryPermission.APPEND_DATA,
AclEntryPermission.READ_DATA,
AclEntryPermission.READ_NAMED_ATTRS,
AclEntryPermission.READ_ACL,
AclEntryPermission.SYNCHRONIZE,
AclEntryPermission.DELETE)
.setFlags(AclEntryFlag.FILE_INHERIT)
.build();
return entry;
}
项目:incubator-servicecomb-java-chassis
文件:FilePerm.java
/**
* 获取默认acl权限
*/
public static Set<AclEntryPermission> getDefaultAclPerm() {
Set<AclEntryPermission> perms = EnumSet.noneOf(AclEntryPermission.class);
perms.addAll(Arrays.asList(permList));
return perms;
}
项目:finances
文件:ConnectionConfig.java
private void setWindowsPermissions(Path path) {
try {
AclFileAttributeView aclAttr = Files.getFileAttributeView(path, AclFileAttributeView.class);
UserPrincipalLookupService lookupService = path.getFileSystem().getUserPrincipalLookupService();
aclAttr.setAcl(Arrays.asList(
getAclEntry(lookupService.lookupPrincipalByName("SYSTEM"), Collections.emptySet()),
getAclEntry(lookupService.lookupPrincipalByName(System.getProperty("user.name")), EnumSet.allOf(AclEntryPermission.class))
));
} catch (IOException ex) {
throw new RuntimeException(ex);
}
}
项目:java-cloud-filesystem-provider
文件:CloudFileAttributesView.java
/**
* <p>
* This first invokes {@link #readInternalAclFileAttributes()}
* to determine file existence, which throws a {@link FileNotFoundException} if the file doesn't exist.
* Access to the file is then checked by first retrieving the
* {@link CloudHostConfiguration#getUserGroupLookupService() user service} and if it is
* of has the mixin interface {@link UserGroupLookupService} then it will get the
* {@link CloudHostConfiguration#getCloudHostSecurityManager() cloud host security manager} and invoke
* {@link CloudHostSecurityManager#checkAccessAllowed(CloudAclEntrySet, UserPrincipal, Set)} to work out
* if the permissions are valid.
* </p>
* <p>
* If no {@link UserGroupLookupService} exists or the lookup returns <em>null</em> then the
* {@link AnonymousUserPrincipal#INSTANCE} is used.
* </p>
* <p>
* If no {@link CloudHostSecurityManager} is available then access will just be allowed as no access
* check is possible.
* </p>
* @throws SecurityException If access is not allowed
*/
public CloudAclFileAttributes checkAccess(Set<AclEntryPermission> checkPermissions) throws IOException {
// Throws FileNotFoundException
CloudAclFileAttributes readAttributes = readInternalAclFileAttributes();
// Read the config
CloudHostConfiguration cloudHostConfiguration = path.getFileSystem().getCloudHostConfiguration();
// Get the security manager
CloudHostSecurityManager cloudHostSecurityManager = cloudHostConfiguration.getCloudHostSecurityManager();
if (cloudHostSecurityManager == null) {
// No security manager, no access
LOG.info("No {} found in cloud host configuration {}, default action is to allow all access",
CloudHostSecurityManager.class, cloudHostConfiguration);
return readAttributes;
}
// Try to get the current user
UserPrincipal currentUser = null;
UserGroupLookupService<?> userGroupLookupService = cloudHostConfiguration.getUserGroupLookupService();
if (userGroupLookupService != null) {
currentUser = ((UserGroupLookupService<?>)userGroupLookupService).getCurrentUser();
}
// Default to anonymous
if (currentUser == null) {
currentUser = AnonymousUserPrincipal.INSTANCE;
}
// Check for access against the ACL's
if (!cloudHostSecurityManager.checkAccessAllowed(readAttributes.getAclSet(), currentUser, checkPermissions)) {
LOG.debug("Permission doesn't allow access for '{}': {}", path.toString(), checkPermissions);
throw new AccessDeniedException(path.toString(), null, "Permission doesn't allow access");
}
return readAttributes;
}
项目:java-cloud-filesystem-provider
文件:CloudAclEntrySet.java
/**
* Finds all ACL's with any of the specified type and with <em>all</em> of the permissions
* type.
* @param aclOwner
* @param type
* @return
*/
public Set<CloudAclEntry<?>> findAclsOfTypeWithAllPermissions(Principal aclOwner, AclEntryType type,
Set<AclEntryPermission> permissions) {
return findAcls(a ->
type.equals(a.getType()) &&
aclOwner.equals(a.getPrincipal()) &&
SetUtils.difference(permissions, a.getPermissions()).isEmpty());
}
项目:java-cloud-filesystem-provider
文件:CloudAclEntrySet.java
/**
* Finds all ACL's with any of the specified type and with <em>any</em> of the permissions
* type.
* @param aclOwner
* @param type
* @return
*/
public Set<CloudAclEntry<?>> findAclsOfTypeWithAnyPermissions(Principal aclOwner, AclEntryType type,
Set<AclEntryPermission> permissions) {
return findAcls(a ->
type.equals(a.getType()) &&
aclOwner.equals(a.getPrincipal()) &&
SetUtils.difference(permissions, a.getPermissions()).size() < permissions.size());
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessFailsForAUserPrincipalWithNoRules() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
// Now try it with some groups as well
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessFailsForAnAnonymousUserWithNoRules() {
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, null, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
// Now try it with some groups as well to try and break it
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, null, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUserPrincipalWithAnAllowRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(user)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUserPrincipalWithAnAnonymousAllowRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(new AnonymousUserPrincipal())
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAnAnonymousUserWithAnAnonymousAllowRule() {
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(new AnonymousUserPrincipal())
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, null, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUserWithAnAnonymousGroupAllowRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(AnonymousGroupPrincipal.INSTANCE)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAnAnonymousUserWithAnAnonymousGroupAllowRule() {
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(AnonymousGroupPrincipal.INSTANCE)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, null, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUsersGroupWithAnAllowRule() {
UserPrincipal user = new TestUserImpl("user1");
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2);
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(group2)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE)));
}