Java 类java.nio.file.attribute.AclEntryType 实例源码
项目:openjdk-jdk10
文件:TestVMOptionsFile.java
private static void makeFileNonReadable(String file) throws IOException {
Path filePath = Paths.get(file);
Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews();
if (supportedAttr.contains("posix")) {
Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----"));
} else if (supportedAttr.contains("acl")) {
UserPrincipal fileOwner = Files.getOwner(filePath);
AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class);
AclEntry entry = AclEntry.newBuilder()
.setType(AclEntryType.DENY)
.setPrincipal(fileOwner)
.setPermissions(AclEntryPermission.READ_DATA)
.build();
List<AclEntry> acl = view.getAcl();
acl.add(0, entry);
view.setAcl(acl);
}
}
项目:openjdk9
文件:TestVMOptionsFile.java
private static void makeFileNonReadable(String file) throws IOException {
Path filePath = Paths.get(file);
Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews();
if (supportedAttr.contains("posix")) {
Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----"));
} else if (supportedAttr.contains("acl")) {
UserPrincipal fileOwner = Files.getOwner(filePath);
AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class);
AclEntry entry = AclEntry.newBuilder()
.setType(AclEntryType.DENY)
.setPrincipal(fileOwner)
.setPermissions(AclEntryPermission.READ_DATA)
.build();
List<AclEntry> acl = view.getAcl();
acl.add(0, entry);
view.setAcl(acl);
}
}
项目:java-cloud-filesystem-provider
文件:CloudAclFileAttributes.java
/**
* <p>
* This constructor can only discern some very basic permissions. It assumes that because you have access
* to this container then you have all CRUD operation access. This may not be true. More sophisticated
* implementations should be able to tell the exact permissions.
* </p>
* <p>
* There is a lone {@link CloudAclEntry} created which has the default permissions. It is of type
* {@link PublicPrivateCloudPermissionsPrincipal}.
* </p>
* <p>
* Subclasses may implement different permissions.
* </p>
*/
public CloudAclFileAttributes(CloudAclEntryConflictChecker conflictChecker, BlobMetadata blobMetadata, BlobAccess blobAccess) {
super(blobMetadata);
aclSet = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, conflictChecker);
CloudAclEntry<PublicPrivateCloudPermissionsPrincipal> entry =
new CloudAclEntryBuilder<>(PublicPrivateCloudPermissionsPrincipal.class)
.addPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA,
AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY,
AclEntryPermission.DELETE, AclEntryPermission.DELETE_CHILD, AclEntryPermission.LIST_DIRECTORY,
AclEntryPermission.READ_ACL, AclEntryPermission.WRITE_ACL,
AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.READ_ATTRIBUTES)
.setType(AclEntryType.ALLOW)
.setPrincipal(new PublicPrivateCloudPermissionsPrincipal(blobAccess))
.build();
addAcl(AnonymousUserPrincipal.INSTANCE, entry);
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessFailsForAUserWithAnAnonymousGroupAllowRuleButAnonymousUserDenyRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(AnonymousGroupPrincipal.INSTANCE)
.build();
CloudAclEntry<UserPrincipal> entry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.DENY)
.setPrincipal(new AnonymousUserPrincipal())
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1, entry2);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessFailsForAUserGroupWithAnAllowRuleAndAUserWithADenyRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.DENY)
.setPrincipal(user)
.build();
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2);
CloudAclEntry<GroupPrincipal> entry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(group2)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1, entry2);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUserPrincipalWithMultipleCheckPermissionsAndMultipleAssetPermissionsAllowed() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)
.setType(AclEntryType.ALLOW)
.setPrincipal(user)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null,
EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.WRITE_ACL)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null,
EnumSet.of(AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null,
EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForUsersGroupWithMultipleCheckPermissionsAndMultipleAssetPermissionsAllowed() {
UserPrincipal user = new TestUserImpl("user1");
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2);
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)
.setType(AclEntryType.ALLOW)
.setPrincipal(group2)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups,
EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.WRITE_ACL)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups,
EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillDetermineThatAPublicAndPrivateCloudAclConflicts() {
CloudAclEntry<PublicPrivateCloudPermissionsPrincipal> privateAccessEntry =
new CloudAclEntryBuilder<PublicPrivateCloudPermissionsPrincipal>(PublicPrivateCloudPermissionsPrincipal.class)
.setPrincipal(new PublicPrivateCloudPermissionsPrincipal(BlobAccess.PRIVATE))
.setType(AclEntryType.ALLOW)
.build();
CloudAclEntry<PublicPrivateCloudPermissionsPrincipal> publicAccessEntry =
new CloudAclEntryBuilder<PublicPrivateCloudPermissionsPrincipal>(PublicPrivateCloudPermissionsPrincipal.class)
.setPrincipal(new PublicPrivateCloudPermissionsPrincipal(BlobAccess.PUBLIC_READ))
.setType(AclEntryType.ALLOW)
.build();
Assert.assertFalse(checker.isConflictingAcl(privateAccessEntry, privateAccessEntry));
Assert.assertTrue(checker.isConflictingAcl(privateAccessEntry, publicAccessEntry));
Assert.assertTrue(checker.isConflictingAcl(publicAccessEntry, privateAccessEntry));
Assert.assertFalse(checker.isConflictingAcl(publicAccessEntry, publicAccessEntry));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForTheSamePermissionsForAUserConflicts() {
UserPrincipal user1 = new TestUserImpl("user1");
UserPrincipal user2 = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.DELETE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForDifferentUsersDoesNotConflict() {
UserPrincipal user1 = new TestUserImpl("user1");
UserPrincipal user2 = new TestUserImpl("user2");
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.DELETE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForTheSamePermissionsForAGroupConflicts() {
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group1");
CloudAclEntry<GroupPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForDifferentGroupsDoesNotConflict() {
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
CloudAclEntry<GroupPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillReturnFalseForAUserNotInAGroup() {
UserPrincipal user1 = new TestUserImpl("user1");
GroupPrincipal group2 = new TestGroupImpl("group1");
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillReturnFalseByDefaultForAUserInAGroupWithConflictingPermissions() {
UserPrincipal user1 = new TestUserImpl("user1");
TestGroupImpl group2 = new TestGroupImpl("group1");
group2.addMember(user1);
Assert.assertTrue(group2.isMember(user1));
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testIsConflictingAclWillReturnTrueIfTheGroupMembershipCheckIsEnabledForAUserInAGroupWithConflictingPermissions() {
checker = new DefaultCloudAclEntryConflictChecker(true);
UserPrincipal user1 = new TestUserImpl("user1");
TestGroupImpl group2 = new TestGroupImpl("group1");
group2.addMember(user1);
Assert.assertTrue(group2.isMember(user1));
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group2)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testMergeAclForTwoAllowRulesWillMergeThePermissionsAndFlagsOfTwoAclsForTheSameUser() {
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(new TestUserImpl("user1"))
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.addFlag(AclEntryFlag.DIRECTORY_INHERIT)
.build();
CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(new TestUserImpl("user1"))
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.DELETE)
.addFlag(AclEntryFlag.FILE_INHERIT)
.build();
CloudAclEntry<?> mergedAcl = checker.mergeAcl(new ConflictingCloudAclEntry(cloudAclEntry1, cloudAclEntry2));
Assert.assertEquals("user1", ((TestUserImpl)mergedAcl.getPrincipal()).getName());
Assert.assertEquals(AclEntryType.ALLOW, mergedAcl.getType());
Assert.assertEquals(EnumSet.of(AclEntryPermission.DELETE, AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY),
mergedAcl.getPermissions());
Assert.assertEquals(EnumSet.of(AclEntryFlag.DIRECTORY_INHERIT, AclEntryFlag.FILE_INHERIT), mergedAcl.getFlags());
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudAclEntryConflictCheckerTest.java
@Test
public void testMergeAclForTwoDenyRulesWillMergeThePermissionsAndFlagsOfTwoAclsForTheSameUser() {
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(new TestUserImpl("user1"))
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.addFlag(AclEntryFlag.DIRECTORY_INHERIT)
.build();
CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(new TestUserImpl("user1"))
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.DELETE)
.addFlag(AclEntryFlag.FILE_INHERIT)
.build();
CloudAclEntry<?> mergedAcl = checker.mergeAcl(new ConflictingCloudAclEntry(cloudAclEntry1, cloudAclEntry2));
Assert.assertEquals("user1", ((TestUserImpl)mergedAcl.getPrincipal()).getName());
Assert.assertEquals(AclEntryType.DENY, mergedAcl.getType());
Assert.assertEquals(EnumSet.of(AclEntryPermission.DELETE, AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY),
mergedAcl.getPermissions());
Assert.assertEquals(EnumSet.of(AclEntryFlag.DIRECTORY_INHERIT, AclEntryFlag.FILE_INHERIT), mergedAcl.getFlags());
}
项目:java-cloud-filesystem-provider
文件:CloudAclEntrySetTest.java
@Test
public void testCloneProducesACloneEqualsToTheOriginalSet() throws NotOwnerException {
UserPrincipal user1 = new TestUserImpl("user1");
TestGroupImpl group1 = new TestGroupImpl("group1");
CloudAclEntrySet acls = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE);
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.DENY)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY)
.build();
CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.setPrincipal(group1)
.setType(AclEntryType.ALLOW)
.addPermissions(AclEntryPermission.ADD_SUBDIRECTORY)
.build();
Assert.assertTrue(acls.addAllEntries(AnonymousUserPrincipal.INSTANCE,
Arrays.asList(new CloudAclEntry<?>[] {cloudAclEntry1, cloudAclEntry2})));
CloudAclEntrySet clone = acls.clone();
Assert.assertEquals(acls, clone);
}
项目:java-cloud-filesystem-provider
文件:CloudAclEntrySetTest.java
@Test
public void testGetAclEntriesUsesClonedEntriesAndDoesNotModifyTheUnderlyingAclEntry() throws NotOwnerException {
UserPrincipal user1 = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.setPrincipal(user1)
.setType(AclEntryType.ALLOW)
.addPermissions(AclConstants.ALL_DIRECTORY_READ_PERMISSIONS)
.build();
CloudAclEntrySet acls = new CloudAclEntrySet(user1, cloudAclEntry1);
Set<CloudAclEntry<?>> aclEntries = acls.getAclEntries();
Assert.assertEquals(1, aclEntries.size());
CloudAclEntry<?> cloudAclEntryClone = aclEntries.stream().findFirst().get();
Assert.assertEquals(cloudAclEntry1, cloudAclEntryClone);
Assert.assertFalse(cloudAclEntry1 == cloudAclEntryClone);
cloudAclEntryClone.setPermissions(AclConstants.ALL_FILE_WRITE_PERMISSIONS);
Assert.assertEquals(AclConstants.ALL_FILE_WRITE_PERMISSIONS, cloudAclEntryClone.getPermissions());
Assert.assertNotEquals(AclConstants.ALL_DIRECTORY_READ_PERMISSIONS, cloudAclEntryClone.getPermissions());
Assert.assertEquals(AclConstants.ALL_DIRECTORY_READ_PERMISSIONS, cloudAclEntry1.getPermissions());
Assert.assertNotEquals(AclConstants.ALL_FILE_WRITE_PERMISSIONS, cloudAclEntry1.getPermissions());
}
项目:mssqlapplylogs
文件:FSHelper.java
/**
* Add the proper File-System permissions to a file so that SQL Server can run a RESTORE query.
*
* @param username The username that SQL Server runs as, e.g. "NETWORK SERVICE"
* @param file The file whose permissions will be modified.
* @throws IOException
*/
public static void addRestorePermissions(String username, Path file) throws IOException
{
AclFileAttributeView aclAttr = Files.getFileAttributeView(file, AclFileAttributeView.class);
UserPrincipalLookupService currULS = file.getFileSystem().getUserPrincipalLookupService();
UserPrincipal principal = currULS.lookupPrincipalByName(username);
AclEntry.Builder builder = AclEntry.newBuilder();
builder.setPermissions(EnumSet.of(AclEntryPermission.READ_DATA,
AclEntryPermission.READ_ACL,
AclEntryPermission.READ_ATTRIBUTES,
AclEntryPermission.READ_NAMED_ATTRS,
AclEntryPermission.EXECUTE,
AclEntryPermission.SYNCHRONIZE));
builder.setPrincipal(principal);
builder.setType(AclEntryType.ALLOW);
aclAttr.setAcl(Collections.singletonList(builder.build()));
}
项目:wildfly-core
文件:PersistanceResourceTestCase.java
private AclEntry createConfigurationAccessACLEntry(UserPrincipal user) {
AclEntry entry = AclEntry
.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(user)
.setPermissions(
AclEntryPermission.WRITE_NAMED_ATTRS,
AclEntryPermission.WRITE_DATA,
AclEntryPermission.WRITE_ATTRIBUTES,
AclEntryPermission.READ_ATTRIBUTES,
AclEntryPermission.APPEND_DATA,
AclEntryPermission.READ_DATA,
AclEntryPermission.READ_NAMED_ATTRS,
AclEntryPermission.READ_ACL,
AclEntryPermission.SYNCHRONIZE,
AclEntryPermission.DELETE)
.setFlags(AclEntryFlag.FILE_INHERIT)
.build();
return entry;
}
项目:java-cloud-filesystem-provider
文件:CloudAclEntrySet.java
/**
* Finds all ACL's with any of the specified type and with <em>all</em> of the permissions
* type.
* @param aclOwner
* @param type
* @return
*/
public Set<CloudAclEntry<?>> findAclsOfTypeWithAllPermissions(Principal aclOwner, AclEntryType type,
Set<AclEntryPermission> permissions) {
return findAcls(a ->
type.equals(a.getType()) &&
aclOwner.equals(a.getPrincipal()) &&
SetUtils.difference(permissions, a.getPermissions()).isEmpty());
}
项目:java-cloud-filesystem-provider
文件:CloudAclEntrySet.java
/**
* Finds all ACL's with any of the specified type and with <em>any</em> of the permissions
* type.
* @param aclOwner
* @param type
* @return
*/
public Set<CloudAclEntry<?>> findAclsOfTypeWithAnyPermissions(Principal aclOwner, AclEntryType type,
Set<AclEntryPermission> permissions) {
return findAcls(a ->
type.equals(a.getType()) &&
aclOwner.equals(a.getPrincipal()) &&
SetUtils.difference(permissions, a.getPermissions()).size() < permissions.size());
}
项目:java-cloud-filesystem-provider
文件:CloudFile.java
@Override
public boolean setWritable(boolean writable, boolean ownerOnly) {
try {
return setPermissionsForCurrentCloudPath(ownerOnly, writable ? AclEntryType.ALLOW : AclEntryType.DENY,
ALL_FILE_WRITE_PERMISSIONS, ALL_DIRECTORY_WRITE_PERMISSIONS);
} catch (NotOwnerException e) {
LOG.warn("Cannot set write state, current user does not own the file ACL for {}", cloudPath);
return false;
}
}
项目:java-cloud-filesystem-provider
文件:CloudFile.java
@Override
public boolean setReadable(boolean readable, boolean ownerOnly) {
try {
return setPermissionsForCurrentCloudPath(ownerOnly, readable ? AclEntryType.ALLOW : AclEntryType.DENY,
ALL_FILE_READ_PERMISSIONS, ALL_DIRECTORY_READ_PERMISSIONS);
} catch (NotOwnerException e) {
LOG.warn("Cannot set read state, current user does not own the file ACL for {}", cloudPath);
return false;
}
}
项目:java-cloud-filesystem-provider
文件:CloudFile.java
@Override
public boolean setExecutable(boolean executable, boolean ownerOnly) {
try {
return setPermissionsForCurrentCloudPath(ownerOnly, executable ? AclEntryType.ALLOW : AclEntryType.DENY,
ALL_FILE_EXEC_PERMISSIONS, ALL_FILE_EXEC_PERMISSIONS);
} catch (NotOwnerException e) {
LOG.warn("Cannot set execute state, current user does not own the file ACL for {}", cloudPath);
return false;
}
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUserPrincipalWithAnAllowRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(user)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUserPrincipalWithAnAnonymousAllowRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(new AnonymousUserPrincipal())
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAnAnonymousUserWithAnAnonymousAllowRule() {
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(new AnonymousUserPrincipal())
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, null, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUserWithAnAnonymousGroupAllowRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(AnonymousGroupPrincipal.INSTANCE)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAnAnonymousUserWithAnAnonymousGroupAllowRule() {
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(AnonymousGroupPrincipal.INSTANCE)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, null, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAUsersGroupWithAnAllowRule() {
UserPrincipal user = new TestUserImpl("user1");
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2);
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(group2)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAGroupWithAnAllowRule() {
GroupPrincipal group = new TestGroupImpl("group1");
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(group)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAGroupWithAnAnonymousGroupAllowRule() {
GroupPrincipal group = new TestGroupImpl("group1");
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.ALLOW)
.setPrincipal(AnonymousGroupPrincipal.INSTANCE)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessFailsForAUserPrincipalWithADenyRule() {
UserPrincipal user = new TestUserImpl("user1");
CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.DENY)
.setPrincipal(user)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessFailsForAUsersGroupWithADenyRule() {
UserPrincipal user = new TestUserImpl("user1");
GroupPrincipal group1 = new TestGroupImpl("group1");
GroupPrincipal group2 = new TestGroupImpl("group2");
Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2);
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.DENY)
.setPrincipal(group2)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessFailsForAGroupWithADenyRule() {
GroupPrincipal group = new TestGroupImpl("group1");
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermission(AclEntryPermission.ADD_FILE)
.setType(AclEntryType.DENY)
.setPrincipal(group)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
}
项目:java-cloud-filesystem-provider
文件:DefaultAclCheckingSecurityManagerTest.java
@Test
public void testDoesUserHaveAccessSucceedsForAGroupWithMultipleCheckPermissionsAndMultipleAssetPermissionsAllowed() {
GroupPrincipal group = new TestGroupImpl("group1");
CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class)
.addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)
.setType(AclEntryType.ALLOW)
.setPrincipal(group)
.build();
CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1);
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null, EnumSet.of(AclEntryPermission.ADD_FILE)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null,
EnumSet.of(AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)));
Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, group, null,
EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL)));
}
项目:java-cloud-filesystem-provider
文件:DefaultCloudFileSystemImplementationIntegrationTest.java
@Test
public void testCloudFileAttributesViewAllowsThePublicPrivateAccessAclToBeModified() throws IOException, NotOwnerException {
String originalContent = "This is some content";
String testFileName = "cloud-file-channel-test.txt";
CloudPath testFilePath = new CloudPath(containerPath, testFileName);
createRawContent(testFileName, BlobAccess.PUBLIC_READ, originalContent.getBytes("UTF-8"));
// Get the view
CloudFileAttributesView fileAttributeView =
impl.getFileAttributeView(blobStoreContext, CloudFileAttributesView.class, testFilePath);
// Read the ACL's
CloudAclFileAttributes readAclFileAttributes = fileAttributeView.readAttributes();
CloudAclEntrySet cloudAclEntrySet = readAclFileAttributes.getAclSet();
assertPublicPrivateAccessAcl(cloudAclEntrySet, BlobAccess.PUBLIC_READ);
// Change the access
CloudAclEntrySet newCloudAclEntrySet =
new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, DefaultCloudAclEntryConflictChecker.INSTANCE);
CloudAclEntry<PublicPrivateCloudPermissionsPrincipal> privateAccessEntry =
new CloudAclEntryBuilder<PublicPrivateCloudPermissionsPrincipal>(PublicPrivateCloudPermissionsPrincipal.class)
.setPrincipal(new PublicPrivateCloudPermissionsPrincipal(BlobAccess.PRIVATE))
.setType(AclEntryType.ALLOW)
.build();
newCloudAclEntrySet.addAclEntry(AnonymousUserPrincipal.INSTANCE, privateAccessEntry);
Assert.assertEquals(1, newCloudAclEntrySet.size());
Assert.assertTrue(fileAttributeView.setAclFileAttributes(newCloudAclEntrySet).isEmpty());
// Check by reading the ACL back again
readAclFileAttributes = fileAttributeView.readAttributes();
cloudAclEntrySet = readAclFileAttributes.getAclSet();
assertPublicPrivateAccessAcl(cloudAclEntrySet, BlobAccess.PRIVATE);
}