[tlinh2110@gmail.com]Bael1313 Create spring-acl module (#3131)

* [tlinh2110@gmail.com] [BAEL1313] Introduction Spring ACL * [tlinh2110@gmail.com] BAEL 1313 - Update unit test * [tlinh2110@gmail.com]BAEL1313- remove unused files from spring-core * [BAEL1313] Create spring-acl module * [BAEL1313] Add resources for Spring ACL * [BAEL1313] Remove acl from spring-security-mvc-boot * [BAEL1313] Add Spring ACL module in parent pom.xml
2017-12-01 14:55:22 +08:00 · 2017-12-01 14:55:22 +08:00 · 2ad2d4d820
parent f84dbbbb45
commit 2ad2d4d820
11 changed files with 454 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@ -141,6 +141,7 @@
        <module>spark-java</module>
      <!--  <module>spring-5</module>-->
        <module>spring-5-mvc</module>
        <module>spring-acl</module>
        <module>spring-activiti</module>
        <module>spring-akka</module>
        <module>spring-amqp</module>
--- a/spring-acl/pom.xml
+++ b/spring-acl/pom.xml
@ -0,0 +1,66 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.baeldung</groupId>
    <artifactId>spring-acl</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>war</packaging>
    <name>spring-acl</name>
    <description>Spring ACL</description>
    <parent>
        <artifactId>parent-boot-5</artifactId>
        <groupId>com.baeldung</groupId>
        <version>0.0.1-SNAPSHOT</version>
        <relativePath>../parent-boot-5</relativePath>
    </parent>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
 		    <groupId>org.springframework.security</groupId>
 		    <artifactId>spring-security-acl</artifactId>
 		</dependency>
 		<dependency>
 		    <groupId>org.springframework.security</groupId>
 		    <artifactId>spring-security-config</artifactId>
 		</dependency>
 		<dependency>
 		    <groupId>org.springframework</groupId>
 		    <artifactId>spring-context-support</artifactId>
 		</dependency>
 		<dependency>
 	        <groupId>net.sf.ehcache</groupId>
 	    	<artifactId>ehcache-core</artifactId>
 	    	<version>2.6.11</version>
 	    	<type>jar</type>
        </dependency>
    </dependencies>
 </project>
--- a/spring-acl/src/main/java/org/baeldung/acl/config/ACLContext.java
+++ b/spring-acl/src/main/java/org/baeldung/acl/config/ACLContext.java
@ -0,0 +1,80 @@
 package org.baeldung.acl.config;
 import javax.sql.DataSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.cache.ehcache.EhCacheFactoryBean;
 import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
 import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.acls.AclPermissionCacheOptimizer;
 import org.springframework.security.acls.AclPermissionEvaluator;
 import org.springframework.security.acls.domain.AclAuthorizationStrategy;
 import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
 import org.springframework.security.acls.domain.ConsoleAuditLogger;
 import org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy;
 import org.springframework.security.acls.domain.EhCacheBasedAclCache;
 import org.springframework.security.acls.jdbc.BasicLookupStrategy;
 import org.springframework.security.acls.jdbc.JdbcMutableAclService;
 import org.springframework.security.acls.jdbc.LookupStrategy;
 import org.springframework.security.acls.model.PermissionGrantingStrategy;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@Configuration
@EnableAutoConfiguration
 public class ACLContext {
    @Autowired
    DataSource dataSource;
    @Bean
    public EhCacheBasedAclCache aclCache() {
        return new EhCacheBasedAclCache(aclEhCacheFactoryBean().getObject(), permissionGrantingStrategy(), aclAuthorizationStrategy());
    }
    @Bean
    public EhCacheFactoryBean aclEhCacheFactoryBean() {
        EhCacheFactoryBean ehCacheFactoryBean = new EhCacheFactoryBean();
        ehCacheFactoryBean.setCacheManager(aclCacheManager().getObject());
        ehCacheFactoryBean.setCacheName("aclCache");
        return ehCacheFactoryBean;
    }
    @Bean
    public EhCacheManagerFactoryBean aclCacheManager() {
        return new EhCacheManagerFactoryBean();
    }
    @Bean
    public PermissionGrantingStrategy permissionGrantingStrategy() {
        return new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger());
    }
    @Bean
    public AclAuthorizationStrategy aclAuthorizationStrategy() {
        return new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ADMIN"));
    }
    @Bean
    public MethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler() {
        DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
        AclPermissionEvaluator permissionEvaluator = new AclPermissionEvaluator(aclService());
        expressionHandler.setPermissionEvaluator(permissionEvaluator);
        expressionHandler.setPermissionCacheOptimizer(new AclPermissionCacheOptimizer(aclService()));
        return expressionHandler;
    }
    @Bean
    public LookupStrategy lookupStrategy() {
        return new BasicLookupStrategy(dataSource, aclCache(), aclAuthorizationStrategy(), new ConsoleAuditLogger());
    }
    @Bean
    public JdbcMutableAclService aclService() {
        return new JdbcMutableAclService(dataSource, lookupStrategy(), aclCache());
    }
 }
--- a/spring-acl/src/main/java/org/baeldung/acl/config/AclMethodSecurityConfiguration.java
+++ b/spring-acl/src/main/java/org/baeldung/acl/config/AclMethodSecurityConfiguration.java
@ -0,0 +1,21 @@
 package org.baeldung.acl.config;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 public class AclMethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {
    @Autowired
    MethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler;
    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler() {
        return defaultMethodSecurityExpressionHandler;
    }
 }
--- a/spring-acl/src/main/java/org/baeldung/acl/config/JPAPersistenceConfig.java
+++ b/spring-acl/src/main/java/org/baeldung/acl/config/JPAPersistenceConfig.java
@ -0,0 +1,16 @@
 package org.baeldung.acl.config;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
@Configuration
@EnableTransactionManagement
@EnableJpaRepositories(basePackages = "org.baeldung.acl.persistence.dao")
@PropertySource("classpath:org.baeldung.acl.datasource.properties")
@EntityScan(basePackages={ "org.baeldung.acl.persistence.entity" })
 public class JPAPersistenceConfig {
 }
--- a/spring-acl/src/main/java/org/baeldung/acl/persistence/dao/NoticeMessageRepository.java
+++ b/spring-acl/src/main/java/org/baeldung/acl/persistence/dao/NoticeMessageRepository.java
@ -0,0 +1,24 @@
 package org.baeldung.acl.persistence.dao;
 import java.util.List;
 import org.baeldung.acl.persistence.entity.NoticeMessage;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.repository.query.Param;
 import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.access.prepost.PostFilter;
 import org.springframework.security.access.prepost.PreAuthorize;
 public interface NoticeMessageRepository extends JpaRepository<NoticeMessage, Long>{
    @PostFilter("hasPermission(filterObject, 'READ')")
    List<NoticeMessage> findAll();
    @PostAuthorize("hasPermission(returnObject, 'READ')")
    NoticeMessage findById(Integer id);
    @SuppressWarnings("unchecked")
    @PreAuthorize("hasPermission(#noticeMessage, 'WRITE')")
    NoticeMessage save(@Param("noticeMessage")NoticeMessage noticeMessage);
 }
--- a/spring-acl/src/main/java/org/baeldung/acl/persistence/entity/NoticeMessage.java
+++ b/spring-acl/src/main/java/org/baeldung/acl/persistence/entity/NoticeMessage.java
@ -0,0 +1,29 @@
 package org.baeldung.acl.persistence.entity;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
 import javax.persistence.Table;
@Entity
@Table(name="system_message")
 public class NoticeMessage {
    @Id
    @Column
    private Integer id;
    @Column
    private String content;
    public Integer getId() {
        return id;
    }
    public void setId(Integer id) {
        this.id = id;
    }
    public String getContent() {
        return content;
    }
    public void setContent(String content) {
        this.content = content;
    }
 }
--- a/spring-acl/src/main/resources/acl-data.sql
+++ b/spring-acl/src/main/resources/acl-data.sql
@ -0,0 +1,28 @@
 INSERT INTO system_message(id,content) VALUES (1,'First Level Message');
 INSERT INTO system_message(id,content) VALUES (2,'Second Level Message');
 INSERT INTO system_message(id,content) VALUES (3,'Third Level Message');
 INSERT INTO acl_class (id, class) VALUES
 (1, 'org.baeldung.acl.persistence.entity.NoticeMessage');
 INSERT INTO acl_sid (id, principal, sid) VALUES
 (1, 1, 'manager'),
 (2, 1, 'hr'),
 (3, 1, 'admin'),
 (4, 0, 'ROLE_EDITOR');
 INSERT INTO acl_object_identity (id, object_id_class, object_id_identity, parent_object, owner_sid, entries_inheriting) VALUES
 (1, 1, 1, NULL, 3, 0),
 (2, 1, 2, NULL, 3, 0),
 (3, 1, 3, NULL, 3, 0)
 ;
 INSERT INTO acl_entry (id, acl_object_identity, ace_order, sid, mask, granting, audit_success, audit_failure) VALUES
 (1, 1, 1, 1, 1, 1, 1, 1),
 (2, 1, 2, 1, 2, 1, 1, 1),
 (3, 1, 3, 4, 1, 1, 1, 1),
 (4, 2, 1, 2, 1, 1, 1, 1),
 (5, 2, 2, 4, 1, 1, 1, 1),
 (6, 3, 1, 4, 1, 1, 1, 1),
 (7, 3, 2, 4, 2, 1, 1, 1)
 ;
--- a/spring-acl/src/main/resources/acl-schema.sql
+++ b/spring-acl/src/main/resources/acl-schema.sql
@ -0,0 +1,58 @@
 create table system_message (id integer not null, content varchar(255), primary key (id));
 CREATE TABLE IF NOT EXISTS acl_sid (
  id bigint(20) NOT NULL AUTO_INCREMENT,
  principal tinyint(1) NOT NULL,
  sid varchar(100) NOT NULL,
  PRIMARY KEY (id),
  UNIQUE KEY unique_uk_1 (sid,principal)
 );
 CREATE TABLE IF NOT EXISTS acl_class (
  id bigint(20) NOT NULL AUTO_INCREMENT,
  class varchar(255) NOT NULL,
  PRIMARY KEY (id),
  UNIQUE KEY unique_uk_2 (class)
 );
 CREATE TABLE IF NOT EXISTS acl_entry (
  id bigint(20) NOT NULL AUTO_INCREMENT,
  acl_object_identity bigint(20) NOT NULL,
  ace_order int(11) NOT NULL,
  sid bigint(20) NOT NULL,
  mask int(11) NOT NULL,
  granting tinyint(1) NOT NULL,
  audit_success tinyint(1) NOT NULL,
  audit_failure tinyint(1) NOT NULL,
  PRIMARY KEY (id),
  UNIQUE KEY unique_uk_4 (acl_object_identity,ace_order)
 );
 CREATE TABLE IF NOT EXISTS acl_object_identity (
  id bigint(20) NOT NULL AUTO_INCREMENT,
  object_id_class bigint(20) NOT NULL,
  object_id_identity bigint(20) NOT NULL,
  parent_object bigint(20) DEFAULT NULL,
  owner_sid bigint(20) DEFAULT NULL,
  entries_inheriting tinyint(1) NOT NULL,
  PRIMARY KEY (id),
  UNIQUE KEY unique_uk_3 (object_id_class,object_id_identity)
 );
 ALTER TABLE acl_entry
 ADD FOREIGN KEY (acl_object_identity) REFERENCES acl_object_identity(id);
 ALTER TABLE acl_entry
 ADD FOREIGN KEY (sid) REFERENCES acl_sid(id);
 --
 -- Constraints for table acl_object_identity
 --
 ALTER TABLE acl_object_identity
 ADD FOREIGN KEY (parent_object) REFERENCES acl_object_identity (id);
 ALTER TABLE acl_object_identity
 ADD FOREIGN KEY (object_id_class) REFERENCES acl_class (id);
 ALTER TABLE acl_object_identity
 ADD FOREIGN KEY (owner_sid) REFERENCES acl_sid (id);
--- a/spring-acl/src/main/resources/org.baeldung.acl.datasource.properties
+++ b/spring-acl/src/main/resources/org.baeldung.acl.datasource.properties
@ -0,0 +1,12 @@
 spring.datasource.url=jdbc:h2:mem:testdb;DB_CLOSE_ON_EXIT=FALSE
 spring.datasource.username=sa
 spring.datasource.password=
 spring.datasource.driverClassName=org.h2.Driver
 spring.jpa.hibernate.ddl-auto=update
 spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.H2Dialect
 spring.h2.console.path=/myconsole
 spring.h2.console.enabled=true
 spring.datasource.initialize=true
 spring.datasource.schema=classpath:acl-schema.sql
 spring.datasource.data=classpath:acl-data.sql
--- a/spring-acl/src/test/java/org/baeldung/acl/SpringAclTest.java
+++ b/spring-acl/src/test/java/org/baeldung/acl/SpringAclTest.java
@ -0,0 +1,119 @@
 package org.baeldung.acl;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import java.util.List;
 import org.baeldung.acl.persistence.dao.NoticeMessageRepository;
 import org.baeldung.acl.persistence.entity.NoticeMessage;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.TestExecutionListeners;
 import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.context.support.DependencyInjectionTestExecutionListener;
 import org.springframework.test.context.support.DirtiesContextTestExecutionListener;
 import org.springframework.test.context.transaction.TransactionalTestExecutionListener;
 import org.springframework.test.context.web.ServletTestExecutionListener;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@TestExecutionListeners(listeners={ServletTestExecutionListener.class,
        DependencyInjectionTestExecutionListener.class,
        DirtiesContextTestExecutionListener.class,
        TransactionalTestExecutionListener.class,
        WithSecurityContextTestExecutionListener.class})
 public class SpringAclTest extends AbstractJUnit4SpringContextTests{
    private static Integer FIRST_MESSAGE_ID = 1;
    private static Integer SECOND_MESSAGE_ID = 2;
    private static Integer THIRD_MESSAGE_ID = 3;
    private static String EDITTED_CONTENT = "EDITED";
    @Configuration
    @ComponentScan("org.baeldung.acl.*")
    public static class SpringConfig {
    }
    @Autowired
    NoticeMessageRepository repo;
    @Test
    @WithMockUser(username="manager")
    public void givenUsernameManager_whenFindAllMessage_thenReturnFirstMessage(){
        List<NoticeMessage> details = repo.findAll();
        assertNotNull(details);
        assertEquals(1,details.size());
        assertEquals(FIRST_MESSAGE_ID,details.get(0).getId());
    }
    @Test
    @WithMockUser(username="manager")
    public void givenUsernameManager_whenFindFirstMessageByIdAndUpdateFirstMessageContent_thenOK(){
        NoticeMessage firstMessage = repo.findById(FIRST_MESSAGE_ID);
        assertNotNull(firstMessage);
        assertEquals(FIRST_MESSAGE_ID,firstMessage.getId());
        firstMessage.setContent(EDITTED_CONTENT);
        repo.save(firstMessage);
        NoticeMessage editedFirstMessage = repo.findById(FIRST_MESSAGE_ID);
        assertNotNull(editedFirstMessage);
        assertEquals(FIRST_MESSAGE_ID,editedFirstMessage.getId());
        assertEquals(EDITTED_CONTENT,editedFirstMessage.getContent());
    }
    @Test
    @WithMockUser(username="hr")
    public void givenUsernameHr_whenFindMessageById2_thenOK(){
        NoticeMessage secondMessage = repo.findById(SECOND_MESSAGE_ID);
        assertNotNull(secondMessage);
        assertEquals(SECOND_MESSAGE_ID,secondMessage.getId());
    }
    @Test(expected=AccessDeniedException.class)
    @WithMockUser(username="hr")
    public void givenUsernameHr_whenUpdateMessageWithId2_thenFail(){
        NoticeMessage secondMessage = new NoticeMessage();
        secondMessage.setId(SECOND_MESSAGE_ID);
        secondMessage.setContent(EDITTED_CONTENT);
        repo.save(secondMessage);
    }
    @Test
    @WithMockUser(roles={"EDITOR"})
    public void givenRoleEditor_whenFindAllMessage_thenReturnThreeMessage(){
        List<NoticeMessage> details = repo.findAll();
        assertNotNull(details);
        assertEquals(3,details.size());
    }
    @Test
    @WithMockUser(roles={"EDITOR"})
    public void givenRoleEditor_whenUpdateThirdMessage_thenOK(){
        NoticeMessage thirdMessage = new NoticeMessage();
        thirdMessage.setId(THIRD_MESSAGE_ID);
        thirdMessage.setContent(EDITTED_CONTENT);
        repo.save(thirdMessage);
    }
    @Test(expected=AccessDeniedException.class)
    @WithMockUser(roles={"EDITOR"})
    public void givenRoleEditor_whenFindFirstMessageByIdAndUpdateFirstMessageContent_thenFail(){
        NoticeMessage firstMessage = repo.findById(FIRST_MESSAGE_ID);
        assertNotNull(firstMessage);
        assertEquals(FIRST_MESSAGE_ID,firstMessage.getId());
        firstMessage.setContent(EDITTED_CONTENT);
        repo.save(firstMessage);
    }
 }