Examples with AccessDeniedException javax.jcr.AccessDeniedException used on opensource projects

Example 1 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class SessionImpl method getImportContentHandler.

/**
     * {@inheritDoc}
     */
public ContentHandler getImportContentHandler(String parentAbsPath, int uuidBehavior) throws PathNotFoundException, ConstraintViolationException, VersionException, LockException, RepositoryException {
    // check sanity of this session
    sanityCheck();
    NodeImpl parent;
    try {
        Path p = getQPath(parentAbsPath).getNormalizedPath();
        if (!p.isAbsolute()) {
            throw new RepositoryException("not an absolute path: " + parentAbsPath);
        }
        parent = getItemManager().getNode(p);
    } catch (NameException e) {
        String msg = parentAbsPath + ": invalid path";
        log.debug(msg);
        throw new RepositoryException(msg, e);
    } catch (AccessDeniedException ade) {
        throw new PathNotFoundException(parentAbsPath);
    }
    // verify that parent node is checked-out, not locked and not protected
    // by either node type constraints nor by some retention or hold.
    int options = ItemValidator.CHECK_LOCK | ItemValidator.CHECK_CHECKED_OUT | ItemValidator.CHECK_CONSTRAINTS | ItemValidator.CHECK_HOLD | ItemValidator.CHECK_RETENTION;
    context.getItemValidator().checkModify(parent, options, Permission.NONE);
    SessionImporter importer = new SessionImporter(parent, this, uuidBehavior, context.getWorkspace().getConfig().getImportConfig());
    return new ImportHandler(importer, this);
}

Example 2 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class WriteTest method testRemoveNodeWithInvisibleNonRemovableChild.

public void testRemoveNodeWithInvisibleNonRemovableChild() throws Exception {
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ, Privilege.JCR_WRITE });
    Node invisible = superuser.getNode(childNPath).addNode(nodeName3);
    superuser.save();
    /* allow READ/WRITE privilege for testUser at 'path' */
    givePrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
    /* deny READ privilege at invisible node. (removal is still granted) */
    withdrawPrivileges(invisible.getPath(), testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
    Session testSession = getTestSession();
    assertTrue(testSession.nodeExists(childNPath));
    assertTrue(testSession.hasPermission(childNPath, Session.ACTION_REMOVE));
    Node n = testSession.getNode(childNPath);
    // be removed.
    try {
        n.remove();
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}

Example 3 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.

public void testGetEffectivePoliciesByPrincipal() throws Exception {
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
    Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
    AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
    assertNotNull(acp);
    assertEquals(1, acp.length);
    assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);
    JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];
    assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
    assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));
    acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
    if (acp.length == 0) {
        acp = jacMgr.getPolicies(testUser.getPrincipal());
    }
    assertNotNull(acp);
    assertEquals(1, acp.length);
    assertTrue(acp[0] instanceof JackrabbitAccessControlList);
    // let testuser read the ACL defined for 'testUser' principal.
    JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
    acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
    jacMgr.setPolicy(acl.getPath(), acl);
    superuser.save();
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    // effective policies for testPrinicpal only on path -> must succeed.
    ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
    // effective policies for a combination of principals -> must fail
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(((SessionImpl) testSession).getSubject().getPrincipals());
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}

Example 4 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class VersionManagerImpl method mergeOrUpdate.

/**
     * Combines merge and update method
     * @param state the state to merge or update
     * @param srcWorkspaceName source workspace name
     * @param failedIds list that will contain the failed ids.
     *        if <code>null</code> and update will be performed.
     * @param bestEffort best effort flag
     * @param isShallow is shallow flag
     * @throws RepositoryException if an error occurs
     */
private void mergeOrUpdate(NodeStateEx state, String srcWorkspaceName, List<ItemId> failedIds, boolean bestEffort, boolean isShallow) throws RepositoryException {
    // if same workspace, ignore
    if (!srcWorkspaceName.equals(session.getWorkspace().getName())) {
        // check authorization for specified workspace
        if (!session.getAccessManager().canAccess(srcWorkspaceName)) {
            String msg = "not authorized to access " + srcWorkspaceName;
            log.error(msg);
            throw new AccessDeniedException(msg);
        }
        // get root node of src workspace
        SessionImpl srcSession = null;
        try {
            // create session on other workspace for current subject
            // (may throw NoSuchWorkspaceException and AccessDeniedException)
            srcSession = ((RepositoryImpl) session.getRepository()).createSession(session.getSubject(), srcWorkspaceName);
            WorkspaceImpl srcWsp = (WorkspaceImpl) srcSession.getWorkspace();
            NodeId rootNodeId = ((NodeImpl) srcSession.getRootNode()).getNodeId();
            NodeStateEx srcRoot = new NodeStateEx(srcWsp.getItemStateManager(), ntReg, rootNodeId);
            merge(state, srcRoot, failedIds, bestEffort, isShallow);
        } catch (ItemStateException e) {
            throw new RepositoryException(e);
        } finally {
            if (srcSession != null) {
                // we don't need the other session anymore, logout
                srcSession.logout();
            }
        }
    }
}

Example 5 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class JackrabbitAccessControlManagerTest method testHasPrivilegeThrowsAccessDenied.

public void testHasPrivilegeThrowsAccessDenied() throws RepositoryException {
    Session readOnly = getHelper().getReadOnlySession();
    JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) readOnly.getAccessControlManager();
    try {
        jacMgr.hasPrivileges(testRoot, principals, new Privilege[] { jacMgr.privilegeFromName(Privilege.JCR_READ) });
        fail("ReadOnly session isn't allowed to determine the privileges of other principals.");
    } catch (AccessDeniedException e) {
    // success
    } finally {
        readOnly.logout();
    }
}