Examples with AccessControlManager javax.jcr.security.AccessControlManager used on opensource projects

Search in sources :

Example 1 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project camel by apache.

the class JcrAuthTestBase method createJndiContext.

@Override
protected Context createJndiContext() throws Exception {
    Context context = super.createJndiContext();
    repository = new TransientRepository(new File(REPO_PATH));
    // set up a user to authenticate
    SessionImpl session = (SessionImpl) repository.login(new SimpleCredentials("admin", "admin".toCharArray()));
    UserManager userManager = session.getUserManager();
    User user = (User) userManager.getAuthorizable("test");
    if (user == null) {
        user = userManager.createUser("test", "quatloos");
    }
    // set up permissions
    String path = session.getRootNode().getPath();
    AccessControlManager accessControlManager = session.getAccessControlManager();
    AccessControlPolicyIterator acls = accessControlManager.getApplicablePolicies(path);
    AccessControlList acl = null;
    if (acls.hasNext()) {
        acl = (AccessControlList) acls.nextAccessControlPolicy();
    } else {
        acl = (AccessControlList) accessControlManager.getPolicies(path)[0];
    }
    acl.addAccessControlEntry(user.getPrincipal(), accessControlManager.getSupportedPrivileges(path));
    accessControlManager.setPolicy(path, acl);
    session.save();
    session.logout();
    context.bind("repository", repository);
    return context;
}
Also used : Context(javax.naming.Context) AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) SimpleCredentials(javax.jcr.SimpleCredentials) User(org.apache.jackrabbit.api.security.user.User) TransientRepository(org.apache.jackrabbit.core.TransientRepository) UserManager(org.apache.jackrabbit.api.security.user.UserManager) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) SessionImpl(org.apache.jackrabbit.core.SessionImpl) File(java.io.File)

Example 2 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class WriteTest method testMultipleGroupPermissionsOnNode2.

public void testMultipleGroupPermissionsOnNode2() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    /* create a second group the test user is member of */
    Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
    UserManager umgr = getUserManager(superuser);
    Group group2 = umgr.createGroup(principal);
    try {
        group2.addMember(testUser);
        if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();
        }
        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        withdrawPrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        givePrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
             testuser must get the permissions/privileges inherited from
             the group it is member of.
             granting permissions for group2 must be effective
            */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        AccessControlManager testAcMgr = getTestACManager();
        assertTrue(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertTrue(testAcMgr.hasPrivileges(path, privs));
    } finally {
        group2.remove();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Group(org.apache.jackrabbit.api.security.user.Group) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Privilege(javax.jcr.security.Privilege) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 3 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class WriteTest method testReorderGroupPermissions.

public void testReorderGroupPermissions() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    /* create a second group the test user is member of */
    Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
    UserManager umgr = getUserManager(superuser);
    Group group2 = umgr.createGroup(principal);
    try {
        group2.addMember(testUser);
        if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();
        }
        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        withdrawPrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        givePrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
             testuser must get the permissions/privileges inherited from
             the group it is member of.
             granting permissions for group2 must be effective
            */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        AccessControlManager testAcMgr = getTestACManager();
        assertTrue(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertTrue(testAcMgr.hasPrivileges(path, privs));
        // reorder the ACEs
        AccessControlEntry srcEntry = null;
        AccessControlEntry destEntry = null;
        JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
        for (AccessControlEntry entry : acl.getAccessControlEntries()) {
            Principal princ = entry.getPrincipal();
            if (testGroup.getPrincipal().equals(princ)) {
                destEntry = entry;
            } else if (group2.getPrincipal().equals(princ)) {
                srcEntry = entry;
            }
        }
        acl.orderBefore(srcEntry, destEntry);
        acMgr.setPolicy(path, acl);
        superuser.save();
        /* after reordering the permissions must be denied */
        assertFalse(getTestSession().hasPermission(path, actions));
        assertFalse(testAcMgr.hasPrivileges(path, privs));
    } finally {
        group2.remove();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Group(org.apache.jackrabbit.api.security.user.Group) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) UserManager(org.apache.jackrabbit.api.security.user.UserManager) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 4 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class WriteTest method testInheritedGroupPermissions2.

public void testInheritedGroupPermissions2() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    AccessControlManager testAcMgr = getTestACManager();
    /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
    // NOTE: same as testInheritedGroupPermissions above but using
    // everyone on path, testgroup on childpath -> result must be the same
    /* give MODIFY_PROPERTIES privilege for everyone at 'path' */
    givePrivileges(path, EveryonePrincipal.getInstance(), privileges, getRestrictions(superuser, path));
    /*
         withdraw MODIFY_PROPERTIES privilege for testGroup at 'childNPath'
         */
    withdrawPrivileges(childNPath, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
    // result at 'child path' must be deny
    assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Group(org.apache.jackrabbit.api.security.user.Group) Privilege(javax.jcr.security.Privilege)

Example 5 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class WriteTest method testMultipleGroupPermissionsOnNode.

public void testMultipleGroupPermissionsOnNode() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    /* create a second group the test user is member of */
    Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
    UserManager umgr = getUserManager(superuser);
    Group group2 = umgr.createGroup(principal);
    try {
        group2.addMember(testUser);
        if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();
        }
        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        withdrawPrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
             testuser must get the permissions/privileges inherited from
             the group it is member of.
             the denial of group2 must succeed
            */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        AccessControlManager testAcMgr = getTestACManager();
        assertFalse(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertFalse(testAcMgr.hasPrivileges(path, privs));
    } finally {
        group2.remove();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Group(org.apache.jackrabbit.api.security.user.Group) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Privilege(javax.jcr.security.Privilege) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Aggregations

AccessControlManager (javax.jcr.security.AccessControlManager)192 Privilege (javax.jcr.security.Privilege)82 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)77 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)62 Session (javax.jcr.Session)47 Test (org.junit.Test)45 AccessControlEntry (javax.jcr.security.AccessControlEntry)39 Node (javax.jcr.Node)33 AccessControlList (javax.jcr.security.AccessControlList)32 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)23 Principal (java.security.Principal)22 Value (javax.jcr.Value)17 HashMap (java.util.HashMap)14 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)14 Group (org.apache.jackrabbit.api.security.user.Group)14 ValueFactory (javax.jcr.ValueFactory)13 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)13 NodeImpl (org.apache.jackrabbit.core.NodeImpl)13 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial