Example 21 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.
the class AccessControlImporterTest method testImportRepoACLAtTestNode.
/**
* Make sure repo-level acl is not imported below any other node than the
* root node.
*
* @throws Exception
*/
public void testImportRepoACLAtTestNode() throws Exception {
NodeImpl target = (NodeImpl) testRootNode.addNode("test");
target.addMixin("rep:RepoAccessControllable");
AccessControlManager acMgr = sImpl.getAccessControlManager();
try {
InputStream in = new ByteArrayInputStream(XML_REPO_POLICY_TREE.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
AccessControlPolicy[] policies = acMgr.getPolicies(null);
assertEquals(0, policies.length);
assertTrue(target.hasNode("rep:repoPolicy"));
assertFalse(target.hasNode("rep:repoPolicy/allow0"));
Node n = target.getNode("rep:repoPolicy");
assertEquals("rep:RepoAccessControllable", n.getDefinition().getDeclaringNodeType().getName());
} finally {
superuser.refresh(false);
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler)
Node(javax.jcr.Node)
Example 22 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.
the class AccessControlImporterTest method testImportWithDefaultImporter.
/**
* With the default importer that isn't able to deal with ACEs the
* policy will be created but any ACEs will be ignored.
*
* @throws Exception
*/
public void testImportWithDefaultImporter() throws Exception {
NodeImpl target = (NodeImpl) testRootNode;
try {
InputStream in = new ByteArrayInputStream(XML_POLICY_TREE.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, null);
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
assertTrue(target.hasNode("test"));
String path = target.getNode("test").getPath();
AccessControlManager acMgr = sImpl.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(path);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(0, entries.length);
} finally {
superuser.refresh(false);
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Example 23 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ConcurrentCreateNodesTest method createACLsForEveryone.
private void createACLsForEveryone(Session session, int numACLs) throws RepositoryException {
AccessControlManager acMgr = session.getAccessControlManager();
Node listenHere = session.getRootNode().addNode("nodes-with-acl");
for (int i = 0; i < numACLs; i++) {
String path = listenHere.addNode("node-" + i).getPath();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, path);
if (acl.isEmpty()) {
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
if (acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges)) {
acMgr.setPolicy(path, acl);
}
}
}
session.save();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Node(javax.jcr.Node)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 24 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ConcurrentEveryoneACLTest method beforeSuite.
@Override
public void beforeSuite() throws Exception {
Session session = loginWriter();
AccessControlManager acMgr = session.getAccessControlManager();
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
final Node root = session.getRootNode().addNode(ROOT_NODE_NAME, "nt:unstructured");
for (int i = 0; i < NODE_COUNT; i++) {
Node node = root.addNode("node" + i, "nt:unstructured");
for (int j = 0; j < NODE_COUNT; j++) {
Node newNode = node.addNode("node" + j, "nt:unstructured");
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, newNode.getPath());
acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
acMgr.setPolicy(newNode.getPath(), acl);
}
session.save();
}
// deny everyone on root node
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, root.getPath());
acl.addEntry(EveryonePrincipal.getInstance(), privileges, false);
acMgr.setPolicy(root.getPath(), acl);
session.save();
final int[] numACEs = new int[1];
ItemVisitor v = new TraversingItemVisitor.Default() {
@Override
protected void entering(Node node, int i) throws RepositoryException {
if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
numACEs[0]++;
}
super.entering(node, i);
}
@Override
protected void entering(Property prop, int i) throws RepositoryException {
super.entering(prop, i);
}
};
v.visit(root);
System.out.println("Num ACEs: " + numACEs[0]);
session.logout();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
ItemVisitor(javax.jcr.ItemVisitor)
TraversingItemVisitor(javax.jcr.util.TraversingItemVisitor)
Node(javax.jcr.Node)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Property(javax.jcr.Property)
Session(javax.jcr.Session)
Example 25 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class HiddenTest method testCombinedSetup.
@Test
public void testCombinedSetup() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
try {
AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ));
acMgr.setPolicy("/", acl);
root.commit();
PermissionProvider combined = getConfig(AuthorizationConfiguration.class).getPermissionProvider(readOnlyRoot, root.getContentSession().getWorkspaceName(), ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()));
assertFalse(combined.hasPrivileges(hiddenTree, PrivilegeConstants.JCR_READ));
assertTrue(combined.getPrivileges(hiddenTree).isEmpty());
assertTrue(combined.isGranted(hiddenTree, null, Permissions.ALL));
assertTrue(combined.isGranted(hiddenTree.getPath(), Permissions.getString(Permissions.ALL)));
Tree t = readOnlyRoot.getTree("/");
TreePermission tp = combined.getTreePermission(t, TreePermission.EMPTY);
for (String name : PathUtils.elements(hiddenTree.getPath())) {
t = t.getChild(name);
tp = combined.getTreePermission(t, tp);
}
assertTrue(tp.isGranted(Permissions.ALL));
} finally {
AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ));
acMgr.removePolicy("/", acl);
root.commit();
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)
PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)
Tree(org.apache.jackrabbit.oak.api.Tree)
TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
Test(org.junit.Test)
Aggregations
AccessControlManager (javax.jcr.security.AccessControlManager)192
Privilege (javax.jcr.security.Privilege)82
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)77
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)62
Session (javax.jcr.Session)47
Test (org.junit.Test)45
AccessControlEntry (javax.jcr.security.AccessControlEntry)39
Node (javax.jcr.Node)33
AccessControlList (javax.jcr.security.AccessControlList)32
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)23
Principal (java.security.Principal)22
Value (javax.jcr.Value)17
HashMap (java.util.HashMap)14
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)14
Group (org.apache.jackrabbit.api.security.user.Group)14
ValueFactory (javax.jcr.ValueFactory)13
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)13
NodeImpl (org.apache.jackrabbit.core.NodeImpl)13
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)12
