Example 26 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ConcurrentReadAccessControlledTreeTest2 method addPolicy.
private void addPolicy(Node node) throws RepositoryException {
AccessControlManager acMgr = node.getSession().getAccessControlManager();
String path = node.getPath();
int level = 0;
if (node.isNodeType(AccessControlConstants.NT_REP_POLICY)) {
level = 1;
} else if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
level = 2;
} else if (node.isNodeType(AccessControlConstants.NT_REP_RESTRICTIONS)) {
level = 3;
}
if (level > 0) {
path = Text.getRelativeParent(path, level);
}
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(node.getSession(), path);
if (acl != null) {
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
for (Principal principal : principals) {
acl.addAccessControlEntry(principal, privileges);
}
acMgr.setPolicy(path, acl);
adminSession.save();
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Principal(java.security.Principal)
Example 27 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ConcurrentReadSinglePolicyTreeTest method visitingNode.
@Override
protected void visitingNode(Node node, int i) throws RepositoryException {
super.visitingNode(node, i);
String path = node.getPath();
AccessControlManager acMgr = node.getSession().getAccessControlManager();
if (testRoot.getPath().equals(path)) {
JackrabbitAccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, path);
if (policy != null) {
policy.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ), true);
}
acMgr.setPolicy(path, policy);
} else if (!path.contains("rep:policy")) {
for (AccessControlPolicy policy : acMgr.getPolicies(path)) {
if (policy instanceof JackrabbitAccessControlList) {
acMgr.removePolicy(path, policy);
}
}
}
node.getSession().save();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 28 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ItemNameRestrictionTest method testRemoveTree2.
@Test
public void testRemoveTree2() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a");
acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_REMOVE_CHILD_NODES), true);
acMgr.setPolicy(acl.getPath(), acl);
root.commit();
Root testRoot = testSession.getLatestRoot();
List<String> paths = ImmutableList.of("/a/d/b/e/c", "/a/d/b");
for (String p : paths) {
testRoot.getTree(p).remove();
testRoot.commit();
}
try {
testRoot.getTree("/a").remove();
testRoot.commit();
fail();
} catch (CommitFailedException e) {
// success
assertTrue(e.isAccessViolation());
} finally {
testRoot.refresh();
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Root(org.apache.jackrabbit.oak.api.Root)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 29 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class PermissionTest method addEntry.
private void addEntry(String path, boolean grant, String restriction, String... privilegeNames) throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
if (restriction.length() > 0) {
Map<String, Value> rs = new HashMap<String, Value>();
rs.put("rep:glob", new StringValue(restriction));
acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), grant, rs);
} else {
acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), grant);
}
acMgr.setPolicy(path, acl);
root.commit();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
HashMap(java.util.HashMap)
Value(javax.jcr.Value)
StringValue(org.apache.jackrabbit.value.StringValue)
StringValue(org.apache.jackrabbit.value.StringValue)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 30 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ItemNameRestrictionTest method before.
@Override
public void before() throws Exception {
super.before();
Tree rootTree = root.getTree("/");
NodeUtil f = new NodeUtil(rootTree).getOrAddTree("a/d/b/e/c/f", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
NodeUtil c = f.getParent();
c.setString("prop", "value");
c.setString("a", "value");
testPrincipal = getTestUser().getPrincipal();
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a");
vf = new ValueFactoryImpl(root, NamePathMapper.DEFAULT);
acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_ADD_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE), true, Collections.<String, Value>emptyMap(), ImmutableMap.of(AccessControlConstants.REP_ITEM_NAMES, new Value[] { vf.createValue("a", PropertyType.NAME), vf.createValue("b", PropertyType.NAME), vf.createValue("c", PropertyType.NAME) }));
acMgr.setPolicy(acl.getPath(), acl);
UserManager uMgr = getUserManager(root);
testGroup = uMgr.createGroup("testGroup" + UUID.randomUUID());
root.commit();
testSession = createTestSession();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
ValueFactoryImpl(org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl)
Value(javax.jcr.Value)
Tree(org.apache.jackrabbit.oak.api.Tree)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)
Aggregations
AccessControlManager (javax.jcr.security.AccessControlManager)192
Privilege (javax.jcr.security.Privilege)82
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)77
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)62
Session (javax.jcr.Session)47
Test (org.junit.Test)45
AccessControlEntry (javax.jcr.security.AccessControlEntry)39
Node (javax.jcr.Node)33
AccessControlList (javax.jcr.security.AccessControlList)32
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)23
Principal (java.security.Principal)22
Value (javax.jcr.Value)17
HashMap (java.util.HashMap)14
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)14
Group (org.apache.jackrabbit.api.security.user.Group)14
ValueFactory (javax.jcr.ValueFactory)13
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)13
NodeImpl (org.apache.jackrabbit.core.NodeImpl)13
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)12
