Example 1 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class PrivilegeImplTest method testInvalidDeclaredAggregate.
@Test
public void testInvalidDeclaredAggregate() throws Exception {
NodeUtil privilegeDefs = new NodeUtil(root.getTree(PRIVILEGES_PATH));
NodeUtil privDef = privilegeDefs.addChild("test", NT_REP_PRIVILEGE);
privDef.setNames(REP_AGGREGATES, JCR_READ, "invalid");
Privilege p = getPrivilegeManager(root).getPrivilege("test");
assertAggregation(p.getDeclaredAggregatePrivileges(), JCR_READ);
}
Also used :
Privilege(javax.jcr.security.Privilege)
NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 2 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class EntryTest method testHashCode.
@Test
public void testHashCode() throws RepositoryException {
JackrabbitAccessControlEntry ace = createEntry(PrivilegeConstants.JCR_ALL);
Privilege[] declaredAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getDeclaredAggregatePrivileges();
Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getAggregatePrivileges();
List<Privilege> l = Lists.newArrayList(aggregateAllPrivs);
l.add(l.remove(0));
Privilege[] reordered = l.toArray(new Privilege[l.size()]);
Map<AccessControlEntry, AccessControlEntry> equivalent = new HashMap<AccessControlEntry, AccessControlEntry>();
// create same entry again
equivalent.put(ace, createEntry(PrivilegeConstants.JCR_ALL));
// create entry with duplicate privs
equivalent.put(ace, createEntry(PrivilegeConstants.JCR_ALL, PrivilegeConstants.JCR_ALL));
// create entry with declared aggregate privileges
equivalent.put(ace, createEntry(testPrincipal, declaredAllPrivs, true));
// create entry with aggregate privileges
equivalent.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true));
// create entry with different privilege order
equivalent.put(ace, createEntry(testPrincipal, reordered, true));
equivalent.put(createEntry(testPrincipal, declaredAllPrivs, true), createEntry(testPrincipal, reordered, true));
// even if entries are build with aggregated or declared aggregate privileges
equivalent.put(createEntry(testPrincipal, declaredAllPrivs, true), createEntry(testPrincipal, aggregateAllPrivs, true));
for (AccessControlEntry entry : equivalent.keySet()) {
AccessControlEntry eqv = equivalent.get(entry);
assertEquals(entry.hashCode(), eqv.hashCode());
}
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
HashMap(java.util.HashMap)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
Test(org.junit.Test)
Example 3 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class EntryTest method testEquals.
@Test
public void testEquals() throws RepositoryException {
Map<AccessControlEntry, AccessControlEntry> equalAces = new HashMap<AccessControlEntry, AccessControlEntry>();
ACE ace = createEntry(PrivilegeConstants.JCR_ALL);
// create same entry again
equalAces.put(ace, createEntry(PrivilegeConstants.JCR_ALL));
// create entry with declared aggregate privileges
Privilege[] declaredAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getDeclaredAggregatePrivileges();
equalAces.put(ace, createEntry(testPrincipal, declaredAllPrivs, true));
// create entry with aggregate privileges
Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getAggregatePrivileges();
equalAces.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true));
// create entry with different privilege order
List<Privilege> reordered = new ArrayList<Privilege>(Arrays.asList(aggregateAllPrivs));
reordered.add(reordered.remove(0));
equalAces.put(createEntry(testPrincipal, reordered.toArray(new Privilege[reordered.size()]), true), createEntry(testPrincipal, aggregateAllPrivs, true));
// even if entries are build with aggregated or declared aggregate privileges
equalAces.put(createEntry(testPrincipal, declaredAllPrivs, true), createEntry(testPrincipal, aggregateAllPrivs, true));
for (AccessControlEntry entry : equalAces.keySet()) {
assertEquals(entry, equalAces.get(entry));
}
}
Also used :
ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
Test(org.junit.Test)
Example 4 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class EntryTest method testHashCode2.
@Test
public void testHashCode2() throws Exception {
JackrabbitAccessControlEntry ace = createEntry(new String[] { PrivilegeConstants.JCR_ALL }, true);
final Privilege[] privs = AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_ALL);
// and the opposite:
List<JackrabbitAccessControlEntry> otherAces = new ArrayList<JackrabbitAccessControlEntry>();
// ACE template with different principal
Principal princ = new Principal() {
public String getName() {
return "a name";
}
};
otherAces.add(createEntry(princ, privs, true));
// ACE template with different privileges
otherAces.add(createEntry(new String[] { PrivilegeConstants.JCR_READ }, true));
// ACE template with different 'allow' flag
otherAces.add(createEntry(new String[] { PrivilegeConstants.JCR_ALL }, false));
// ACE template with different privileges and 'allows
otherAces.add(createEntry(new String[] { PrivilegeConstants.REP_WRITE }, false));
// other ace impl
JackrabbitAccessControlEntry pe = new JackrabbitAccessControlEntry() {
public boolean isAllow() {
return true;
}
public String[] getRestrictionNames() {
return new String[0];
}
public Value getRestriction(String restrictionName) {
return null;
}
public Value[] getRestrictions(String restrictionName) {
return null;
}
public Principal getPrincipal() {
return testPrincipal;
}
public Privilege[] getPrivileges() {
return privs;
}
};
otherAces.add(pe);
for (JackrabbitAccessControlEntry otherAce : otherAces) {
assertFalse(ace.hashCode() == otherAce.hashCode());
}
}Example 5 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method setupPolicy.
@Nonnull
private ACL setupPolicy(@Nullable String path, @Nullable Privilege... privileges) throws RepositoryException {
Privilege[] privs = (privileges == null || privileges.length == 0) ? testPrivileges : privileges;
ACL policy = getApplicablePolicy(path);
if (path == null) {
policy.addAccessControlEntry(testPrincipal, privs);
} else {
policy.addEntry(testPrincipal, privs, true, getGlobRestriction("*"));
}
acMgr.setPolicy(path, policy);
return policy;
}Aggregations
Privilege (javax.jcr.security.Privilege)336
Test (org.junit.Test)95
AccessControlManager (javax.jcr.security.AccessControlManager)94
Session (javax.jcr.Session)80
Principal (java.security.Principal)63
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)60
Node (javax.jcr.Node)54
AccessControlEntry (javax.jcr.security.AccessControlEntry)52
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)39
Value (javax.jcr.Value)31
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)31
HashMap (java.util.HashMap)28
AccessDeniedException (javax.jcr.AccessDeniedException)26
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)26
AccessControlList (javax.jcr.security.AccessControlList)25
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)25
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)24
ArrayList (java.util.ArrayList)23
HashSet (java.util.HashSet)21
AccessControlException (javax.jcr.security.AccessControlException)21
