Examples with Privilege javax.jcr.security.Privilege used on opensource projects

Search in sources :

Example 86 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class CompositeAccessControlManager method getSupportedPrivileges.

//-----------------------------------------------< AccessControlManager >---
@Nonnull
@Override
public Privilege[] getSupportedPrivileges(String absPath) throws RepositoryException {
    ImmutableSet.Builder<Privilege> privs = ImmutableSet.builder();
    for (AccessControlManager acMgr : acMgrs) {
        privs.add(acMgr.getSupportedPrivileges(absPath));
    }
    Set<Privilege> s = privs.build();
    return s.toArray(new Privilege[s.size()]);
}
Also used : AbstractAccessControlManager(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager) AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) ImmutableSet(com.google.common.collect.ImmutableSet) Privilege(javax.jcr.security.Privilege) Nonnull(javax.annotation.Nonnull)

Example 87 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testPrivilegeFromName.

//--------------------------------------------------< privilegeFromName >---
@Test
public void testPrivilegeFromName() throws Exception {
    List<Privilege> allPrivileges = Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges());
    for (Privilege privilege : allPrivileges) {
        Privilege p = acMgr.privilegeFromName(privilege.getName());
        assertEquals(privilege, p);
    }
}
Also used : Privilege(javax.jcr.security.Privilege) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 88 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit by apache.

the class JackrabbitAccessControlListTest method testAllowWriteDenyRemove.

public void testAllowWriteDenyRemove() throws NotExecutableException, RepositoryException {
    Principal princ = getValidPrincipal();
    Privilege[] grPriv = privilegesFromName(PrivilegeRegistry.REP_WRITE);
    Privilege[] dePriv = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
    templ.addEntry(princ, grPriv, true, Collections.<String, Value>emptyMap());
    templ.addEntry(princ, dePriv, false, Collections.<String, Value>emptyMap());
    Set<Privilege> allows = new HashSet<Privilege>();
    Set<Privilege> denies = new HashSet<Privilege>();
    AccessControlEntry[] entries = templ.getAccessControlEntries();
    for (AccessControlEntry en : entries) {
        if (princ.equals(en.getPrincipal()) && en instanceof JackrabbitAccessControlEntry) {
            JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) en;
            Privilege[] privs = ace.getPrivileges();
            if (ace.isAllow()) {
                allows.addAll(Arrays.asList(privs));
            } else {
                denies.addAll(Arrays.asList(privs));
            }
        }
    }
    String[] expected = new String[] { Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_REMOVE_NODE, Privilege.JCR_MODIFY_PROPERTIES, Privilege.JCR_NODE_TYPE_MANAGEMENT };
    assertEquals(expected.length, allows.size());
    for (String name : expected) {
        assertTrue(allows.contains(acMgr.privilegeFromName(name)));
    }
    assertEquals(1, denies.size());
    assertEquals(acMgr.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES), denies.iterator().next());
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal) HashSet(java.util.HashSet)

Example 89 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit by apache.

the class AbstractWriteTest method testAccessControlRead.

public void testAccessControlRead() throws NotExecutableException, RepositoryException {
    AccessControlManager testAcMgr = getTestACManager();
    checkReadOnly(path);
    // re-grant READ in order to have an ACL-node
    Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
    JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
    // make sure the 'rep:policy' node has been created.
    assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
    Session testSession = getTestSession();
    /*
         Testuser must still have READ-only access only and must not be
         allowed to view the acl-node that has been created.
        */
    assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_READ_ACCESS_CONTROL)));
    assertFalse(testSession.itemExists(path + "/rep:policy"));
    Node n = testSession.getNode(tmpl.getPath());
    assertFalse(n.hasNode("rep:policy"));
    try {
        n.getNode("rep:policy");
        fail("Accessing the rep:policy node must throw PathNotFoundException.");
    } catch (PathNotFoundException e) {
    // ok.
    }
    /* Finally the test user must not be allowed to remove the policy. */
    try {
        testAcMgr.removePolicy(path, new AccessControlPolicy() {
        });
        fail("Test user must not be allowed to remove the access control policy.");
    } catch (AccessDeniedException e) {
    // success
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessDeniedException(javax.jcr.AccessDeniedException) JackrabbitNode(org.apache.jackrabbit.api.JackrabbitNode) Node(javax.jcr.Node) PathNotFoundException(javax.jcr.PathNotFoundException) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Session(javax.jcr.Session)

Example 90 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit by apache.

the class AbstractWriteTest method testAddChildNodePrivilege.

/**
     * the ADD_CHILD_NODES privileges assigned on a node to a specific principal
     * grants the corresponding user the permission to add nodes below the
     * target node but not 'at' the target node.
     *
     * @throws RepositoryException If an error occurs.
     * @throws NotExecutableException If the test cannot be executed.
     */
public void testAddChildNodePrivilege() throws RepositoryException, NotExecutableException {
    /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    /* create a child node below node at 'path' */
    Node n = superuser.getNode(path);
    n = n.addNode(nodeName2, testNodeType);
    superuser.save();
    /* add 'add_child_nodes' privilege for testSession at path. */
    Privilege[] privileges = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
    givePrivileges(path, privileges, getRestrictions(superuser, path));
    /* test permissions. expected result:
           - testSession cannot add child-nodes at 'path'
           - testSession can add child-nodes below path
         */
    Session testSession = getTestSession();
    assertFalse(testSession.hasPermission(path, javax.jcr.Session.ACTION_ADD_NODE));
    assertTrue(testSession.hasPermission(path + "/anychild", javax.jcr.Session.ACTION_ADD_NODE));
    String childPath = n.getPath();
    assertTrue(testSession.hasPermission(childPath, javax.jcr.Session.ACTION_ADD_NODE));
}
Also used : JackrabbitNode(org.apache.jackrabbit.api.JackrabbitNode) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) Session(javax.jcr.Session)

Aggregations

Privilege (javax.jcr.security.Privilege)316 Test (org.junit.Test)95 AccessControlManager (javax.jcr.security.AccessControlManager)82 Session (javax.jcr.Session)76 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)59 Principal (java.security.Principal)57 Node (javax.jcr.Node)53 AccessControlEntry (javax.jcr.security.AccessControlEntry)47 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)37 Value (javax.jcr.Value)30 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)28 HashMap (java.util.HashMap)26 AccessDeniedException (javax.jcr.AccessDeniedException)25 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)25 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)24 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)24 ArrayList (java.util.ArrayList)21 AccessControlException (javax.jcr.security.AccessControlException)21 AccessControlList (javax.jcr.security.AccessControlList)21 Group (org.apache.jackrabbit.api.security.user.Group)20
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial