Example 6 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipal.
@Test
public void testTestSessionGetEffectivePoliciesByPrincipal() throws Exception {
NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
String childPath = child.getTree().getPath();
Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
setupPolicy(testPath, privs);
setupPolicy(childPath, privs);
root.commit();
Root testRoot = getTestRoot();
testRoot.refresh();
JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
assertNotNull(effective);
assertEquals(2, effective.length);
}
Also used :
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Root(org.apache.jackrabbit.oak.api.Root)
Privilege(javax.jcr.security.Privilege)
NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 7 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testPrivilegeFromExpandedName.
@Test
public void testPrivilegeFromExpandedName() throws Exception {
Privilege readPriv = getPrivilegeManager(root).getPrivilege(PrivilegeConstants.JCR_READ);
assertEquals(readPriv, acMgr.privilegeFromName(Privilege.JCR_READ));
}
Also used :
Privilege(javax.jcr.security.Privilege)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 8 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class ConcurrentCreateNodesTest method createACLsForEveryone.
private void createACLsForEveryone(Session session, int numACLs) throws RepositoryException {
AccessControlManager acMgr = session.getAccessControlManager();
Node listenHere = session.getRootNode().addNode("nodes-with-acl");
for (int i = 0; i < numACLs; i++) {
String path = listenHere.addNode("node-" + i).getPath();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, path);
if (acl.isEmpty()) {
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
if (acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges)) {
acMgr.setPolicy(path, acl);
}
}
}
session.save();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Node(javax.jcr.Node)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 9 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class ConcurrentEveryoneACLTest method beforeSuite.
@Override
public void beforeSuite() throws Exception {
Session session = loginWriter();
AccessControlManager acMgr = session.getAccessControlManager();
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
final Node root = session.getRootNode().addNode(ROOT_NODE_NAME, "nt:unstructured");
for (int i = 0; i < NODE_COUNT; i++) {
Node node = root.addNode("node" + i, "nt:unstructured");
for (int j = 0; j < NODE_COUNT; j++) {
Node newNode = node.addNode("node" + j, "nt:unstructured");
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, newNode.getPath());
acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
acMgr.setPolicy(newNode.getPath(), acl);
}
session.save();
}
// deny everyone on root node
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, root.getPath());
acl.addEntry(EveryonePrincipal.getInstance(), privileges, false);
acMgr.setPolicy(root.getPath(), acl);
session.save();
final int[] numACEs = new int[1];
ItemVisitor v = new TraversingItemVisitor.Default() {
@Override
protected void entering(Node node, int i) throws RepositoryException {
if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
numACEs[0]++;
}
super.entering(node, i);
}
@Override
protected void entering(Property prop, int i) throws RepositoryException {
super.entering(prop, i);
}
};
v.visit(root);
System.out.println("Num ACEs: " + numACEs[0]);
session.logout();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
ItemVisitor(javax.jcr.ItemVisitor)
TraversingItemVisitor(javax.jcr.util.TraversingItemVisitor)
Node(javax.jcr.Node)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Property(javax.jcr.Property)
Session(javax.jcr.Session)
Example 10 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class ConcurrentReadAccessControlledTreeTest2 method addPolicy.
private void addPolicy(Node node) throws RepositoryException {
AccessControlManager acMgr = node.getSession().getAccessControlManager();
String path = node.getPath();
int level = 0;
if (node.isNodeType(AccessControlConstants.NT_REP_POLICY)) {
level = 1;
} else if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
level = 2;
} else if (node.isNodeType(AccessControlConstants.NT_REP_RESTRICTIONS)) {
level = 3;
}
if (level > 0) {
path = Text.getRelativeParent(path, level);
}
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(node.getSession(), path);
if (acl != null) {
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
for (Principal principal : principals) {
acl.addAccessControlEntry(principal, privileges);
}
acMgr.setPolicy(path, acl);
adminSession.save();
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Principal(java.security.Principal)
Aggregations
Privilege (javax.jcr.security.Privilege)336
Test (org.junit.Test)95
AccessControlManager (javax.jcr.security.AccessControlManager)94
Session (javax.jcr.Session)80
Principal (java.security.Principal)63
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)60
Node (javax.jcr.Node)54
AccessControlEntry (javax.jcr.security.AccessControlEntry)52
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)39
Value (javax.jcr.Value)31
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)31
HashMap (java.util.HashMap)28
AccessDeniedException (javax.jcr.AccessDeniedException)26
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)26
AccessControlList (javax.jcr.security.AccessControlList)25
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)25
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)24
ArrayList (java.util.ArrayList)23
HashSet (java.util.HashSet)21
AccessControlException (javax.jcr.security.AccessControlException)21
