Example 96 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class L5_PrivilegeContentTest method testNext.
@Test
public void testNext() throws RepositoryException, CommitFailedException {
PropertyState next = PrivilegeUtil.getPrivilegesTree(root).getProperty(PrivilegeConstants.REP_NEXT);
PrivilegeManager privilegeManager = getPrivilegeManager(root);
Privilege newPrivilege = privilegeManager.registerPrivilege("myPrivilege", true, null);
root.commit();
// EXERCISE: compare the 'next' property state with rep:bits property of the newly created privilege.
PropertyState nextAgain = PrivilegeUtil.getPrivilegesTree(root).getProperty(PrivilegeConstants.REP_NEXT);
// EXERCISE: look at the new value of rep:next and explain it. Q: where did it get modified?
// EXERCISE: try to modify rep:next manually and explain what happens.
}
Also used :
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
Privilege(javax.jcr.security.Privilege)
PropertyState(org.apache.jackrabbit.oak.api.PropertyState)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
L4_PrivilegesAndPermissionsTest(org.apache.jackrabbit.oak.exercise.security.authorization.permission.L4_PrivilegesAndPermissionsTest)
Test(org.junit.Test)
L7_PermissionContentTest(org.apache.jackrabbit.oak.exercise.security.authorization.permission.L7_PermissionContentTest)
Example 97 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class L7_PrivilegeDiscoveryTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
SimpleCredentials creds = new SimpleCredentials("u", "u".toCharArray());
UserManager uMgr = ((JackrabbitSession) superuser).getUserManager();
User u = uMgr.createUser(creds.getUserID(), creds.getUserID());
Group g = uMgr.createGroup("g");
g.addMember(u);
uPrincipal = u.getPrincipal();
gPrincipal = g.getPrincipal();
Node n = superuser.getNode(testRoot).addNode(nodeName1);
testPath = n.getPath();
Property p = n.setProperty(propertyName1, "value");
propPath = p.getPath();
Privilege[] privs = AccessControlUtils.privilegesFromNames(superuser, Privilege.JCR_VERSION_MANAGEMENT, Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_MODIFY_PROPERTIES);
AccessControlUtils.addAccessControlEntry(superuser, n.getPath(), gPrincipal, privs, true);
AccessControlUtils.addAccessControlEntry(superuser, n.getPath(), uPrincipal, new String[] { Privilege.JCR_VERSION_MANAGEMENT }, false);
Node child = n.addNode(nodeName2);
childPath = child.getPath();
superuser.save();
userSession = getHelper().getRepository().login(creds);
// NOTE the following precondition defined by the test-setup!
assertTrue(userSession.nodeExists(testPath));
assertTrue(userSession.nodeExists(childPath));
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
Group(org.apache.jackrabbit.api.security.user.Group)
User(org.apache.jackrabbit.api.security.user.User)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
Node(javax.jcr.Node)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Privilege(javax.jcr.security.Privilege)
Property(javax.jcr.Property)
Example 98 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlImporterTest method testImportPolicyExists.
/**
* Imports a resource-based ACL containing a single entry for a policy that
* already exists: expected outcome its that the existing ACE is replaced.
*/
public void testImportPolicyExists() throws Exception {
try {
Node target = createImportTargetWithPolicy(EveryonePrincipal.getInstance());
doImport(target.getPath(), XML_POLICY_TREE_2);
AccessControlManager acMgr = superuser.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(1, entries.length);
AccessControlEntry entry = entries[0];
assertEquals(EveryonePrincipal.getInstance(), entry.getPrincipal());
List<Privilege> privs = Arrays.asList(entry.getPrivileges());
assertEquals(1, privs.size());
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
} finally {
superuser.refresh(false);
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
Node(javax.jcr.Node)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 99 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlImporterTest method createImportTargetWithPolicy.
private Node createImportTargetWithPolicy(@Nullable Principal principal) throws RepositoryException {
Node target = testRootNode.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
AccessControlManager acMgr = superuser.getAccessControlManager();
for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
if (policy instanceof AccessControlList) {
if (principal != null) {
Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT) };
((AccessControlList) policy).addAccessControlEntry(principal, privs);
}
acMgr.setPolicy(target.getPath(), policy);
}
}
if (!isSessionImport()) {
superuser.save();
}
return target;
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Node(javax.jcr.Node)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Privilege(javax.jcr.security.Privilege)
Example 100 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlManagementTest method testReadAccessControlWithoutPrivilege.
@Test
public void testReadAccessControlWithoutPrivilege() throws Exception {
// re-grant READ in order to have an ACL-node
Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
JackrabbitAccessControlList tmpl = allow(path, privileges);
String policyPath = tmpl.getPath() + "/rep:policy";
// make sure the 'rep:policy' node has been created.
assertTrue(superuser.itemExists(policyPath));
/*
Testuser must still have READ-only access only and must not be
allowed to view the acl-node nor any item in the subtree that
has been created.
*/
assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_READ_ACCESS_CONTROL)));
assertFalse(testSession.itemExists(policyPath));
assertFalse(testSession.nodeExists(policyPath));
try {
testSession.getNode(policyPath);
fail("Accessing the rep:policy node must throw PathNotFoundException.");
} catch (PathNotFoundException e) {
// ok.
}
try {
testAcMgr.getPolicies(tmpl.getPath());
fail("test user must not have READ_AC privilege.");
} catch (AccessDeniedException e) {
// success
}
try {
testAcMgr.getEffectivePolicies(tmpl.getPath());
fail("test user must not have READ_AC privilege.");
} catch (AccessDeniedException e) {
// success
}
for (NodeIterator aceNodes = superuser.getNode(policyPath).getNodes(); aceNodes.hasNext(); ) {
Node aceNode = aceNodes.nextNode();
String aceNodePath = aceNode.getPath();
assertFalse(testSession.nodeExists(aceNodePath));
for (PropertyIterator it = aceNode.getProperties(); it.hasNext(); ) {
assertFalse(testSession.propertyExists(it.nextProperty().getPath()));
}
}
}
Also used :
NodeIterator(javax.jcr.NodeIterator)
AccessDeniedException(javax.jcr.AccessDeniedException)
Node(javax.jcr.Node)
PropertyIterator(javax.jcr.PropertyIterator)
PathNotFoundException(javax.jcr.PathNotFoundException)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Test(org.junit.Test)
Aggregations
Privilege (javax.jcr.security.Privilege)316
Test (org.junit.Test)95
AccessControlManager (javax.jcr.security.AccessControlManager)82
Session (javax.jcr.Session)76
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)59
Principal (java.security.Principal)57
Node (javax.jcr.Node)53
AccessControlEntry (javax.jcr.security.AccessControlEntry)47
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)37
Value (javax.jcr.Value)30
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)28
HashMap (java.util.HashMap)26
AccessDeniedException (javax.jcr.AccessDeniedException)25
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)25
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)24
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)24
ArrayList (java.util.ArrayList)21
AccessControlException (javax.jcr.security.AccessControlException)21
AccessControlList (javax.jcr.security.AccessControlList)21
Group (org.apache.jackrabbit.api.security.user.Group)20
