Search in sources :

Example 41 with JackrabbitSession

use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.

the class L5_SpecialPermissionsTest method testUserManagement.

@Test
public void testUserManagement() throws RepositoryException {
    // EXERCISE: fix the permission setup and explain why!
    // grant full access to all users for 'testGroup'...
    paths.add(UserConstants.DEFAULT_USER_PATH);
    AccessControlUtils.addAccessControlEntry(superuser, UserConstants.DEFAULT_USER_PATH, testGroupPrincipal, new String[] { Privilege.JCR_ALL }, true);
    // ... but prevent the test user to write the admin user
    String adminPath = ((JackrabbitSession) superuser).getUserManager().getAuthorizable(superuser.getUserID()).getPath();
    paths.add(adminPath);
    AccessControlUtils.addAccessControlEntry(superuser, adminPath, EveryonePrincipal.getInstance(), new String[] { PrivilegeConstants.REP_WRITE }, false);
    // execute the test verifying that pw of 'testUser2' can be change
    // but not the pw of the admin user
    JackrabbitSession s = (JackrabbitSession) createTestSession();
    User u2 = s.getUserManager().getAuthorizable(testUser2.getID(), User.class);
    u2.changePassword("gugus");
    s.save();
    try {
        User admin = s.getUserManager().getAuthorizable(superuser.getUserID(), User.class);
        admin.changePassword("gugus");
        s.save();
        fail("privilege escalation!");
    } catch (AccessDeniedException e) {
    // success
    } finally {
        s.refresh(false);
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) User(org.apache.jackrabbit.api.security.user.User) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) L3_BuiltInPrivilegesTest(org.apache.jackrabbit.oak.exercise.security.privilege.L3_BuiltInPrivilegesTest) AbstractJCRTest(org.apache.jackrabbit.test.AbstractJCRTest) Test(org.junit.Test)

Example 42 with JackrabbitSession

use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.

the class L7_PrivilegeDiscoveryTest method setUp.

@Override
protected void setUp() throws Exception {
    super.setUp();
    SimpleCredentials creds = new SimpleCredentials("u", "u".toCharArray());
    UserManager uMgr = ((JackrabbitSession) superuser).getUserManager();
    User u = uMgr.createUser(creds.getUserID(), creds.getUserID());
    Group g = uMgr.createGroup("g");
    g.addMember(u);
    uPrincipal = u.getPrincipal();
    gPrincipal = g.getPrincipal();
    Node n = superuser.getNode(testRoot).addNode(nodeName1);
    testPath = n.getPath();
    Property p = n.setProperty(propertyName1, "value");
    propPath = p.getPath();
    Privilege[] privs = AccessControlUtils.privilegesFromNames(superuser, Privilege.JCR_VERSION_MANAGEMENT, Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_MODIFY_PROPERTIES);
    AccessControlUtils.addAccessControlEntry(superuser, n.getPath(), gPrincipal, privs, true);
    AccessControlUtils.addAccessControlEntry(superuser, n.getPath(), uPrincipal, new String[] { Privilege.JCR_VERSION_MANAGEMENT }, false);
    Node child = n.addNode(nodeName2);
    childPath = child.getPath();
    superuser.save();
    userSession = getHelper().getRepository().login(creds);
    // NOTE the following precondition defined by the test-setup!
    assertTrue(userSession.nodeExists(testPath));
    assertTrue(userSession.nodeExists(childPath));
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Node(javax.jcr.Node) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) Privilege(javax.jcr.security.Privilege) Property(javax.jcr.Property)

Example 43 with JackrabbitSession

use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.

the class ObservationQueueTest method prepareTestData.

@Override
protected void prepareTestData(Session s) throws RepositoryException {
    UserManager uMgr = ((JackrabbitSession) s).getUserManager();
    User user = uMgr.createUser(USER, PASSWORD);
    s.save();
    AccessControlManager acMgr = s.getAccessControlManager();
    JackrabbitAccessControlList tmpl = AccessControlUtils.getAccessControlList(acMgr, "/");
    tmpl.addEntry(user.getPrincipal(), new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) }, true, Collections.<String, Value>emptyMap());
    acMgr.setPolicy(tmpl.getPath(), tmpl);
    s.save();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 44 with JackrabbitSession

use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.

the class RandomizedReadTest method clearContent.

@Override
protected void clearContent() throws Exception {
    for (JackrabbitSession session : writeSessions) {
        Node root = session.getRootNode();
        if (root.hasNode("n1")) {
            root.getNode("n1").remove();
        }
        if (root.hasNode("n2")) {
            root.getNode("n2").remove();
        }
        AccessControlList acl = AccessControlUtils.getAccessControlList(session, "/");
        if (acl != null) {
            boolean modified = false;
            for (AccessControlEntry ace : acl.getAccessControlEntries()) {
                if (getTestPrincipal(session).equals(ace.getPrincipal())) {
                    acl.removeAccessControlEntry(ace);
                    modified = true;
                }
            }
            if (modified) {
                session.getAccessControlManager().setPolicy("/", acl);
            }
        }
        session.save();
    }
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Node(javax.jcr.Node) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)

Example 45 with JackrabbitSession

use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.

the class RandomizedReadTest method setupContent.

@Override
protected void setupContent() throws Exception {
    for (JackrabbitSession session : writeSessions) {
        Node root = session.getRootNode();
        Node n1 = root.addNode("n1");
        Node n3 = n1.addNode("n3");
        n1.addNode("n4");
        n1.addNode("n5");
        n3.addNode("n6");
        n3.addNode("n7");
        n3.addNode("n8");
        n3.addNode("n9");
        root.addNode("n2");
        Principal principal = getTestPrincipal(session);
        AccessControlManager acm = session.getAccessControlManager();
        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acm, "/");
        acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acm, PrivilegeConstants.JCR_READ), true);
        acm.setPolicy("/", acl);
        session.save();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Node(javax.jcr.Node) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal)

Aggregations

JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)114 UserManager (org.apache.jackrabbit.api.security.user.UserManager)51 Session (javax.jcr.Session)50 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)34 Node (javax.jcr.Node)25 Group (org.apache.jackrabbit.api.security.user.Group)25 User (org.apache.jackrabbit.api.security.user.User)24 Principal (java.security.Principal)19 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)17 Test (org.junit.Test)16 SimpleCredentials (javax.jcr.SimpleCredentials)15 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)11 RepositoryException (javax.jcr.RepositoryException)10 PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)9 PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)9 Privilege (javax.jcr.security.Privilege)8 LoginException (javax.jcr.LoginException)6 Property (javax.jcr.Property)6 ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)6 Item (javax.jcr.Item)5