use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.
the class L5_SpecialPermissionsTest method testUserManagement.
@Test
public void testUserManagement() throws RepositoryException {
// EXERCISE: fix the permission setup and explain why!
// grant full access to all users for 'testGroup'...
paths.add(UserConstants.DEFAULT_USER_PATH);
AccessControlUtils.addAccessControlEntry(superuser, UserConstants.DEFAULT_USER_PATH, testGroupPrincipal, new String[] { Privilege.JCR_ALL }, true);
// ... but prevent the test user to write the admin user
String adminPath = ((JackrabbitSession) superuser).getUserManager().getAuthorizable(superuser.getUserID()).getPath();
paths.add(adminPath);
AccessControlUtils.addAccessControlEntry(superuser, adminPath, EveryonePrincipal.getInstance(), new String[] { PrivilegeConstants.REP_WRITE }, false);
// execute the test verifying that pw of 'testUser2' can be change
// but not the pw of the admin user
JackrabbitSession s = (JackrabbitSession) createTestSession();
User u2 = s.getUserManager().getAuthorizable(testUser2.getID(), User.class);
u2.changePassword("gugus");
s.save();
try {
User admin = s.getUserManager().getAuthorizable(superuser.getUserID(), User.class);
admin.changePassword("gugus");
s.save();
fail("privilege escalation!");
} catch (AccessDeniedException e) {
// success
} finally {
s.refresh(false);
}
}
use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.
the class L7_PrivilegeDiscoveryTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
SimpleCredentials creds = new SimpleCredentials("u", "u".toCharArray());
UserManager uMgr = ((JackrabbitSession) superuser).getUserManager();
User u = uMgr.createUser(creds.getUserID(), creds.getUserID());
Group g = uMgr.createGroup("g");
g.addMember(u);
uPrincipal = u.getPrincipal();
gPrincipal = g.getPrincipal();
Node n = superuser.getNode(testRoot).addNode(nodeName1);
testPath = n.getPath();
Property p = n.setProperty(propertyName1, "value");
propPath = p.getPath();
Privilege[] privs = AccessControlUtils.privilegesFromNames(superuser, Privilege.JCR_VERSION_MANAGEMENT, Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_MODIFY_PROPERTIES);
AccessControlUtils.addAccessControlEntry(superuser, n.getPath(), gPrincipal, privs, true);
AccessControlUtils.addAccessControlEntry(superuser, n.getPath(), uPrincipal, new String[] { Privilege.JCR_VERSION_MANAGEMENT }, false);
Node child = n.addNode(nodeName2);
childPath = child.getPath();
superuser.save();
userSession = getHelper().getRepository().login(creds);
// NOTE the following precondition defined by the test-setup!
assertTrue(userSession.nodeExists(testPath));
assertTrue(userSession.nodeExists(childPath));
}
use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.
the class ObservationQueueTest method prepareTestData.
@Override
protected void prepareTestData(Session s) throws RepositoryException {
UserManager uMgr = ((JackrabbitSession) s).getUserManager();
User user = uMgr.createUser(USER, PASSWORD);
s.save();
AccessControlManager acMgr = s.getAccessControlManager();
JackrabbitAccessControlList tmpl = AccessControlUtils.getAccessControlList(acMgr, "/");
tmpl.addEntry(user.getPrincipal(), new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) }, true, Collections.<String, Value>emptyMap());
acMgr.setPolicy(tmpl.getPath(), tmpl);
s.save();
}
use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.
the class RandomizedReadTest method clearContent.
@Override
protected void clearContent() throws Exception {
for (JackrabbitSession session : writeSessions) {
Node root = session.getRootNode();
if (root.hasNode("n1")) {
root.getNode("n1").remove();
}
if (root.hasNode("n2")) {
root.getNode("n2").remove();
}
AccessControlList acl = AccessControlUtils.getAccessControlList(session, "/");
if (acl != null) {
boolean modified = false;
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
if (getTestPrincipal(session).equals(ace.getPrincipal())) {
acl.removeAccessControlEntry(ace);
modified = true;
}
}
if (modified) {
session.getAccessControlManager().setPolicy("/", acl);
}
}
session.save();
}
}
use of org.apache.jackrabbit.api.JackrabbitSession in project jackrabbit-oak by apache.
the class RandomizedReadTest method setupContent.
@Override
protected void setupContent() throws Exception {
for (JackrabbitSession session : writeSessions) {
Node root = session.getRootNode();
Node n1 = root.addNode("n1");
Node n3 = n1.addNode("n3");
n1.addNode("n4");
n1.addNode("n5");
n3.addNode("n6");
n3.addNode("n7");
n3.addNode("n8");
n3.addNode("n9");
root.addNode("n2");
Principal principal = getTestPrincipal(session);
AccessControlManager acm = session.getAccessControlManager();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acm, "/");
acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acm, PrivilegeConstants.JCR_READ), true);
acm.setPolicy("/", acl);
session.save();
}
}
Aggregations