Example 1 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class WriteTest method testNotItemBasedPrincipal.
/**
* Test for bug JCR-2621
*
* @throws Exception
*/
public void testNotItemBasedPrincipal() throws Exception {
try {
Principal everyone = ((JackrabbitSession) superuser).getPrincipalManager().getEveryone();
JackrabbitAccessControlList acl = getPolicy(acMgr, path, everyone);
acl.addEntry(everyone, privilegesFromName(Privilege.JCR_READ), true, getRestrictions(superuser, path));
acMgr.setPolicy(acl.getPath(), acl);
AccessControlPolicy[] plcs = acMgr.getPolicies(acl.getPath());
assertEquals(1, plcs.length);
acl = (JackrabbitAccessControlList) plcs[0];
acl.addEntry(everyone, privilegesFromName(Privilege.JCR_WRITE), true, getRestrictions(superuser, path));
acMgr.setPolicy(acl.getPath(), acl);
} finally {
// revert all kind of transient modifications
superuser.refresh(false);
}
}
Also used :
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
Example 2 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class WriteTest method testReorderGroupPermissions.
public void testReorderGroupPermissions() throws NotExecutableException, RepositoryException {
Group testGroup = getTestGroup();
/* create a second group the test user is member of */
Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
UserManager umgr = getUserManager(superuser);
Group group2 = umgr.createGroup(principal);
try {
group2.addMember(testUser);
if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
superuser.save();
}
/* add privileges for the Group the test-user is member of */
Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
withdrawPrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
givePrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
/*
testuser must get the permissions/privileges inherited from
the group it is member of.
granting permissions for group2 must be effective
*/
String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
AccessControlManager testAcMgr = getTestACManager();
assertTrue(getTestSession().hasPermission(path, actions));
Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
assertTrue(testAcMgr.hasPrivileges(path, privs));
// reorder the ACEs
AccessControlEntry srcEntry = null;
AccessControlEntry destEntry = null;
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
for (AccessControlEntry entry : acl.getAccessControlEntries()) {
Principal princ = entry.getPrincipal();
if (testGroup.getPrincipal().equals(princ)) {
destEntry = entry;
} else if (group2.getPrincipal().equals(princ)) {
srcEntry = entry;
}
}
acl.orderBefore(srcEntry, destEntry);
acMgr.setPolicy(path, acl);
superuser.save();
/* after reordering the permissions must be denied */
assertFalse(getTestSession().hasPermission(path, actions));
assertFalse(testAcMgr.hasPrivileges(path, privs));
} finally {
group2.remove();
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Group(org.apache.jackrabbit.api.security.user.Group)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
Example 3 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class WriteTest method givePrivileges.
private JackrabbitAccessControlList givePrivileges(String nPath, Principal principal, Privilege[] privileges, Map<String, Value> restrictions, boolean nodeBased) throws NotExecutableException, RepositoryException {
if (nodeBased) {
return givePrivileges(nPath, principal, privileges, getRestrictions(superuser, nPath));
} else {
JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
tmpl.addEntry(principal, privileges, true, restrictions);
acMgr.setPolicy(tmpl.getPath(), tmpl);
superuser.save();
return tmpl;
}
}
Also used :
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 4 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class WriteTest method withdrawPrivileges.
private JackrabbitAccessControlList withdrawPrivileges(String nPath, Principal principal, Privilege[] privileges, Map<String, Value> restrictions, boolean nodeBased) throws NotExecutableException, RepositoryException {
if (nodeBased) {
return withdrawPrivileges(nPath, principal, privileges, getRestrictions(superuser, nPath));
} else {
JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
tmpl.addEntry(principal, privileges, false, restrictions);
acMgr.setPolicy(tmpl.getPath(), tmpl);
superuser.save();
return tmpl;
}
}
Also used :
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 5 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class ACLTemplateTest method testGetRestrictionTypes.
public void testGetRestrictionTypes() throws RepositoryException {
JackrabbitAccessControlList acl = createEmptyTemplate(getTestPath());
NameResolver resolver = (NameResolver) superuser;
assertEquals(PropertyType.PATH, acl.getRestrictionType(resolver.getJCRName(ACLTemplate.P_NODE_PATH)));
assertEquals(PropertyType.STRING, acl.getRestrictionType(resolver.getJCRName(ACLTemplate.P_GLOB)));
}
Also used :
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
NameResolver(org.apache.jackrabbit.spi.commons.conversion.NameResolver)
Aggregations
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)165
AccessControlManager (javax.jcr.security.AccessControlManager)75
Privilege (javax.jcr.security.Privilege)56
AccessControlEntry (javax.jcr.security.AccessControlEntry)46
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)46
Test (org.junit.Test)40
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)32
Principal (java.security.Principal)29
Node (javax.jcr.Node)23
Session (javax.jcr.Session)17
Value (javax.jcr.Value)17
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)15
Tree (org.apache.jackrabbit.oak.api.Tree)15
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)13
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)12
AccessControlException (javax.jcr.security.AccessControlException)10
NodeImpl (org.apache.jackrabbit.core.NodeImpl)9
ByteArrayInputStream (java.io.ByteArrayInputStream)8
InputStream (java.io.InputStream)8
Group (org.apache.jackrabbit.api.security.user.Group)8
