Example 16 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class VersionStorageTest method after.
@Override
public void after() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
if (testPrincipal.equals(ace.getPrincipal())) {
acl.removeAccessControlEntry(ace);
}
}
acMgr.setPolicy("/", acl);
root.commit();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 17 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class PermissionHookTest method testReorderAddAndRemoveAces2.
/**
* ACE : 0 1 2 3 4 5 6 7
* Before : tp ev p0 p1 p2 p3
* After : ev p2 p1 p3 p4 p5
*/
@Test
public void testReorderAddAndRemoveAces2() throws Exception {
createPrincipals();
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
for (int i = 0; i < 4; i++) {
acl.addAccessControlEntry(principals.get(i), privilegesFromNames(JCR_READ));
}
acMgr.setPolicy(testPath, acl);
root.commit();
AccessControlEntry[] aces = acl.getAccessControlEntries();
acl.removeAccessControlEntry(aces[0]);
acl.removeAccessControlEntry(aces[2]);
acl.orderBefore(aces[4], aces[3]);
acl.addAccessControlEntry(principals.get(4), privilegesFromNames(JCR_READ));
acl.addAccessControlEntry(principals.get(5), privilegesFromNames(JCR_READ));
acMgr.setPolicy(testPath, acl);
root.commit();
Tree entry = getEntry(principals.get(2), testPath, 1);
assertIndex(1, entry);
entry = getEntry(principals.get(1), testPath, 2);
assertIndex(2, entry);
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Tree(org.apache.jackrabbit.oak.api.Tree)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 18 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AbstractACLTemplateTest method testEffect.
public void testEffect() throws RepositoryException, NotExecutableException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
Privilege[] read = privilegesFromName(Privilege.JCR_READ);
Privilege[] modProp = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
pt.addAccessControlEntry(testPrincipal, read);
// add deny entry for mod_props
assertTrue(pt.addEntry(testPrincipal, modProp, false, null));
// test net-effect
PrivilegeBits allows = PrivilegeBits.getInstance();
PrivilegeBits denies = PrivilegeBits.getInstance();
AccessControlEntry[] entries = pt.getAccessControlEntries();
for (AccessControlEntry ace : entries) {
if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
PrivilegeBits entryBits = privilegeMgr.getBits(ace.getPrivileges());
if (((JackrabbitAccessControlEntry) ace).isAllow()) {
allows.addDifference(entryBits, denies);
} else {
denies.addDifference(entryBits, allows);
}
}
}
assertEquals(privilegeMgr.getBits(read), allows);
assertEquals(privilegeMgr.getBits(modProp), denies);
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 19 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AbstractACLTemplateTest method testAddInvalidEntry2.
public void testAddInvalidEntry2() throws RepositoryException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
try {
pt.addAccessControlEntry(testPrincipal, new Privilege[0]);
fail("Adding an ACE with invalid privileges should fail");
} catch (AccessControlException e) {
// success
}
}
Also used :
AccessControlException(javax.jcr.security.AccessControlException)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 20 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AbstractACLTemplateTest method testRemoveInvalidEntry.
public void testRemoveInvalidEntry() throws RepositoryException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
try {
pt.removeAccessControlEntry(new JackrabbitAccessControlEntry() {
public boolean isAllow() {
return false;
}
public String[] getRestrictionNames() {
return new String[0];
}
public Value getRestriction(String restrictionName) {
return null;
}
public Value[] getRestrictions(String restrictionName) throws RepositoryException {
return null;
}
public Principal getPrincipal() {
return testPrincipal;
}
public Privilege[] getPrivileges() {
try {
return privilegesFromName(Privilege.JCR_READ);
} catch (Exception e) {
return new Privilege[0];
}
}
});
fail("Passing an unknown ACE should fail");
} catch (AccessControlException e) {
// success
}
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
Value(javax.jcr.Value)
AccessControlException(javax.jcr.security.AccessControlException)
RepositoryException(javax.jcr.RepositoryException)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
AccessControlException(javax.jcr.security.AccessControlException)
RepositoryException(javax.jcr.RepositoryException)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
Aggregations
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)165
AccessControlManager (javax.jcr.security.AccessControlManager)75
Privilege (javax.jcr.security.Privilege)56
AccessControlEntry (javax.jcr.security.AccessControlEntry)46
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)46
Test (org.junit.Test)40
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)32
Principal (java.security.Principal)29
Node (javax.jcr.Node)23
Session (javax.jcr.Session)17
Value (javax.jcr.Value)17
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)15
Tree (org.apache.jackrabbit.oak.api.Tree)15
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)13
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)12
AccessControlException (javax.jcr.security.AccessControlException)10
NodeImpl (org.apache.jackrabbit.core.NodeImpl)9
ByteArrayInputStream (java.io.ByteArrayInputStream)8
InputStream (java.io.InputStream)8
Group (org.apache.jackrabbit.api.security.user.Group)8
