use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class Jackrabbit2ConfigurationTest method testValidTokenCredentials.
@Test
public void testValidTokenCredentials() throws Exception {
Root root = adminSession.getLatestRoot();
TokenConfiguration tc = getSecurityProvider().getConfiguration(TokenConfiguration.class);
TokenProvider tp = tc.getTokenProvider(root);
SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
TokenInfo info = tp.createToken(sc.getUserID(), Collections.<String, Object>emptyMap());
ContentSession cs = login(new TokenCredentials(info.getToken()));
try {
assertEquals(sc.getUserID(), cs.getAuthInfo().getUserID());
} finally {
cs.close();
}
}
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class AbstractAddMembersByIdTest method addExistingMemberWithoutAccess.
Set<String> addExistingMemberWithoutAccess() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testGroup.getPath());
if (acl != null) {
if (acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_USER_MANAGEMENT), true)) {
acMgr.setPolicy(testGroup.getPath(), acl);
root.commit();
}
}
String userId = getTestUser().getID();
ContentSession testSession = null;
try {
testSession = login(new SimpleCredentials(userId, userId.toCharArray()));
Root testRoot = testSession.getLatestRoot();
assertFalse(testRoot.getTree(memberGroup.getPath()).exists());
Group gr = getUserManager(testRoot).getAuthorizable(testGroup.getID(), Group.class);
Set<String> failed = gr.addMembers(memberGroup.getID());
testRoot.commit();
return failed;
} finally {
if (testSession != null) {
testSession.close();
}
}
}
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class QueryTest method queryOnStableRevision.
@Test
public void queryOnStableRevision() throws Exception {
ContentSession s = repository.login(null, null);
Root r = s.getLatestRoot();
Tree t = r.getTree("/").addChild("test");
t.addChild("node1").setProperty("jcr:primaryType", "nt:base");
t.addChild("node2").setProperty("jcr:primaryType", "nt:base");
t.addChild("node3").setProperty("jcr:primaryType", "nt:base");
r.commit();
ContentSession s2 = repository.login(null, null);
Root r2 = s2.getLatestRoot();
r.getTree("/test").getChild("node2").remove();
r.commit();
Result result = r2.getQueryEngine().executeQuery("test//element(*, nt:base)", Query.XPATH, QueryEngine.NO_BINDINGS, QueryEngine.NO_MAPPINGS);
Set<String> paths = new HashSet<String>();
for (ResultRow rr : result.getRows()) {
paths.add(rr.getPath());
}
assertEquals(new HashSet<String>(Arrays.asList("/test/node1", "/test/node2", "/test/node3")), paths);
}
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class PermissionTest method testHasPermission.
@Test
public void testHasPermission() throws Exception {
// create permissions
// allow rep:write /testroot
// allow jcr:removeNode /testroot/a/b
// deny jcr:removeNode /testroot/a/b/c
addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
addEntry(TEST_B_PATH, true, "", PrivilegeConstants.JCR_REMOVE_NODE);
addEntry(TEST_C_PATH, false, "", PrivilegeConstants.JCR_REMOVE_NODE);
ContentSession testSession = createTestSession();
try {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
try {
testRoot.getTree(TEST_C_PATH).remove();
testRoot.commit();
fail("removing node on /a/b/c should fail");
} catch (CommitFailedException e) {
// all ok
}
} finally {
testSession.close();
}
}
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class PermissionTest method testHasPermissionWithRestrictions2.
/**
* Tests if the restrictions are properly inherited.
* the restriction enable/disable the ACE where it is defined.
* since the 'deny' on /a/b is after the 'allow' on a/b/c, the deny wins.
*/
@Test
public void testHasPermissionWithRestrictions2() throws Exception {
// create permissions
// allow rep:write /testroot
// allow jcr:removeNode /testroot/a glob=*/b
// deny jcr:removeNode /testroot/a glob=*/c
addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
addEntry(TEST_A_PATH, true, "*/b", PrivilegeConstants.JCR_REMOVE_NODE);
addEntry(TEST_A_PATH, false, "*/c", PrivilegeConstants.JCR_REMOVE_NODE);
ContentSession testSession = createTestSession();
try {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, true, TEST_D_PATH, Permissions.REMOVE_NODE);
testRoot.getTree(TEST_D_PATH).remove();
testRoot.commit();
try {
// should not be able to remove /a/b/c
testRoot.getTree(TEST_C_PATH).remove();
testRoot.commit();
fail("should not be able to delete " + TEST_C_PATH);
} catch (CommitFailedException e) {
// ok
testRoot.refresh();
}
} finally {
testSession.close();
}
}
Aggregations