Search in sources :

Example 21 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class Jackrabbit2ConfigurationTest method testValidTokenCredentials.

@Test
public void testValidTokenCredentials() throws Exception {
    Root root = adminSession.getLatestRoot();
    TokenConfiguration tc = getSecurityProvider().getConfiguration(TokenConfiguration.class);
    TokenProvider tp = tc.getTokenProvider(root);
    SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
    TokenInfo info = tp.createToken(sc.getUserID(), Collections.<String, Object>emptyMap());
    ContentSession cs = login(new TokenCredentials(info.getToken()));
    try {
        assertEquals(sc.getUserID(), cs.getAuthInfo().getUserID());
    } finally {
        cs.close();
    }
}
Also used : TokenConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration) TokenProvider(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider) SimpleCredentials(javax.jcr.SimpleCredentials) Root(org.apache.jackrabbit.oak.api.Root) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) TokenInfo(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 22 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class AbstractAddMembersByIdTest method addExistingMemberWithoutAccess.

Set<String> addExistingMemberWithoutAccess() throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testGroup.getPath());
    if (acl != null) {
        if (acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_USER_MANAGEMENT), true)) {
            acMgr.setPolicy(testGroup.getPath(), acl);
            root.commit();
        }
    }
    String userId = getTestUser().getID();
    ContentSession testSession = null;
    try {
        testSession = login(new SimpleCredentials(userId, userId.toCharArray()));
        Root testRoot = testSession.getLatestRoot();
        assertFalse(testRoot.getTree(memberGroup.getPath()).exists());
        Group gr = getUserManager(testRoot).getAuthorizable(testGroup.getID(), Group.class);
        Set<String> failed = gr.addMembers(memberGroup.getID());
        testRoot.commit();
        return failed;
    } finally {
        if (testSession != null) {
            testSession.close();
        }
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) Root(org.apache.jackrabbit.oak.api.Root) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 23 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class QueryTest method queryOnStableRevision.

@Test
public void queryOnStableRevision() throws Exception {
    ContentSession s = repository.login(null, null);
    Root r = s.getLatestRoot();
    Tree t = r.getTree("/").addChild("test");
    t.addChild("node1").setProperty("jcr:primaryType", "nt:base");
    t.addChild("node2").setProperty("jcr:primaryType", "nt:base");
    t.addChild("node3").setProperty("jcr:primaryType", "nt:base");
    r.commit();
    ContentSession s2 = repository.login(null, null);
    Root r2 = s2.getLatestRoot();
    r.getTree("/test").getChild("node2").remove();
    r.commit();
    Result result = r2.getQueryEngine().executeQuery("test//element(*, nt:base)", Query.XPATH, QueryEngine.NO_BINDINGS, QueryEngine.NO_MAPPINGS);
    Set<String> paths = new HashSet<String>();
    for (ResultRow rr : result.getRows()) {
        paths.add(rr.getPath());
    }
    assertEquals(new HashSet<String>(Arrays.asList("/test/node1", "/test/node2", "/test/node3")), paths);
}
Also used : ResultRow(org.apache.jackrabbit.oak.api.ResultRow) Root(org.apache.jackrabbit.oak.api.Root) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Tree(org.apache.jackrabbit.oak.api.Tree) Result(org.apache.jackrabbit.oak.api.Result) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 24 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class PermissionTest method testHasPermission.

@Test
public void testHasPermission() throws Exception {
    // create permissions
    // allow rep:write      /testroot
    // allow jcr:removeNode /testroot/a/b
    // deny  jcr:removeNode /testroot/a/b/c
    addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
    addEntry(TEST_B_PATH, true, "", PrivilegeConstants.JCR_REMOVE_NODE);
    addEntry(TEST_C_PATH, false, "", PrivilegeConstants.JCR_REMOVE_NODE);
    ContentSession testSession = createTestSession();
    try {
        Root testRoot = testSession.getLatestRoot();
        PermissionProvider pp = getPermissionProvider(testSession);
        assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
        try {
            testRoot.getTree(TEST_C_PATH).remove();
            testRoot.commit();
            fail("removing node on /a/b/c should fail");
        } catch (CommitFailedException e) {
        // all ok
        }
    } finally {
        testSession.close();
    }
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 25 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class PermissionTest method testHasPermissionWithRestrictions2.

/**
     * Tests if the restrictions are properly inherited.
     * the restriction enable/disable the ACE where it is defined.
     * since the 'deny' on /a/b is after the 'allow' on a/b/c, the deny wins.
     */
@Test
public void testHasPermissionWithRestrictions2() throws Exception {
    // create permissions
    // allow rep:write      /testroot
    // allow jcr:removeNode /testroot/a  glob=*/b
    // deny  jcr:removeNode /testroot/a  glob=*/c
    addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
    addEntry(TEST_A_PATH, true, "*/b", PrivilegeConstants.JCR_REMOVE_NODE);
    addEntry(TEST_A_PATH, false, "*/c", PrivilegeConstants.JCR_REMOVE_NODE);
    ContentSession testSession = createTestSession();
    try {
        Root testRoot = testSession.getLatestRoot();
        PermissionProvider pp = getPermissionProvider(testSession);
        assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, true, TEST_D_PATH, Permissions.REMOVE_NODE);
        testRoot.getTree(TEST_D_PATH).remove();
        testRoot.commit();
        try {
            // should not be able to remove /a/b/c
            testRoot.getTree(TEST_C_PATH).remove();
            testRoot.commit();
            fail("should not be able to delete " + TEST_C_PATH);
        } catch (CommitFailedException e) {
            // ok
            testRoot.refresh();
        }
    } finally {
        testSession.close();
    }
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

ContentSession (org.apache.jackrabbit.oak.api.ContentSession)146 Test (org.junit.Test)132 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)66 SimpleCredentials (javax.jcr.SimpleCredentials)60 Root (org.apache.jackrabbit.oak.api.Root)43 LoginException (javax.security.auth.login.LoginException)35 AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)26 Tree (org.apache.jackrabbit.oak.api.Tree)25 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 User (org.apache.jackrabbit.api.security.user.User)17 PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)15 GuestCredentials (javax.jcr.GuestCredentials)13 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)12 Principal (java.security.Principal)10 TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)10 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)9 Group (org.apache.jackrabbit.api.security.user.Group)8 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)7 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6