Examples with AuthorizationConfiguration org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration used on opensource projects

Example 16 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class AbstractAccessControlManagerTest method before.

@Before
public void before() throws Exception {
    testPrivileges = new Privilege[] { mockPrivilege("priv1"), mockPrivilege("priv2") };
    allPrivileges = new Privilege[] { mockPrivilege(PrivilegeConstants.JCR_ALL) };
    cs = Mockito.mock(ContentSession.class);
    when(cs.getWorkspaceName()).thenReturn(WSP_NAME);
    when(cs.getAuthInfo()).thenReturn(new AuthInfoImpl(null, ImmutableMap.of(), testPrincipals));
    when(root.getContentSession()).thenReturn(cs);
    Tree nonExistingTree = Mockito.mock(Tree.class);
    when(nonExistingTree.exists()).thenReturn(false);
    when(root.getTree(nonExistingPath)).thenReturn(nonExistingTree);
    Tree existingTree = Mockito.mock(Tree.class);
    when(existingTree.exists()).thenReturn(true);
    when(root.getTree(testPath)).thenReturn(existingTree);
    Tree rootTree = Mockito.mock(Tree.class);
    when(rootTree.exists()).thenReturn(true);
    when(root.getTree("/")).thenReturn(rootTree);
    privilegeManager = Mockito.mock(PrivilegeManager.class);
    when(privilegeManager.getRegisteredPrivileges()).thenReturn(testPrivileges);
    when(privilegeManager.getPrivilege("priv1")).thenReturn(testPrivileges[0]);
    when(privilegeManager.getPrivilege("priv2")).thenReturn(testPrivileges[1]);
    when(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL)).thenReturn(allPrivileges[0]);
    PrivilegeConfiguration privilegeConfiguration = Mockito.mock(PrivilegeConfiguration.class);
    when(privilegeConfiguration.getPrivilegeManager(root, getNamePathMapper())).thenReturn(privilegeManager);
    authorizationConfiguration = Mockito.mock(AuthorizationConfiguration.class);
    when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, getEveryonePrincipalSet())).thenReturn(EmptyPermissionProvider.getInstance());
    when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, testPrincipals)).thenReturn(OpenPermissionProvider.getInstance());
    when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, ImmutableSet.of())).thenReturn(EmptyPermissionProvider.getInstance());
    when(authorizationConfiguration.getContext()).thenReturn(Context.DEFAULT);
    securityProvider = Mockito.mock(SecurityProvider.class);
    when(securityProvider.getConfiguration(PrivilegeConfiguration.class)).thenReturn(privilegeConfiguration);
    when(securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(authorizationConfiguration);
    acMgr = createAccessControlManager(root, getNamePathMapper());
}

Example 17 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class AccessControlAction method setAC.

private void setAC(@Nonnull Authorizable authorizable, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper) throws RepositoryException {
    if (securityProvider == null) {
        throw new IllegalStateException("Not initialized");
    }
    if (authorizable.isGroup()) {
        if (groupPrivilegeNames.length == 0) {
            log.debug("No privileges configured for groups; omit ac setup.");
            return;
        }
    } else {
        if (userPrivilegeNames.length == 0) {
            log.debug("No privileges configured for users; omit ac setup.");
            return;
        }
        if (isBuiltInUser(authorizable)) {
            log.debug("System user: " + authorizable.getID() + "; omit ac setup.");
            return;
        }
    }
    Principal principal = authorizable.getPrincipal();
    if (administrativePrincipals.contains(principal.getName())) {
        log.debug("Administrative principal: " + principal.getName() + "; omit ac setup.");
        return;
    }
    String path = authorizable.getPath();
    AuthorizationConfiguration acConfig = securityProvider.getConfiguration(AuthorizationConfiguration.class);
    AccessControlManager acMgr = acConfig.getAccessControlManager(root, namePathMapper);
    JackrabbitAccessControlList acl = null;
    for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it.hasNext(); ) {
        AccessControlPolicy plc = it.nextAccessControlPolicy();
        if (plc instanceof JackrabbitAccessControlList) {
            acl = (JackrabbitAccessControlList) plc;
            break;
        }
    }
    if (acl == null) {
        log.warn("Cannot process AccessControlAction: no applicable ACL at " + path);
    } else {
        // setup acl according to configuration.
        boolean modified = false;
        String[] privNames = (authorizable.isGroup()) ? groupPrivilegeNames : userPrivilegeNames;
        modified = acl.addAccessControlEntry(principal, getPrivileges(privNames, acMgr));
        if (modified) {
            acMgr.setPolicy(path, acl);
        }
    }
}

Example 18 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class CompositeAuthorizationConfigurationTest method testOnlyEmptyRestrictionProvider.

@Test
public void testOnlyEmptyRestrictionProvider() {
    AuthorizationConfiguration ac = new OpenAuthorizationConfiguration() {

        @Nonnull
        @Override
        public RestrictionProvider getRestrictionProvider() {
            return RestrictionProvider.EMPTY;
        }
    };
    CompositeAuthorizationConfiguration cc = getCompositeConfiguration(ac, ac);
    RestrictionProvider rp = cc.getRestrictionProvider();
    assertFalse(rp instanceof CompositeRestrictionProvider);
    assertSame(RestrictionProvider.EMPTY, rp);
}

Example 19 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class CugConfigurationOsgiTest method testCugExcludeExcludedDefault.

@Test
public void testCugExcludeExcludedDefault() {
    context.registerInjectActivateService(cugExclude);
    context.registerInjectActivateService(cugConfiguration, PROPERTIES);
    // default exclusion
    AdminPrincipal admin = () -> "name";
    SystemUserPrincipal suPrincipal = () -> "name";
    AuthorizationConfiguration config = context.getService(AuthorizationConfiguration.class);
    for (Principal p : new Principal[] { SystemPrincipal.INSTANCE, admin, suPrincipal }) {
        PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(p));
        assertSame(EmptyPermissionProvider.getInstance(), permissionProvider);
    }
    // however, other principals must not be excluded
    PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(new PrincipalImpl(EXCLUDED_PRINCIPAL_NAME)));
    assertTrue(permissionProvider instanceof CugPermissionProvider);
}

Example 20 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class CugConfigurationOsgiTest method testNotEnabled.

@Test
public void testNotEnabled() {
    context.registerInjectActivateService(cugExclude, ImmutableMap.of("principalNames", new String[] { ANY_PRINCIPAL_NAME }));
    context.registerInjectActivateService(cugConfiguration, ImmutableMap.of(CugConstants.PARAM_CUG_ENABLED, false, CugConstants.PARAM_CUG_SUPPORTED_PATHS, new String[] { "/" }));
    AuthorizationConfiguration config = context.getService(AuthorizationConfiguration.class);
    PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(new PrincipalImpl(ANY_PRINCIPAL_NAME)));
    assertSame(EmptyPermissionProvider.getInstance(), permissionProvider);
}