Examples with ACE org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE used on opensource projects

Search in sources :

Example 11 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class EntryTest method testGetPrivilegeBits.

@Test
public void testGetPrivilegeBits() throws RepositoryException {
    ACE entry = createEntry(new String[] { PrivilegeConstants.JCR_READ }, true);
    PrivilegeBits bits = entry.getPrivilegeBits();
    assertNotNull(bits);
    assertEquals(bits, getBitsProvider().getBits(PrivilegeConstants.JCR_READ));
    entry = createEntry(new String[] { PrivilegeConstants.REP_WRITE }, true);
    bits = entry.getPrivilegeBits();
    assertNotNull(bits);
    assertEquals(bits, getBitsProvider().getBits(PrivilegeConstants.REP_WRITE));
    entry = createEntry(new String[] { PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_CHILD_NODES }, true);
    bits = entry.getPrivilegeBits();
    assertNotNull(bits);
    PrivilegeBits expected = getBitsProvider().getBits(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_CHILD_NODES);
    assertEquals(expected, bits);
}
Also used : ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits) Test(org.junit.Test)

Example 12 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class EntryTest method testGetRestrictionForMultiValued.

/**
     * @since OAK 1.0: support for multi-value restrictions
     */
@Test(expected = ValueFormatException.class)
public void testGetRestrictionForMultiValued() throws Exception {
    // multivalued restriction
    Restriction nameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, nameValues);
    ACE ace = createEntry(ImmutableSet.of(nameRestr));
    ace.getRestriction(AccessControlConstants.REP_NT_NAMES);
}
Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) Test(org.junit.Test)

Example 13 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testSetPrincipalPolicyWithNewMvRestriction.

@Test
public void testSetPrincipalPolicyWithNewMvRestriction() throws Exception {
    setupPolicy(testPath);
    root.commit();
    JackrabbitAccessControlPolicy[] policies = acMgr.getPolicies(testPrincipal);
    ACL acl = (ACL) policies[0];
    Map<String, Value> restrictions = new HashMap();
    restrictions.put(REP_NODE_PATH, getValueFactory().createValue(testPath, PropertyType.PATH));
    Map<String, Value[]> mvRestrictions = new HashMap();
    ValueFactory vf = getValueFactory(root);
    Value[] restrValues = new Value[] { vf.createValue("itemname", PropertyType.NAME), vf.createValue("propName", PropertyType.NAME) };
    mvRestrictions.put(REP_ITEM_NAMES, restrValues);
    assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, restrictions, mvRestrictions));
    acMgr.setPolicy(acl.getPath(), acl);
    AccessControlEntry[] entries = ((ACL) acMgr.getPolicies(testPath)[0]).getAccessControlEntries();
    assertEquals(2, entries.length);
    ACE newEntry = (ACE) entries[1];
    assertEquals(1, newEntry.getRestrictions().size());
    assertArrayEquals(restrValues, newEntry.getRestrictions(REP_ITEM_NAMES));
}
Also used : ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) HashMap(java.util.HashMap) AccessControlEntry(javax.jcr.security.AccessControlEntry) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) ValueFactory(javax.jcr.ValueFactory) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) Value(javax.jcr.Value) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 14 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class ACL method orderBefore.

@Override
public void orderBefore(AccessControlEntry srcEntry, AccessControlEntry destEntry) throws RepositoryException {
    ACE src = checkACE(srcEntry);
    ACE dest = (destEntry == null) ? null : checkACE(destEntry);
    if (src.equals(dest)) {
        log.debug("'srcEntry' equals 'destEntry' -> no reordering required.");
        return;
    }
    int index = (dest == null) ? entries.size() - 1 : entries.indexOf(dest);
    if (index < 0) {
        throw new AccessControlException("'destEntry' not contained in this AccessControlList.");
    } else {
        if (entries.remove(src)) {
            // re-insert the srcEntry at the new position.
            entries.add(index, src);
        } else {
            // src entry not contained in this list.
            throw new AccessControlException("srcEntry not contained in this AccessControlList");
        }
    }
}
Also used : ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) AccessControlException(javax.jcr.security.AccessControlException)

Example 15 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class ACL method addEntry.

//----------------------------------------< JackrabbitAccessControlList >---
@Override
public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions, Map<String, Value[]> mvRestrictions) throws RepositoryException {
    if (privileges == null || privileges.length == 0) {
        throw new AccessControlException("Privileges may not be null nor an empty array");
    }
    for (Privilege p : privileges) {
        Privilege pv = getPrivilegeManager().getPrivilege(p.getName());
        if (pv.isAbstract()) {
            throw new AccessControlException("Privilege " + p + " is abstract.");
        }
    }
    if (!checkValidPrincipal(principal)) {
        return false;
    }
    for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getOakPath())) {
        String jcrName = getNamePathMapper().getJcrName(def.getName());
        if (def.isMandatory() && (restrictions == null || !restrictions.containsKey(jcrName))) {
            throw new AccessControlException("Mandatory restriction " + jcrName + " is missing.");
        }
    }
    Set<Restriction> rs;
    if (restrictions == null && mvRestrictions == null) {
        rs = Collections.emptySet();
    } else {
        rs = new HashSet<Restriction>();
        if (restrictions != null) {
            for (String jcrName : restrictions.keySet()) {
                String oakName = getNamePathMapper().getOakName(jcrName);
                rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName, restrictions.get(oakName)));
            }
        }
        if (mvRestrictions != null) {
            for (String jcrName : mvRestrictions.keySet()) {
                String oakName = getNamePathMapper().getOakName(jcrName);
                rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName, mvRestrictions.get(oakName)));
            }
        }
    }
    ACE entry = createACE(principal, getPrivilegeBits(privileges), isAllow, rs);
    if (entries.contains(entry)) {
        log.debug("Entry is already contained in policy -> no modification.");
        return false;
    } else {
        return internalAddEntry(entry);
    }
}
Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) AccessControlException(javax.jcr.security.AccessControlException) Privilege(javax.jcr.security.Privilege) RestrictionDefinition(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition)

Aggregations

ACE (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE)33 Test (org.junit.Test)25 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)12 Value (javax.jcr.Value)8 Privilege (javax.jcr.security.Privilege)5 Tree (org.apache.jackrabbit.oak.api.Tree)5 ArrayList (java.util.ArrayList)4 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)4 HashMap (java.util.HashMap)3 AccessControlEntry (javax.jcr.security.AccessControlEntry)3 AccessControlException (javax.jcr.security.AccessControlException)3 Principal (java.security.Principal)2 Nullable (javax.annotation.Nullable)2 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)2 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)2 ImmutableACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ImmutableACL)2 PrivilegeBits (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)2 Predicate (com.google.common.base.Predicate)1 CheckForNull (javax.annotation.CheckForNull)1 RepositoryException (javax.jcr.RepositoryException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial