Search in sources :

Example 31 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testGetPoliciesInternalPrincipal.

@Test
public void testGetPoliciesInternalPrincipal() throws Exception {
    Principal unknown = getPrincipalManager(root).getPrincipal("unknown");
    int i = 0;
    while (unknown != null) {
        unknown = getPrincipalManager(root).getPrincipal("unknown" + i);
    }
    unknown = new PrincipalImpl("unknown" + i);
    assertEquals(0, acMgr.getPolicies(unknown).length);
}
Also used : Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 32 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class L5_AccessControlListImplTest method testAddEntriesWithCustomKnownPrincipal.

public void testAddEntriesWithCustomKnownPrincipal() throws Exception {
    Principal oakPrincipal = new PrincipalImpl(testPrincipal.getName());
    Principal principal = new Principal() {

        @Override
        public String getName() {
            return testPrincipal.getName();
        }
    };
    assertTrue(acl.addAccessControlEntry(oakPrincipal, AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ)));
    assertTrue(acl.addAccessControlEntry(principal, AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ_ACCESS_CONTROL)));
    // EXERCISE
    int expectedLength = -1;
    assertEquals(expectedLength, acl.getAccessControlEntries().length);
}
Also used : InvalidTestPrincipal(org.apache.jackrabbit.oak.security.authorization.accesscontrol.InvalidTestPrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)

Example 33 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class UserManagementTest method testCreateWithIntermediateReadDeny2.

@Test
public void testCreateWithIntermediateReadDeny2() throws Exception {
    String path = UserConstants.DEFAULT_GROUP_PATH + "/a";
    JcrUtils.getOrCreateByPath(path, UserConstants.NT_REP_AUTHORIZABLE_FOLDER, superuser);
    superuser.save();
    try {
        deny(UserConstants.DEFAULT_GROUP_PATH, privilegesFromName(Privilege.JCR_READ));
        Privilege[] privs = privilegesFromNames(new String[] { Privilege.JCR_READ, PrivilegeConstants.REP_USER_MANAGEMENT, PrivilegeConstants.REP_WRITE });
        allow(path, privs);
        Group gr = getUserManager(testSession).createGroup(groupId, new PrincipalImpl(groupId), "a/b/c");
        testSession.save();
    } finally {
        superuser.refresh(false);
        superuser.getNode(UserConstants.DEFAULT_GROUP_PATH + "/a").remove();
        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, UserConstants.DEFAULT_GROUP_PATH);
        if (acl != null) {
            acMgr.removePolicy(UserConstants.DEFAULT_GROUP_PATH, acl);
        }
        superuser.save();
    }
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 34 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testEffectivePoliciesFiltering.

@Test
public void testEffectivePoliciesFiltering() throws Exception {
    // create first policy with multiple ACEs for the test principal set.
    ACL policy = getApplicablePolicy(testPath);
    policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
    policy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false);
    policy.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT), false);
    assertEquals(3, policy.getAccessControlEntries().length);
    acMgr.setPolicy(testPath, policy);
    root.commit();
    // different ways to create the principal-set to make sure the filtering
    // doesn't rely on principal equality but rather on the name.
    List<Principal> principals = ImmutableList.of(testPrincipal, new PrincipalImpl(testPrincipal.getName()), new Principal() {

        @Override
        public String getName() {
            return testPrincipal.getName();
        }
    });
    for (Principal princ : principals) {
        AccessControlPolicy[] policies = acMgr.getEffectivePolicies(ImmutableSet.of(princ));
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof AccessControlList);
        AccessControlList acl = (AccessControlList) policies[0];
        assertEquals(2, acl.getAccessControlEntries().length);
        for (AccessControlEntry ace : acl.getAccessControlEntries()) {
            assertEquals(princ.getName(), ace.getPrincipal().getName());
        }
    }
}
Also used : AbstractAccessControlList(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlList) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AccessControlList(javax.jcr.security.AccessControlList) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 35 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class ImpersonationImplEmptyTest method testGrantAgain.

@Test
public void testGrantAgain() throws Exception {
    final Principal principal = getTestUser().getPrincipal();
    impersonation.grantImpersonation(principal);
    assertFalse(impersonation.grantImpersonation(principal));
    assertFalse(impersonation.grantImpersonation(new PrincipalImpl(principal.getName())));
    assertFalse(impersonation.grantImpersonation(new Principal() {

        @Override
        public String getName() {
            return principal.getName();
        }
    }));
}
Also used : SystemPrincipal(org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal) AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) Principal(java.security.Principal) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)96 Test (org.junit.Test)66 Principal (java.security.Principal)40 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)24 Group (org.apache.jackrabbit.api.security.user.Group)22 User (org.apache.jackrabbit.api.security.user.User)20 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)20 UserManager (org.apache.jackrabbit.api.security.user.UserManager)16 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)12 GroupPrincipal (org.apache.jackrabbit.api.security.principal.GroupPrincipal)11 Session (javax.jcr.Session)9 SimpleCredentials (javax.jcr.SimpleCredentials)7 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)6 ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)6 CugPolicy (org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy)6 HashSet (java.util.HashSet)5 ExternalGroup (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)5 AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)5 EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)5