Search in sources :

Example 1 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class SessionImpl method getImportContentHandler.

/**
     * {@inheritDoc}
     */
public ContentHandler getImportContentHandler(String parentAbsPath, int uuidBehavior) throws PathNotFoundException, ConstraintViolationException, VersionException, LockException, RepositoryException {
    // check sanity of this session
    sanityCheck();
    NodeImpl parent;
    try {
        Path p = getQPath(parentAbsPath).getNormalizedPath();
        if (!p.isAbsolute()) {
            throw new RepositoryException("not an absolute path: " + parentAbsPath);
        }
        parent = getItemManager().getNode(p);
    } catch (NameException e) {
        String msg = parentAbsPath + ": invalid path";
        log.debug(msg);
        throw new RepositoryException(msg, e);
    } catch (AccessDeniedException ade) {
        throw new PathNotFoundException(parentAbsPath);
    }
    // verify that parent node is checked-out, not locked and not protected
    // by either node type constraints nor by some retention or hold.
    int options = ItemValidator.CHECK_LOCK | ItemValidator.CHECK_CHECKED_OUT | ItemValidator.CHECK_CONSTRAINTS | ItemValidator.CHECK_HOLD | ItemValidator.CHECK_RETENTION;
    context.getItemValidator().checkModify(parent, options, Permission.NONE);
    SessionImporter importer = new SessionImporter(parent, this, uuidBehavior, context.getWorkspace().getConfig().getImportConfig());
    return new ImportHandler(importer, this);
}
Also used : Path(org.apache.jackrabbit.spi.Path) AccessDeniedException(javax.jcr.AccessDeniedException) NameException(org.apache.jackrabbit.spi.commons.conversion.NameException) IllegalNameException(org.apache.jackrabbit.spi.commons.conversion.IllegalNameException) ImportHandler(org.apache.jackrabbit.core.xml.ImportHandler) RepositoryException(javax.jcr.RepositoryException) PathNotFoundException(javax.jcr.PathNotFoundException) SessionImporter(org.apache.jackrabbit.core.xml.SessionImporter)

Example 2 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class WriteTest method testRemoveNodeWithInvisibleNonRemovableChild.

public void testRemoveNodeWithInvisibleNonRemovableChild() throws Exception {
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ, Privilege.JCR_WRITE });
    Node invisible = superuser.getNode(childNPath).addNode(nodeName3);
    superuser.save();
    /* allow READ/WRITE privilege for testUser at 'path' */
    givePrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
    /* deny READ privilege at invisible node. (removal is still granted) */
    withdrawPrivileges(invisible.getPath(), testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
    Session testSession = getTestSession();
    assertTrue(testSession.nodeExists(childNPath));
    assertTrue(testSession.hasPermission(childNPath, Session.ACTION_REMOVE));
    Node n = testSession.getNode(childNPath);
    // be removed.
    try {
        n.remove();
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) Session(javax.jcr.Session)

Example 3 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.

public void testGetEffectivePoliciesByPrincipal() throws Exception {
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
    Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
    AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
    assertNotNull(acp);
    assertEquals(1, acp.length);
    assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);
    JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];
    assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
    assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));
    acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
    if (acp.length == 0) {
        acp = jacMgr.getPolicies(testUser.getPrincipal());
    }
    assertNotNull(acp);
    assertEquals(1, acp.length);
    assertTrue(acp[0] instanceof JackrabbitAccessControlList);
    // let testuser read the ACL defined for 'testUser' principal.
    JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
    acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
    jacMgr.setPolicy(acl.getPath(), acl);
    superuser.save();
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    // effective policies for testPrinicpal only on path -> must succeed.
    ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
    // effective policies for a combination of principals -> must fail
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(((SessionImpl) testSession).getSubject().getPrincipals());
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessDeniedException(javax.jcr.AccessDeniedException) SessionImpl(org.apache.jackrabbit.core.SessionImpl) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal) Session(javax.jcr.Session)

Example 4 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class VersionManagerImpl method mergeOrUpdate.

/**
     * Combines merge and update method
     * @param state the state to merge or update
     * @param srcWorkspaceName source workspace name
     * @param failedIds list that will contain the failed ids.
     *        if <code>null</code> and update will be performed.
     * @param bestEffort best effort flag
     * @param isShallow is shallow flag
     * @throws RepositoryException if an error occurs
     */
private void mergeOrUpdate(NodeStateEx state, String srcWorkspaceName, List<ItemId> failedIds, boolean bestEffort, boolean isShallow) throws RepositoryException {
    // if same workspace, ignore
    if (!srcWorkspaceName.equals(session.getWorkspace().getName())) {
        // check authorization for specified workspace
        if (!session.getAccessManager().canAccess(srcWorkspaceName)) {
            String msg = "not authorized to access " + srcWorkspaceName;
            log.error(msg);
            throw new AccessDeniedException(msg);
        }
        // get root node of src workspace
        SessionImpl srcSession = null;
        try {
            // create session on other workspace for current subject
            // (may throw NoSuchWorkspaceException and AccessDeniedException)
            srcSession = ((RepositoryImpl) session.getRepository()).createSession(session.getSubject(), srcWorkspaceName);
            WorkspaceImpl srcWsp = (WorkspaceImpl) srcSession.getWorkspace();
            NodeId rootNodeId = ((NodeImpl) srcSession.getRootNode()).getNodeId();
            NodeStateEx srcRoot = new NodeStateEx(srcWsp.getItemStateManager(), ntReg, rootNodeId);
            merge(state, srcRoot, failedIds, bestEffort, isShallow);
        } catch (ItemStateException e) {
            throw new RepositoryException(e);
        } finally {
            if (srcSession != null) {
                // we don't need the other session anymore, logout
                srcSession.logout();
            }
        }
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) NodeId(org.apache.jackrabbit.core.id.NodeId) RepositoryException(javax.jcr.RepositoryException) NodeStateEx(org.apache.jackrabbit.core.version.NodeStateEx) InvalidItemStateException(javax.jcr.InvalidItemStateException) ItemStateException(org.apache.jackrabbit.core.state.ItemStateException)

Example 5 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class JackrabbitAccessControlManagerTest method testHasPrivilegeThrowsAccessDenied.

public void testHasPrivilegeThrowsAccessDenied() throws RepositoryException {
    Session readOnly = getHelper().getReadOnlySession();
    JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) readOnly.getAccessControlManager();
    try {
        jacMgr.hasPrivileges(testRoot, principals, new Privilege[] { jacMgr.privilegeFromName(Privilege.JCR_READ) });
        fail("ReadOnly session isn't allowed to determine the privileges of other principals.");
    } catch (AccessDeniedException e) {
    // success
    } finally {
        readOnly.logout();
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Session(javax.jcr.Session)

Aggregations

AccessDeniedException (javax.jcr.AccessDeniedException)189 Node (javax.jcr.Node)80 Test (org.junit.Test)68 Session (javax.jcr.Session)33 RepositoryException (javax.jcr.RepositoryException)23 Privilege (javax.jcr.security.Privilege)22 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 Workspace (javax.jcr.Workspace)18 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15 ItemNotFoundException (javax.jcr.ItemNotFoundException)13 PathNotFoundException (javax.jcr.PathNotFoundException)13 Path (org.apache.jackrabbit.spi.Path)13 Principal (java.security.Principal)11 User (org.apache.jackrabbit.api.security.user.User)11 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)10 AccessControlManager (javax.jcr.security.AccessControlManager)9 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 Property (javax.jcr.Property)8 JackrabbitWorkspace (org.apache.jackrabbit.api.JackrabbitWorkspace)8 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7