use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class SessionImpl method getImportContentHandler.
/**
* {@inheritDoc}
*/
public ContentHandler getImportContentHandler(String parentAbsPath, int uuidBehavior) throws PathNotFoundException, ConstraintViolationException, VersionException, LockException, RepositoryException {
// check sanity of this session
sanityCheck();
NodeImpl parent;
try {
Path p = getQPath(parentAbsPath).getNormalizedPath();
if (!p.isAbsolute()) {
throw new RepositoryException("not an absolute path: " + parentAbsPath);
}
parent = getItemManager().getNode(p);
} catch (NameException e) {
String msg = parentAbsPath + ": invalid path";
log.debug(msg);
throw new RepositoryException(msg, e);
} catch (AccessDeniedException ade) {
throw new PathNotFoundException(parentAbsPath);
}
// verify that parent node is checked-out, not locked and not protected
// by either node type constraints nor by some retention or hold.
int options = ItemValidator.CHECK_LOCK | ItemValidator.CHECK_CHECKED_OUT | ItemValidator.CHECK_CONSTRAINTS | ItemValidator.CHECK_HOLD | ItemValidator.CHECK_RETENTION;
context.getItemValidator().checkModify(parent, options, Permission.NONE);
SessionImporter importer = new SessionImporter(parent, this, uuidBehavior, context.getWorkspace().getConfig().getImportConfig());
return new ImportHandler(importer, this);
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class WriteTest method testRemoveNodeWithInvisibleNonRemovableChild.
public void testRemoveNodeWithInvisibleNonRemovableChild() throws Exception {
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ, Privilege.JCR_WRITE });
Node invisible = superuser.getNode(childNPath).addNode(nodeName3);
superuser.save();
/* allow READ/WRITE privilege for testUser at 'path' */
givePrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
/* deny READ privilege at invisible node. (removal is still granted) */
withdrawPrivileges(invisible.getPath(), testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
Session testSession = getTestSession();
assertTrue(testSession.nodeExists(childNPath));
assertTrue(testSession.hasPermission(childNPath, Session.ACTION_REMOVE));
Node n = testSession.getNode(childNPath);
// be removed.
try {
n.remove();
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.
public void testGetEffectivePoliciesByPrincipal() throws Exception {
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);
JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));
acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
if (acp.length == 0) {
acp = jacMgr.getPolicies(testUser.getPrincipal());
}
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlList);
// let testuser read the ACL defined for 'testUser' principal.
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
jacMgr.setPolicy(acl.getPath(), acl);
superuser.save();
Session testSession = getTestSession();
AccessControlManager testAcMgr = getTestACManager();
// effective policies for testPrinicpal only on path -> must succeed.
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
// effective policies for a combination of principals -> must fail
try {
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(((SessionImpl) testSession).getSubject().getPrincipals());
fail();
} catch (AccessDeniedException e) {
// success
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class VersionManagerImpl method mergeOrUpdate.
/**
* Combines merge and update method
* @param state the state to merge or update
* @param srcWorkspaceName source workspace name
* @param failedIds list that will contain the failed ids.
* if <code>null</code> and update will be performed.
* @param bestEffort best effort flag
* @param isShallow is shallow flag
* @throws RepositoryException if an error occurs
*/
private void mergeOrUpdate(NodeStateEx state, String srcWorkspaceName, List<ItemId> failedIds, boolean bestEffort, boolean isShallow) throws RepositoryException {
// if same workspace, ignore
if (!srcWorkspaceName.equals(session.getWorkspace().getName())) {
// check authorization for specified workspace
if (!session.getAccessManager().canAccess(srcWorkspaceName)) {
String msg = "not authorized to access " + srcWorkspaceName;
log.error(msg);
throw new AccessDeniedException(msg);
}
// get root node of src workspace
SessionImpl srcSession = null;
try {
// create session on other workspace for current subject
// (may throw NoSuchWorkspaceException and AccessDeniedException)
srcSession = ((RepositoryImpl) session.getRepository()).createSession(session.getSubject(), srcWorkspaceName);
WorkspaceImpl srcWsp = (WorkspaceImpl) srcSession.getWorkspace();
NodeId rootNodeId = ((NodeImpl) srcSession.getRootNode()).getNodeId();
NodeStateEx srcRoot = new NodeStateEx(srcWsp.getItemStateManager(), ntReg, rootNodeId);
merge(state, srcRoot, failedIds, bestEffort, isShallow);
} catch (ItemStateException e) {
throw new RepositoryException(e);
} finally {
if (srcSession != null) {
// we don't need the other session anymore, logout
srcSession.logout();
}
}
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class JackrabbitAccessControlManagerTest method testHasPrivilegeThrowsAccessDenied.
public void testHasPrivilegeThrowsAccessDenied() throws RepositoryException {
Session readOnly = getHelper().getReadOnlySession();
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) readOnly.getAccessControlManager();
try {
jacMgr.hasPrivileges(testRoot, principals, new Privilege[] { jacMgr.privilegeFromName(Privilege.JCR_READ) });
fail("ReadOnly session isn't allowed to determine the privileges of other principals.");
} catch (AccessDeniedException e) {
// success
} finally {
readOnly.logout();
}
}
Aggregations