Search in sources :

Example 71 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class WritePropertyTest method testAddProperty.

@Test
public void testAddProperty() throws Exception {
    // grant 'testUser' ADD_PROPERTIES privileges at 'path'
    Privilege[] privileges = privilegesFromNames(new String[] { "rep:addProperties" });
    allow(path, privileges);
    /*
         testuser must now have
         - ADD_PROPERTIES permission
         - no other write permission
        */
    assertHasPrivilege(path, Privilege.JCR_MODIFY_PROPERTIES, false);
    assertHasPrivilege(path, "rep:addProperties", true);
    assertHasPrivilege(path, "rep:removeProperties", false);
    assertHasPrivilege(path, "rep:alterProperties", false);
    // set_property action for non-existing property is translated to "add_properties" permission
    String propertyPath = path + "/newProperty";
    assertTrue(testSession.hasPermission(propertyPath, Session.ACTION_SET_PROPERTY));
    // creating the property must succeed
    Node testN = testSession.getNode(path);
    testN.setProperty("newProperty", "value");
    testSession.save();
    // now property exists -> 'set_property' actions is no longer granted
    assertFalse(testSession.hasPermission(propertyPath, Session.ACTION_SET_PROPERTY));
    assertFalse(testSession.hasPermission(propertyPath, Session.ACTION_REMOVE));
    // modifying or removing the new property must fail
    try {
        testN.setProperty("newProperty", "modified");
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
    try {
        testN.getProperty("newProperty").setValue("modified");
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
    try {
        testN.setProperty("newProperty", (String) null);
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
        // success
        testSession.refresh(false);
    }
    try {
        testN.getProperty("newProperty").remove();
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
        // success
        testSession.refresh(false);
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) Test(org.junit.Test)

Example 72 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class WritePropertyTest method testModifyProperty.

@Test
public void testModifyProperty() throws Exception {
    // grant 'testUser' ALTER_PROPERTIES privileges at 'path'
    Privilege[] privileges = privilegesFromNames(new String[] { "rep:alterProperties" });
    allow(path, privileges);
    /*
         testuser must now have
         - MODIFY_PROPERTY_PROPERTIES permission
         - no other write permission
        */
    assertHasPrivilege(path, Privilege.JCR_MODIFY_PROPERTIES, false);
    assertHasPrivilege(path, "rep:addProperties", false);
    assertHasPrivilege(path, "rep:removeProperties", false);
    assertHasPrivilege(path, "rep:alterProperties", true);
    // set_property action for non-existing property is translated to
    // "add_properties" permission
    String propertyPath = path + "/newProperty";
    assertFalse(testSession.hasPermission(propertyPath, Session.ACTION_SET_PROPERTY));
    // creating a new property must fail
    Node testN = testSession.getNode(path);
    try {
        testN.setProperty("newProperty", "value");
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
        // success
        testSession.refresh(false);
    }
    superuser.getNode(path).setProperty("newProperty", "value");
    superuser.save();
    testSession.refresh(false);
    // property exists -> 'set_property' actions is granted, 'remove' is denied
    assertTrue(testSession.hasPermission(propertyPath, Session.ACTION_SET_PROPERTY));
    assertFalse(testSession.hasPermission(propertyPath, Session.ACTION_REMOVE));
    // modifying the new property must succeed
    testN.setProperty("newProperty", "modified");
    testSession.save();
    testN.getProperty("newProperty").setValue("modified2");
    testSession.save();
    // removing the property must fail
    try {
        testN.setProperty("newProperty", (String) null);
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
        // success
        testSession.refresh(false);
    }
    try {
        testN.getProperty("newProperty").remove();
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
        // success
        testSession.refresh(false);
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) Test(org.junit.Test)

Example 73 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class VersionManagementTest method testCheckInCheckout.

@Test
public void testCheckInCheckout() throws Exception {
    modify(path, REP_WRITE, true);
    modify(path, Privilege.JCR_VERSION_MANAGEMENT, false);
    Node n = createVersionableNode(superuser.getNode(path));
    try {
        testSession.refresh(false);
        Node testNode = testSession.getNode(n.getPath());
        testNode.checkin();
        fail("Missing jcr:versionManagement privilege -> checkin/checkout must fail.");
    } catch (AccessDeniedException e) {
        // success
        // ... but the property must not be modified nor indicating
        // checkedIn status
        Property p = n.getProperty("jcr:isCheckedOut");
        assertFalse(p.isModified());
        assertTrue(n.getProperty("jcr:isCheckedOut").getValue().getBoolean());
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Node(javax.jcr.Node) Property(javax.jcr.Property) Test(org.junit.Test)

Example 74 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class UserManagementTest method testDisableUserWithoutPermission2.

@Test
public void testDisableUserWithoutPermission2() throws Exception {
    createUser(userId);
    modify("/", PrivilegeConstants.REP_WRITE, true);
    UserManager testUserMgr = getUserManager(testSession);
    User user = (User) testUserMgr.getAuthorizable(userId);
    try {
        user.disable("disabled!");
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Test(org.junit.Test)

Example 75 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class UserManagementTest method testChangeUserPropertiesWithoutPermission.

@Test
public void testChangeUserPropertiesWithoutPermission() throws Exception {
    createUser(userId);
    // testSession has read-only access
    UserManager testUserMgr = getUserManager(testSession);
    try {
        Authorizable a = testUserMgr.getAuthorizable(userId);
        a.setProperty("someProp", testSession.getValueFactory().createValue("value"));
        testSession.save();
        fail("Test session doesn't have sufficient permission to alter user properties.");
    } catch (AccessDeniedException e) {
    // success
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Test(org.junit.Test)

Aggregations

AccessDeniedException (javax.jcr.AccessDeniedException)189 Node (javax.jcr.Node)80 Test (org.junit.Test)68 Session (javax.jcr.Session)33 RepositoryException (javax.jcr.RepositoryException)23 Privilege (javax.jcr.security.Privilege)22 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 Workspace (javax.jcr.Workspace)18 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15 ItemNotFoundException (javax.jcr.ItemNotFoundException)13 PathNotFoundException (javax.jcr.PathNotFoundException)13 Path (org.apache.jackrabbit.spi.Path)13 Principal (java.security.Principal)11 User (org.apache.jackrabbit.api.security.user.User)11 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)10 AccessControlManager (javax.jcr.security.AccessControlManager)9 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 Property (javax.jcr.Property)8 JackrabbitWorkspace (org.apache.jackrabbit.api.JackrabbitWorkspace)8 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7