Example 86 with AccessDeniedException
use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class SessionMoveTest method testMoveRemoveSubTreeWithRestriction.
@Test
public void testMoveRemoveSubTreeWithRestriction() throws Exception {
/* allow READ/WRITE privilege for testUser at 'path' */
allow(path, testUser.getPrincipal(), readWritePrivileges);
/* deny REMOVE_NODE privileges at subtree. */
deny(path, privilegesFromName(PrivilegeConstants.JCR_REMOVE_NODE), createGlobRestriction("*/" + nodeName3));
assertTrue(testSession.nodeExists(childNPath));
assertTrue(testSession.hasPermission(childNPath, Session.ACTION_REMOVE));
assertTrue(testSession.hasPermission(childNPath2, Session.ACTION_ADD_NODE));
testSession.move(childNPath, childNPath2 + "/dest");
Node dest = testSession.getNode(childNPath2 + "/dest");
dest.getNode(nodeName3).remove();
try {
testSession.save();
fail("Removing child node must be denied.");
} catch (AccessDeniedException e) {
// success
}
}
Also used :
AccessDeniedException(javax.jcr.AccessDeniedException)
Node(javax.jcr.Node)
Test(org.junit.Test)
Example 87 with AccessDeniedException
use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class SessionMoveTest method testMoveAndAddReplacementAtSource2.
@Test
public void testMoveAndAddReplacementAtSource2() throws Exception {
allow(siblingPath, privilegesFromNames(new String[] { PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT }));
testSession.move(nodePath3, siblingDestPath);
Node sourceParent = testSession.getNode(childNPath);
Node replacement = sourceParent.addNode(Text.getName(nodePath3));
replacement.setProperty("movedProp", "val");
try {
testSession.save();
fail("Missing REMOVE_NODE permission for move source.");
} catch (AccessDeniedException e) {
// success
}
}
Also used :
AccessDeniedException(javax.jcr.AccessDeniedException)
Node(javax.jcr.Node)
Test(org.junit.Test)
Example 88 with AccessDeniedException
use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class SessionMoveTest method testMoveAndRemoveProperty.
@Test
public void testMoveAndRemoveProperty() throws Exception {
setupMovePermissions();
testSession.move(nodePath3, siblingDestPath);
Node destNode = testSession.getNode(siblingDestPath);
destNode.getProperty("movedProp").remove();
try {
testSession.save();
fail("Missing REMOVE_PROPERTY permission.");
} catch (AccessDeniedException e) {
// success
}
}
Also used :
AccessDeniedException(javax.jcr.AccessDeniedException)
Node(javax.jcr.Node)
Test(org.junit.Test)
Example 89 with AccessDeniedException
use of javax.jcr.AccessDeniedException in project sling by apache.
the class GeneralAclTest method readOnlyThenWriteThenDeny.
@Test
public void readOnlyThenWriteThenDeny() throws Exception {
final Node tmp = U.adminSession.getRootNode().addNode("tmp_" + U.id);
U.adminSession.save();
final String path = tmp.getPath();
try {
s.getNode(path);
fail("Expected read access to be initially denied:" + path);
} catch (PathNotFoundException ignore) {
}
final String allowRead = "set ACL for " + U.username + "\n" + "allow jcr:read on " + path + "\n" + "end";
U.parseAndExecute(allowRead);
final Node n = s.getNode(path);
try {
n.setProperty("U.id", U.id);
s.save();
fail("Expected write access to be initially denied:" + path);
} catch (AccessDeniedException ignore) {
}
s.refresh(false);
final String allowWrite = "set ACL for " + U.username + "\n" + "allow jcr:write on " + path + "\n" + "end";
U.parseAndExecute(allowWrite);
n.setProperty("U.id", U.id);
s.save();
final String deny = "set ACL for " + U.username + "\n" + "deny jcr:all on " + path + "\n" + "end";
U.parseAndExecute(deny);
try {
s.getNode(path);
fail("Expected access to be denied again:" + path);
} catch (PathNotFoundException ignore) {
}
}
Also used :
AccessDeniedException(javax.jcr.AccessDeniedException)
Node(javax.jcr.Node)
PathNotFoundException(javax.jcr.PathNotFoundException)
Test(org.junit.Test)
Example 90 with AccessDeniedException
use of javax.jcr.AccessDeniedException in project sling by apache.
the class U method canWrite.
/** True if user can write to specified path.
* @throws PathNotFoundException if the path doesn't exist */
public static boolean canWrite(Session session, String userId, String path) throws PathNotFoundException, RepositoryException {
if (!session.itemExists(path)) {
throw new PathNotFoundException(path);
}
final Session serviceSession = getServiceSession(session, userId);
final String testNodeName = "test_" + UUID.randomUUID().toString();
try {
((Node) serviceSession.getItem(path)).addNode(testNodeName);
serviceSession.save();
} catch (AccessDeniedException ade) {
return false;
} finally {
serviceSession.logout();
}
return true;
}
Also used :
AccessDeniedException(javax.jcr.AccessDeniedException)
Node(javax.jcr.Node)
PathNotFoundException(javax.jcr.PathNotFoundException)
Session(javax.jcr.Session)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Aggregations
AccessDeniedException (javax.jcr.AccessDeniedException)189
Node (javax.jcr.Node)80
Test (org.junit.Test)68
Session (javax.jcr.Session)33
RepositoryException (javax.jcr.RepositoryException)23
Privilege (javax.jcr.security.Privilege)22
UserManager (org.apache.jackrabbit.api.security.user.UserManager)19
Workspace (javax.jcr.Workspace)18
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15
ItemNotFoundException (javax.jcr.ItemNotFoundException)13
PathNotFoundException (javax.jcr.PathNotFoundException)13
Path (org.apache.jackrabbit.spi.Path)13
Principal (java.security.Principal)11
User (org.apache.jackrabbit.api.security.user.User)11
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)10
AccessControlManager (javax.jcr.security.AccessControlManager)9
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9
Property (javax.jcr.Property)8
JackrabbitWorkspace (org.apache.jackrabbit.api.JackrabbitWorkspace)8
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7
