Examples with AccessDeniedException javax.jcr.AccessDeniedException used on opensource projects

Example 91 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class ACLProvider method collectAcls.

//------------------------------------------------------------< private >---
/**
     * Recursively collects all ACLs that are effective on the specified node.
     *
     * @param node the Node to collect the ACLs for, which must NOT be part of the
     * structure defined by mix:AccessControllable.
     * @param permissions
     * @param acls List used to collect the effective acls.
     * @throws RepositoryException if an error occurs
     */
private void collectAcls(NodeImpl node, CompiledPermissions permissions, List<AccessControlList> acls) throws RepositoryException {
    // it to the list
    if (isAccessControlled(node)) {
        if (permissions.grants(node.getPrimaryPath(), Permission.READ_AC)) {
            acls.add(getACL(node, N_POLICY, node.getPath()));
        } else {
            throw new AccessDeniedException("Access denied at " + node.getPath());
        }
    }
    // then, recursively look for access controlled parents up the hierarchy.
    if (!rootNodeId.equals(node.getId())) {
        NodeImpl parentNode = (NodeImpl) node.getParent();
        collectAcls(parentNode, permissions, acls);
    }
}

Example 92 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class AccessManagerTest method testCheckPermissionReadOnlySession.

// TODO: add tests for new methods
// TODO: add specific tests for 'AC-read/modify' privileges
public void testCheckPermissionReadOnlySession() throws RepositoryException, NotExecutableException {
    Session s = getHelper().getReadOnlySession();
    try {
        AccessManager acMgr = getAccessManager(s);
        NodeId id = (NodeId) getItemId(s.getItem(testRootNode.getPath()));
        acMgr.checkPermission(id, AccessManager.READ);
        try {
            acMgr.checkPermission(id, AccessManager.WRITE);
            fail();
        } catch (AccessDeniedException e) {
        // success
        }
        try {
            acMgr.checkPermission(id, AccessManager.WRITE | AccessManager.REMOVE);
            fail();
        } catch (AccessDeniedException e) {
        // success
        }
    } finally {
        s.logout();
    }
}

Example 93 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class EffectivePolicyTest method testEffectivePoliciesByPath.

public void testEffectivePoliciesByPath() throws RepositoryException, NotExecutableException {
    /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    // give 'testUser' READ_AC privileges at 'path'
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    givePrivileges(path, privileges, getRestrictions(superuser, path));
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    assertFalse(testAcMgr.hasPrivileges("/", privileges));
    assertTrue(testAcMgr.hasPrivileges(path, privileges));
    // permissions to view all the effective policies.
    try {
        testAcMgr.getEffectivePolicies(path);
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
    // ... and same on childNPath.
    try {
        testAcMgr.getEffectivePolicies(childNPath);
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}

Example 94 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class VersionTest method testReadVersionInfo.

public void testReadVersionInfo() throws RepositoryException, NotExecutableException {
    Node n = createVersionableNode(testRootNode);
    modifyPrivileges(VERSION_STORAGE_PATH, Privilege.JCR_READ, false);
    Node n2 = (Node) getTestSession().getItem(n.getPath());
    try {
        n2.getVersionHistory();
        fail();
    } catch (AccessDeniedException e) {
    // success
    } catch (ItemNotFoundException e) {
    // success as well
    }
    try {
        n2.getBaseVersion();
        fail();
    } catch (AccessDeniedException e) {
    // success
    } catch (ItemNotFoundException e) {
    // success as well
    }
}

Example 95 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class WriteTest method testAccessControlModification2.

public void testAccessControlModification2() throws RepositoryException, NotExecutableException {
    /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    // give 'testUser' READ_AC|MODIFY_AC privileges at 'path'
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL });
    JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
    /*
         testuser must
         - still have the inherited READ permission.
         - must have permission to view AC items at 'path' (and below)
         - must have permission to modify AC items at 'path'

         testuser must not have
         - permission to view AC items outside of the tree defined by path.
        */
    // make sure the 'rep:policy' node has been created.
    assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    // test: MODIFY_AC granted at 'path'
    assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
    // test if testuser can READ access control on the path and on the
    // entire subtree that gets the policy inherited.
    AccessControlPolicy[] policies = testAcMgr.getPolicies(path);
    testAcMgr.getPolicies(childNPath);
    // test: READ_AC privilege does not apply outside of the tree.
    try {
        testAcMgr.getPolicies(siblingPath);
        fail("READ_AC privilege must not apply outside of the tree it has applied to.");
    } catch (AccessDeniedException e) {
    // success
    }
    // test: MODIFY_AC privilege does not apply outside of the tree.
    try {
        testAcMgr.setPolicy(siblingPath, policies[0]);
        fail("MODIFY_AC privilege must not apply outside of the tree it has applied to.");
    } catch (AccessDeniedException e) {
    // success
    }
    // test if testuser can modify AC-items
    // 1) add an ac-entry
    ACLTemplate acl = (ACLTemplate) policies[0];
    acl.addAccessControlEntry(testUser.getPrincipal(), privilegesFromName(PrivilegeRegistry.REP_WRITE));
    testAcMgr.setPolicy(path, acl);
    testSession.save();
    assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES)));
    // 2) remove the policy
    testAcMgr.removePolicy(path, policies[0]);
    testSession.save();
    // privileges must be gone again...
    try {
        testAcMgr.getEffectivePolicies(childNPath);
        fail("READ_AC privilege has been revoked -> must throw again.");
    } catch (AccessDeniedException e) {
    // success
    }
    // ... and since the ACE is stored with the policy all right except
    // READ must be gone.
    checkReadOnly(path);
}