use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class JackrabbitAccessControlManagerTest method testGetPrivilegesThrowsAccessDenied.
public void testGetPrivilegesThrowsAccessDenied() throws RepositoryException {
Session readOnly = getHelper().getReadOnlySession();
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) readOnly.getAccessControlManager();
try {
jacMgr.getPrivileges(testRoot, principals);
fail("ReadOnly session isn't allowed to determine the privileges of other principals.");
} catch (AccessDeniedException e) {
// success
} finally {
readOnly.logout();
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class UtilsGetPathTest method testGetOrCreateByPathNoRoot.
@Test
public void testGetOrCreateByPathNoRoot() throws RepositoryException {
String base = testRoot + "/foo";
Node inter = JcrUtils.getOrCreateByPath(base, "nt:unstructured", superuser);
assertEquals(base, inter.getPath());
superuser.save();
// test what happens if getRootNode() throws
Session mockedSession = Mockito.spy(superuser);
Mockito.when(mockedSession.getRootNode()).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.getNode("/")).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.getItem("/")).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.nodeExists("/")).thenReturn(false);
Node result = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
mockedSession.save();
assertEquals(base + "/bar", result.getPath());
// already exists -> nop
Node result2 = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
mockedSession.save();
assertEquals(base + "/bar", result2.getPath());
// create unique
Node result3 = JcrUtils.getOrCreateByPath(base + "/bar", true, null, null, mockedSession, false);
mockedSession.save();
assertEquals(base + "/bar0", result3.getPath());
// already exists with createUnique == false should pass even when parent isn't readable
Mockito.when(mockedSession.getNode(base)).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.getItem(base)).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.nodeExists(base)).thenReturn(false);
Node result4 = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
mockedSession.save();
assertEquals(base + "/bar", result4.getPath());
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class AcReadWriteTest method testReadAccessControl.
public void testReadAccessControl() throws NotExecutableException, RepositoryException {
/* precondition:
testuser must have READ-only permission on test-node and below
*/
checkReadOnly(path);
/* give 'testUser' jcr:readAccessControl privileges at subtree below
path excluding the node at path itself. */
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
Map<String, Value> restrictions = new HashMap<String, Value>(getRestrictions(superuser, path));
restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue("/" + nodeName2));
JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, restrictions);
/*
testuser must not be allowed to read AC content at the target node;
however, retrieving potential AC content at 'childPath' is granted.
*/
Session testSession = getTestSession();
AccessControlManager testAcMgr = getTestACManager();
assertFalse(testAcMgr.hasPrivileges(path, privileges));
try {
testAcMgr.getPolicies(path);
fail("AccessDeniedException expected");
} catch (AccessDeniedException e) {
// success.
}
assertTrue(testAcMgr.hasPrivileges(childNPath, privileges));
assertEquals(0, testAcMgr.getPolicies(childNPath).length);
/* similarly reading the corresponding AC items at 'path' must be forbidden */
String aclNodePath = null;
Node n = superuser.getNode(path);
for (NodeIterator itr = n.getNodes(); itr.hasNext(); ) {
Node child = itr.nextNode();
if (child.isNodeType("rep:Policy")) {
aclNodePath = child.getPath();
}
}
if (aclNodePath == null) {
fail("Expected node at " + path + " to have an ACL child node.");
}
assertFalse(testSession.nodeExists(aclNodePath));
for (NodeIterator aceNodes = superuser.getNode(aclNodePath).getNodes(); aceNodes.hasNext(); ) {
Node aceNode = aceNodes.nextNode();
String aceNodePath = aceNode.getPath();
assertFalse(testSession.nodeExists(aceNodePath));
for (PropertyIterator it = aceNode.getProperties(); it.hasNext(); ) {
assertFalse(testSession.propertyExists(it.nextProperty().getPath()));
}
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.
public void testGetEffectivePoliciesByPrincipal() throws Exception {
/*
precondition:
testuser must have READ-only permission on test-node and below
*/
checkReadOnly(path);
// give 'testUser' READ_AC privileges at 'path'
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
givePrivileges(path, privileges, getRestrictions(superuser, path));
Session testSession = getTestSession();
AccessControlManager testAcMgr = getTestACManager();
// effective policies for testPrinicpal only on path -> must succeed.
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
// effective policies for a combination of principals -> must fail since
// policy for 'everyone' at root node cannot be read by testuser
Set<Principal> principals = ((SessionImpl) testSession).getSubject().getPrincipals();
try {
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(principals);
fail();
} catch (AccessDeniedException e) {
// success
}
withdrawPrivileges(childNPath, privileges, getRestrictions(superuser, childNPath));
// the denied acl at 'childNPath' -> must fail
try {
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
fail();
} catch (AccessDeniedException e) {
// success
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class SessionImpl method getNodeById.
/**
* Retrieve the <code>Node</code> with the given id.
*
* @param id
* @return node with the given <code>NodeId</code>.
* @throws ItemNotFoundException if no such node exists or if this
* <code>Session</code> does not have permission to access the node.
* @throws RepositoryException
*/
private Node getNodeById(NodeId id) throws ItemNotFoundException, RepositoryException {
// check sanity of this session
checkIsAlive();
try {
NodeEntry nodeEntry = getHierarchyManager().getNodeEntry(id);
Item item = getItemManager().getItem(nodeEntry);
if (item.isNode()) {
return (Node) item;
} else {
log.error("NodeId '" + id + " does not point to a Node");
throw new ItemNotFoundException(LogUtil.saveGetIdString(id, getPathResolver()));
}
} catch (AccessDeniedException e) {
throw new ItemNotFoundException(LogUtil.saveGetIdString(id, getPathResolver()));
}
}
Aggregations