Search in sources :

Example 6 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class JackrabbitAccessControlManagerTest method testGetPrivilegesThrowsAccessDenied.

public void testGetPrivilegesThrowsAccessDenied() throws RepositoryException {
    Session readOnly = getHelper().getReadOnlySession();
    JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) readOnly.getAccessControlManager();
    try {
        jacMgr.getPrivileges(testRoot, principals);
        fail("ReadOnly session isn't allowed to determine the privileges of other principals.");
    } catch (AccessDeniedException e) {
    // success
    } finally {
        readOnly.logout();
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Session(javax.jcr.Session)

Example 7 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class UtilsGetPathTest method testGetOrCreateByPathNoRoot.

@Test
public void testGetOrCreateByPathNoRoot() throws RepositoryException {
    String base = testRoot + "/foo";
    Node inter = JcrUtils.getOrCreateByPath(base, "nt:unstructured", superuser);
    assertEquals(base, inter.getPath());
    superuser.save();
    // test what happens if getRootNode() throws
    Session mockedSession = Mockito.spy(superuser);
    Mockito.when(mockedSession.getRootNode()).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.getNode("/")).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.getItem("/")).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.nodeExists("/")).thenReturn(false);
    Node result = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
    mockedSession.save();
    assertEquals(base + "/bar", result.getPath());
    // already exists -> nop
    Node result2 = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
    mockedSession.save();
    assertEquals(base + "/bar", result2.getPath());
    // create unique
    Node result3 = JcrUtils.getOrCreateByPath(base + "/bar", true, null, null, mockedSession, false);
    mockedSession.save();
    assertEquals(base + "/bar0", result3.getPath());
    // already exists with createUnique == false should pass even when parent isn't readable
    Mockito.when(mockedSession.getNode(base)).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.getItem(base)).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.nodeExists(base)).thenReturn(false);
    Node result4 = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
    mockedSession.save();
    assertEquals(base + "/bar", result4.getPath());
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Node(javax.jcr.Node) Session(javax.jcr.Session) AbstractJCRTest(org.apache.jackrabbit.test.AbstractJCRTest) Test(org.junit.Test)

Example 8 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class AcReadWriteTest method testReadAccessControl.

public void testReadAccessControl() throws NotExecutableException, RepositoryException {
    /* precondition:
          testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    /* give 'testUser' jcr:readAccessControl privileges at subtree below
           path excluding the node at path itself. */
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    Map<String, Value> restrictions = new HashMap<String, Value>(getRestrictions(superuser, path));
    restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue("/" + nodeName2));
    JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, restrictions);
    /*
         testuser must not be allowed to read AC content at the target node;
         however, retrieving potential AC content at 'childPath' is granted.
        */
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    assertFalse(testAcMgr.hasPrivileges(path, privileges));
    try {
        testAcMgr.getPolicies(path);
        fail("AccessDeniedException expected");
    } catch (AccessDeniedException e) {
    // success.
    }
    assertTrue(testAcMgr.hasPrivileges(childNPath, privileges));
    assertEquals(0, testAcMgr.getPolicies(childNPath).length);
    /* similarly reading the corresponding AC items at 'path' must be forbidden */
    String aclNodePath = null;
    Node n = superuser.getNode(path);
    for (NodeIterator itr = n.getNodes(); itr.hasNext(); ) {
        Node child = itr.nextNode();
        if (child.isNodeType("rep:Policy")) {
            aclNodePath = child.getPath();
        }
    }
    if (aclNodePath == null) {
        fail("Expected node at " + path + " to have an ACL child node.");
    }
    assertFalse(testSession.nodeExists(aclNodePath));
    for (NodeIterator aceNodes = superuser.getNode(aclNodePath).getNodes(); aceNodes.hasNext(); ) {
        Node aceNode = aceNodes.nextNode();
        String aceNodePath = aceNode.getPath();
        assertFalse(testSession.nodeExists(aceNodePath));
        for (PropertyIterator it = aceNode.getProperties(); it.hasNext(); ) {
            assertFalse(testSession.propertyExists(it.nextProperty().getPath()));
        }
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) NodeIterator(javax.jcr.NodeIterator) AccessDeniedException(javax.jcr.AccessDeniedException) HashMap(java.util.HashMap) Node(javax.jcr.Node) PropertyIterator(javax.jcr.PropertyIterator) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Value(javax.jcr.Value) Privilege(javax.jcr.security.Privilege) Session(javax.jcr.Session)

Example 9 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.

public void testGetEffectivePoliciesByPrincipal() throws Exception {
    /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    // give 'testUser' READ_AC privileges at 'path'
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    givePrivileges(path, privileges, getRestrictions(superuser, path));
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    // effective policies for testPrinicpal only on path -> must succeed.
    ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
    // effective policies for a combination of principals -> must fail since
    // policy for 'everyone' at root node cannot be read by testuser
    Set<Principal> principals = ((SessionImpl) testSession).getSubject().getPrincipals();
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(principals);
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
    withdrawPrivileges(childNPath, privileges, getRestrictions(superuser, childNPath));
    // the denied acl at 'childNPath' -> must fail
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessDeniedException(javax.jcr.AccessDeniedException) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal) Session(javax.jcr.Session)

Example 10 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class SessionImpl method getNodeById.

/**
     * Retrieve the <code>Node</code> with the given id.
     *
     * @param id
     * @return node with the given <code>NodeId</code>.
     * @throws ItemNotFoundException if no such node exists or if this
     * <code>Session</code> does not have permission to access the node.
     * @throws RepositoryException
     */
private Node getNodeById(NodeId id) throws ItemNotFoundException, RepositoryException {
    // check sanity of this session
    checkIsAlive();
    try {
        NodeEntry nodeEntry = getHierarchyManager().getNodeEntry(id);
        Item item = getItemManager().getItem(nodeEntry);
        if (item.isNode()) {
            return (Node) item;
        } else {
            log.error("NodeId '" + id + " does not point to a Node");
            throw new ItemNotFoundException(LogUtil.saveGetIdString(id, getPathResolver()));
        }
    } catch (AccessDeniedException e) {
        throw new ItemNotFoundException(LogUtil.saveGetIdString(id, getPathResolver()));
    }
}
Also used : Item(javax.jcr.Item) AccessDeniedException(javax.jcr.AccessDeniedException) NodeEntry(org.apache.jackrabbit.jcr2spi.hierarchy.NodeEntry) Node(javax.jcr.Node) ItemNotFoundException(javax.jcr.ItemNotFoundException)

Aggregations

AccessDeniedException (javax.jcr.AccessDeniedException)189 Node (javax.jcr.Node)80 Test (org.junit.Test)68 Session (javax.jcr.Session)33 RepositoryException (javax.jcr.RepositoryException)23 Privilege (javax.jcr.security.Privilege)22 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 Workspace (javax.jcr.Workspace)18 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15 ItemNotFoundException (javax.jcr.ItemNotFoundException)13 PathNotFoundException (javax.jcr.PathNotFoundException)13 Path (org.apache.jackrabbit.spi.Path)13 Principal (java.security.Principal)11 User (org.apache.jackrabbit.api.security.user.User)11 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)10 AccessControlManager (javax.jcr.security.AccessControlManager)9 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 Property (javax.jcr.Property)8 JackrabbitWorkspace (org.apache.jackrabbit.api.JackrabbitWorkspace)8 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7