Search in sources :

Example 31 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.

public void testGetEffectivePoliciesByPrincipal() throws Exception {
    /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    // give 'testUser' READ_AC privileges at 'path'
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    givePrivileges(path, privileges, getRestrictions(superuser, path));
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    // effective policies for testPrinicpal only on path -> must succeed.
    ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
    // effective policies for a combination of principals -> must fail since
    // policy for 'everyone' at root node cannot be read by testuser
    Set<Principal> principals = ((SessionImpl) testSession).getSubject().getPrincipals();
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(principals);
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
    withdrawPrivileges(childNPath, privileges, getRestrictions(superuser, childNPath));
    // the denied acl at 'childNPath' -> must fail
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessDeniedException(javax.jcr.AccessDeniedException) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal) Session(javax.jcr.Session)

Example 32 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class SessionImpl method getNodeById.

/**
     * Retrieve the <code>Node</code> with the given id.
     *
     * @param id
     * @return node with the given <code>NodeId</code>.
     * @throws ItemNotFoundException if no such node exists or if this
     * <code>Session</code> does not have permission to access the node.
     * @throws RepositoryException
     */
private Node getNodeById(NodeId id) throws ItemNotFoundException, RepositoryException {
    // check sanity of this session
    checkIsAlive();
    try {
        NodeEntry nodeEntry = getHierarchyManager().getNodeEntry(id);
        Item item = getItemManager().getItem(nodeEntry);
        if (item.isNode()) {
            return (Node) item;
        } else {
            log.error("NodeId '" + id + " does not point to a Node");
            throw new ItemNotFoundException(LogUtil.saveGetIdString(id, getPathResolver()));
        }
    } catch (AccessDeniedException e) {
        throw new ItemNotFoundException(LogUtil.saveGetIdString(id, getPathResolver()));
    }
}
Also used : Item(javax.jcr.Item) AccessDeniedException(javax.jcr.AccessDeniedException) NodeEntry(org.apache.jackrabbit.jcr2spi.hierarchy.NodeEntry) Node(javax.jcr.Node) ItemNotFoundException(javax.jcr.ItemNotFoundException)

Example 33 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class SessionImpl method getNode.

/**
     * @see Session#getNode(String)
     */
@Override
public Node getNode(String absPath) throws RepositoryException {
    checkIsAlive();
    try {
        Path qPath = getQPath(absPath).getNormalizedPath();
        ItemManager itemMgr = getItemManager();
        return itemMgr.getNode(qPath);
    } catch (AccessDeniedException ade) {
        throw new PathNotFoundException(absPath);
    }
}
Also used : Path(org.apache.jackrabbit.spi.Path) AccessDeniedException(javax.jcr.AccessDeniedException) PathNotFoundException(javax.jcr.PathNotFoundException)

Example 34 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class NodeImpl method getProperty.

/**
     * @see Node#getProperty(String)
     */
public Property getProperty(String relPath) throws PathNotFoundException, RepositoryException {
    checkStatus();
    PropertyEntry entry = resolveRelativePropertyPath(relPath);
    if (entry == null) {
        throw new PathNotFoundException(relPath);
    }
    try {
        return (Property) getItemManager().getItem(entry);
    } catch (AccessDeniedException e) {
        throw new PathNotFoundException(relPath);
    } catch (ItemNotFoundException e) {
        throw new PathNotFoundException(relPath);
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) PropertyEntry(org.apache.jackrabbit.jcr2spi.hierarchy.PropertyEntry) PathNotFoundException(javax.jcr.PathNotFoundException) Property(javax.jcr.Property) AddProperty(org.apache.jackrabbit.jcr2spi.operation.AddProperty) ItemNotFoundException(javax.jcr.ItemNotFoundException)

Example 35 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class UserPrincipalProvider method cacheGroups.

private void cacheGroups(@Nonnull Tree authorizableNode, @Nonnull Set<Group> groupPrincipals) {
    try {
        root.refresh();
        Tree cache = authorizableNode.getChild(CacheConstants.REP_CACHE);
        if (!cache.exists()) {
            if (groupPrincipals.size() <= MEMBERSHIP_THRESHOLD) {
                log.debug("Omit cache creation for user without group membership at " + authorizableNode.getPath());
                return;
            } else {
                log.debug("Create new group membership cache at " + authorizableNode.getPath());
                cache = TreeUtil.addChild(authorizableNode, CacheConstants.REP_CACHE, CacheConstants.NT_REP_CACHE);
            }
        }
        cache.setProperty(CacheConstants.REP_EXPIRATION, LongUtils.calculateExpirationTime(expiration));
        String value = (groupPrincipals.isEmpty()) ? "" : Joiner.on(",").join(Iterables.transform(groupPrincipals, new Function<Group, String>() {

            @Override
            public String apply(Group input) {
                return Text.escape(input.getName());
            }
        }));
        cache.setProperty(CacheConstants.REP_GROUP_PRINCIPAL_NAMES, value);
        root.commit(CacheValidatorProvider.asCommitAttributes());
        log.debug("Cached group membership at " + authorizableNode.getPath());
    } catch (AccessDeniedException e) {
        log.debug("Failed to cache group membership", e.getMessage());
    } catch (CommitFailedException e) {
        log.debug("Failed to cache group membership", e.getMessage(), e);
    } finally {
        root.refresh();
    }
}
Also used : Group(java.security.acl.Group) AccessDeniedException(javax.jcr.AccessDeniedException) Tree(org.apache.jackrabbit.oak.api.Tree) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)

Aggregations

AccessDeniedException (javax.jcr.AccessDeniedException)189 Node (javax.jcr.Node)80 Test (org.junit.Test)68 Session (javax.jcr.Session)33 RepositoryException (javax.jcr.RepositoryException)23 Privilege (javax.jcr.security.Privilege)22 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 Workspace (javax.jcr.Workspace)18 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15 ItemNotFoundException (javax.jcr.ItemNotFoundException)13 PathNotFoundException (javax.jcr.PathNotFoundException)13 Path (org.apache.jackrabbit.spi.Path)13 Principal (java.security.Principal)11 User (org.apache.jackrabbit.api.security.user.User)11 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)10 AccessControlManager (javax.jcr.security.AccessControlManager)9 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 Property (javax.jcr.Property)8 JackrabbitWorkspace (org.apache.jackrabbit.api.JackrabbitWorkspace)8 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7