use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.
public void testGetEffectivePoliciesByPrincipal() throws Exception {
/*
precondition:
testuser must have READ-only permission on test-node and below
*/
checkReadOnly(path);
// give 'testUser' READ_AC privileges at 'path'
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
givePrivileges(path, privileges, getRestrictions(superuser, path));
Session testSession = getTestSession();
AccessControlManager testAcMgr = getTestACManager();
// effective policies for testPrinicpal only on path -> must succeed.
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
// effective policies for a combination of principals -> must fail since
// policy for 'everyone' at root node cannot be read by testuser
Set<Principal> principals = ((SessionImpl) testSession).getSubject().getPrincipals();
try {
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(principals);
fail();
} catch (AccessDeniedException e) {
// success
}
withdrawPrivileges(childNPath, privileges, getRestrictions(superuser, childNPath));
// the denied acl at 'childNPath' -> must fail
try {
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
fail();
} catch (AccessDeniedException e) {
// success
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class SessionImpl method getNodeById.
/**
* Retrieve the <code>Node</code> with the given id.
*
* @param id
* @return node with the given <code>NodeId</code>.
* @throws ItemNotFoundException if no such node exists or if this
* <code>Session</code> does not have permission to access the node.
* @throws RepositoryException
*/
private Node getNodeById(NodeId id) throws ItemNotFoundException, RepositoryException {
// check sanity of this session
checkIsAlive();
try {
NodeEntry nodeEntry = getHierarchyManager().getNodeEntry(id);
Item item = getItemManager().getItem(nodeEntry);
if (item.isNode()) {
return (Node) item;
} else {
log.error("NodeId '" + id + " does not point to a Node");
throw new ItemNotFoundException(LogUtil.saveGetIdString(id, getPathResolver()));
}
} catch (AccessDeniedException e) {
throw new ItemNotFoundException(LogUtil.saveGetIdString(id, getPathResolver()));
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class SessionImpl method getNode.
/**
* @see Session#getNode(String)
*/
@Override
public Node getNode(String absPath) throws RepositoryException {
checkIsAlive();
try {
Path qPath = getQPath(absPath).getNormalizedPath();
ItemManager itemMgr = getItemManager();
return itemMgr.getNode(qPath);
} catch (AccessDeniedException ade) {
throw new PathNotFoundException(absPath);
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class NodeImpl method getProperty.
/**
* @see Node#getProperty(String)
*/
public Property getProperty(String relPath) throws PathNotFoundException, RepositoryException {
checkStatus();
PropertyEntry entry = resolveRelativePropertyPath(relPath);
if (entry == null) {
throw new PathNotFoundException(relPath);
}
try {
return (Property) getItemManager().getItem(entry);
} catch (AccessDeniedException e) {
throw new PathNotFoundException(relPath);
} catch (ItemNotFoundException e) {
throw new PathNotFoundException(relPath);
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class UserPrincipalProvider method cacheGroups.
private void cacheGroups(@Nonnull Tree authorizableNode, @Nonnull Set<Group> groupPrincipals) {
try {
root.refresh();
Tree cache = authorizableNode.getChild(CacheConstants.REP_CACHE);
if (!cache.exists()) {
if (groupPrincipals.size() <= MEMBERSHIP_THRESHOLD) {
log.debug("Omit cache creation for user without group membership at " + authorizableNode.getPath());
return;
} else {
log.debug("Create new group membership cache at " + authorizableNode.getPath());
cache = TreeUtil.addChild(authorizableNode, CacheConstants.REP_CACHE, CacheConstants.NT_REP_CACHE);
}
}
cache.setProperty(CacheConstants.REP_EXPIRATION, LongUtils.calculateExpirationTime(expiration));
String value = (groupPrincipals.isEmpty()) ? "" : Joiner.on(",").join(Iterables.transform(groupPrincipals, new Function<Group, String>() {
@Override
public String apply(Group input) {
return Text.escape(input.getName());
}
}));
cache.setProperty(CacheConstants.REP_GROUP_PRINCIPAL_NAMES, value);
root.commit(CacheValidatorProvider.asCommitAttributes());
log.debug("Cached group membership at " + authorizableNode.getPath());
} catch (AccessDeniedException e) {
log.debug("Failed to cache group membership", e.getMessage());
} catch (CommitFailedException e) {
log.debug("Failed to cache group membership", e.getMessage(), e);
} finally {
root.refresh();
}
}
Aggregations