Search in sources :

Example 41 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class VersionManagerImpl method mergeOrUpdate.

/**
     * Combines merge and update method
     * @param state the state to merge or update
     * @param srcWorkspaceName source workspace name
     * @param failedIds list that will contain the failed ids.
     *        if <code>null</code> and update will be performed.
     * @param bestEffort best effort flag
     * @param isShallow is shallow flag
     * @throws RepositoryException if an error occurs
     */
private void mergeOrUpdate(NodeStateEx state, String srcWorkspaceName, List<ItemId> failedIds, boolean bestEffort, boolean isShallow) throws RepositoryException {
    // if same workspace, ignore
    if (!srcWorkspaceName.equals(session.getWorkspace().getName())) {
        // check authorization for specified workspace
        if (!session.getAccessManager().canAccess(srcWorkspaceName)) {
            String msg = "not authorized to access " + srcWorkspaceName;
            log.error(msg);
            throw new AccessDeniedException(msg);
        }
        // get root node of src workspace
        SessionImpl srcSession = null;
        try {
            // create session on other workspace for current subject
            // (may throw NoSuchWorkspaceException and AccessDeniedException)
            srcSession = ((RepositoryImpl) session.getRepository()).createSession(session.getSubject(), srcWorkspaceName);
            WorkspaceImpl srcWsp = (WorkspaceImpl) srcSession.getWorkspace();
            NodeId rootNodeId = ((NodeImpl) srcSession.getRootNode()).getNodeId();
            NodeStateEx srcRoot = new NodeStateEx(srcWsp.getItemStateManager(), ntReg, rootNodeId);
            merge(state, srcRoot, failedIds, bestEffort, isShallow);
        } catch (ItemStateException e) {
            throw new RepositoryException(e);
        } finally {
            if (srcSession != null) {
                // we don't need the other session anymore, logout
                srcSession.logout();
            }
        }
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) NodeId(org.apache.jackrabbit.core.id.NodeId) RepositoryException(javax.jcr.RepositoryException) NodeStateEx(org.apache.jackrabbit.core.version.NodeStateEx) InvalidItemStateException(javax.jcr.InvalidItemStateException) ItemStateException(org.apache.jackrabbit.core.state.ItemStateException)

Example 42 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class JackrabbitAccessControlManagerTest method testHasPrivilegeThrowsAccessDenied.

public void testHasPrivilegeThrowsAccessDenied() throws RepositoryException {
    Session readOnly = getHelper().getReadOnlySession();
    JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) readOnly.getAccessControlManager();
    try {
        jacMgr.hasPrivileges(testRoot, principals, new Privilege[] { jacMgr.privilegeFromName(Privilege.JCR_READ) });
        fail("ReadOnly session isn't allowed to determine the privileges of other principals.");
    } catch (AccessDeniedException e) {
    // success
    } finally {
        readOnly.logout();
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Session(javax.jcr.Session)

Example 43 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class JackrabbitAccessControlManagerTest method testGetPrivilegesThrowsAccessDenied.

public void testGetPrivilegesThrowsAccessDenied() throws RepositoryException {
    Session readOnly = getHelper().getReadOnlySession();
    JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) readOnly.getAccessControlManager();
    try {
        jacMgr.getPrivileges(testRoot, principals);
        fail("ReadOnly session isn't allowed to determine the privileges of other principals.");
    } catch (AccessDeniedException e) {
    // success
    } finally {
        readOnly.logout();
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Session(javax.jcr.Session)

Example 44 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit by apache.

the class UtilsGetPathTest method testGetOrCreateByPathNoRoot.

@Test
public void testGetOrCreateByPathNoRoot() throws RepositoryException {
    String base = testRoot + "/foo";
    Node inter = JcrUtils.getOrCreateByPath(base, "nt:unstructured", superuser);
    assertEquals(base, inter.getPath());
    superuser.save();
    // test what happens if getRootNode() throws
    Session mockedSession = Mockito.spy(superuser);
    Mockito.when(mockedSession.getRootNode()).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.getNode("/")).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.getItem("/")).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.nodeExists("/")).thenReturn(false);
    Node result = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
    mockedSession.save();
    assertEquals(base + "/bar", result.getPath());
    // already exists -> nop
    Node result2 = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
    mockedSession.save();
    assertEquals(base + "/bar", result2.getPath());
    // create unique
    Node result3 = JcrUtils.getOrCreateByPath(base + "/bar", true, null, null, mockedSession, false);
    mockedSession.save();
    assertEquals(base + "/bar0", result3.getPath());
    // already exists with createUnique == false should pass even when parent isn't readable
    Mockito.when(mockedSession.getNode(base)).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.getItem(base)).thenThrow(new AccessDeniedException("access denied"));
    Mockito.when(mockedSession.nodeExists(base)).thenReturn(false);
    Node result4 = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
    mockedSession.save();
    assertEquals(base + "/bar", result4.getPath());
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Node(javax.jcr.Node) Session(javax.jcr.Session) AbstractJCRTest(org.apache.jackrabbit.test.AbstractJCRTest) Test(org.junit.Test)

Example 45 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class PrivilegeRegistrationTest method testRegisterPrivilegeWithReadOnly.

@Test
public void testRegisterPrivilegeWithReadOnly() throws RepositoryException {
    Session readOnly = getReadOnlySession();
    try {
        getPrivilegeManager(readOnly).registerPrivilege("test", true, new String[0]);
        fail("Only admin is allowed to register privileges.");
    } catch (AccessDeniedException e) {
    // success
    } finally {
        readOnly.logout();
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) Session(javax.jcr.Session) Test(org.junit.Test)

Aggregations

AccessDeniedException (javax.jcr.AccessDeniedException)189 Node (javax.jcr.Node)80 Test (org.junit.Test)68 Session (javax.jcr.Session)33 RepositoryException (javax.jcr.RepositoryException)23 Privilege (javax.jcr.security.Privilege)22 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 Workspace (javax.jcr.Workspace)18 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15 ItemNotFoundException (javax.jcr.ItemNotFoundException)13 PathNotFoundException (javax.jcr.PathNotFoundException)13 Path (org.apache.jackrabbit.spi.Path)13 Principal (java.security.Principal)11 User (org.apache.jackrabbit.api.security.user.User)11 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)10 AccessControlManager (javax.jcr.security.AccessControlManager)9 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 Property (javax.jcr.Property)8 JackrabbitWorkspace (org.apache.jackrabbit.api.JackrabbitWorkspace)8 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7