use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class VersionManagerImpl method mergeOrUpdate.
/**
* Combines merge and update method
* @param state the state to merge or update
* @param srcWorkspaceName source workspace name
* @param failedIds list that will contain the failed ids.
* if <code>null</code> and update will be performed.
* @param bestEffort best effort flag
* @param isShallow is shallow flag
* @throws RepositoryException if an error occurs
*/
private void mergeOrUpdate(NodeStateEx state, String srcWorkspaceName, List<ItemId> failedIds, boolean bestEffort, boolean isShallow) throws RepositoryException {
// if same workspace, ignore
if (!srcWorkspaceName.equals(session.getWorkspace().getName())) {
// check authorization for specified workspace
if (!session.getAccessManager().canAccess(srcWorkspaceName)) {
String msg = "not authorized to access " + srcWorkspaceName;
log.error(msg);
throw new AccessDeniedException(msg);
}
// get root node of src workspace
SessionImpl srcSession = null;
try {
// create session on other workspace for current subject
// (may throw NoSuchWorkspaceException and AccessDeniedException)
srcSession = ((RepositoryImpl) session.getRepository()).createSession(session.getSubject(), srcWorkspaceName);
WorkspaceImpl srcWsp = (WorkspaceImpl) srcSession.getWorkspace();
NodeId rootNodeId = ((NodeImpl) srcSession.getRootNode()).getNodeId();
NodeStateEx srcRoot = new NodeStateEx(srcWsp.getItemStateManager(), ntReg, rootNodeId);
merge(state, srcRoot, failedIds, bestEffort, isShallow);
} catch (ItemStateException e) {
throw new RepositoryException(e);
} finally {
if (srcSession != null) {
// we don't need the other session anymore, logout
srcSession.logout();
}
}
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class JackrabbitAccessControlManagerTest method testHasPrivilegeThrowsAccessDenied.
public void testHasPrivilegeThrowsAccessDenied() throws RepositoryException {
Session readOnly = getHelper().getReadOnlySession();
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) readOnly.getAccessControlManager();
try {
jacMgr.hasPrivileges(testRoot, principals, new Privilege[] { jacMgr.privilegeFromName(Privilege.JCR_READ) });
fail("ReadOnly session isn't allowed to determine the privileges of other principals.");
} catch (AccessDeniedException e) {
// success
} finally {
readOnly.logout();
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class JackrabbitAccessControlManagerTest method testGetPrivilegesThrowsAccessDenied.
public void testGetPrivilegesThrowsAccessDenied() throws RepositoryException {
Session readOnly = getHelper().getReadOnlySession();
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) readOnly.getAccessControlManager();
try {
jacMgr.getPrivileges(testRoot, principals);
fail("ReadOnly session isn't allowed to determine the privileges of other principals.");
} catch (AccessDeniedException e) {
// success
} finally {
readOnly.logout();
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit by apache.
the class UtilsGetPathTest method testGetOrCreateByPathNoRoot.
@Test
public void testGetOrCreateByPathNoRoot() throws RepositoryException {
String base = testRoot + "/foo";
Node inter = JcrUtils.getOrCreateByPath(base, "nt:unstructured", superuser);
assertEquals(base, inter.getPath());
superuser.save();
// test what happens if getRootNode() throws
Session mockedSession = Mockito.spy(superuser);
Mockito.when(mockedSession.getRootNode()).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.getNode("/")).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.getItem("/")).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.nodeExists("/")).thenReturn(false);
Node result = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
mockedSession.save();
assertEquals(base + "/bar", result.getPath());
// already exists -> nop
Node result2 = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
mockedSession.save();
assertEquals(base + "/bar", result2.getPath());
// create unique
Node result3 = JcrUtils.getOrCreateByPath(base + "/bar", true, null, null, mockedSession, false);
mockedSession.save();
assertEquals(base + "/bar0", result3.getPath());
// already exists with createUnique == false should pass even when parent isn't readable
Mockito.when(mockedSession.getNode(base)).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.getItem(base)).thenThrow(new AccessDeniedException("access denied"));
Mockito.when(mockedSession.nodeExists(base)).thenReturn(false);
Node result4 = JcrUtils.getOrCreateByPath(base + "/bar", false, null, null, mockedSession, false);
mockedSession.save();
assertEquals(base + "/bar", result4.getPath());
}
use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class PrivilegeRegistrationTest method testRegisterPrivilegeWithReadOnly.
@Test
public void testRegisterPrivilegeWithReadOnly() throws RepositoryException {
Session readOnly = getReadOnlySession();
try {
getPrivilegeManager(readOnly).registerPrivilege("test", true, new String[0]);
fail("Only admin is allowed to register privileges.");
} catch (AccessDeniedException e) {
// success
} finally {
readOnly.logout();
}
}
Aggregations