Example 1 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class WriteTest method testReorderGroupPermissions.
public void testReorderGroupPermissions() throws NotExecutableException, RepositoryException {
Group testGroup = getTestGroup();
/* create a second group the test user is member of */
Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
UserManager umgr = getUserManager(superuser);
Group group2 = umgr.createGroup(principal);
try {
group2.addMember(testUser);
if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
superuser.save();
}
/* add privileges for the Group the test-user is member of */
Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
withdrawPrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
givePrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
/*
testuser must get the permissions/privileges inherited from
the group it is member of.
granting permissions for group2 must be effective
*/
String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
AccessControlManager testAcMgr = getTestACManager();
assertTrue(getTestSession().hasPermission(path, actions));
Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
assertTrue(testAcMgr.hasPrivileges(path, privs));
// reorder the ACEs
AccessControlEntry srcEntry = null;
AccessControlEntry destEntry = null;
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
for (AccessControlEntry entry : acl.getAccessControlEntries()) {
Principal princ = entry.getPrincipal();
if (testGroup.getPrincipal().equals(princ)) {
destEntry = entry;
} else if (group2.getPrincipal().equals(princ)) {
srcEntry = entry;
}
}
acl.orderBefore(srcEntry, destEntry);
acMgr.setPolicy(path, acl);
superuser.save();
/* after reordering the permissions must be denied */
assertFalse(getTestSession().hasPermission(path, actions));
assertFalse(testAcMgr.hasPrivileges(path, privs));
} finally {
group2.remove();
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Group(org.apache.jackrabbit.api.security.user.Group)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
Example 2 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.
the class ClusterPermissionsTest method testAclPropagation.
@Test
public void testAclPropagation() throws Exception {
Tree node = root1.getTree("/").addChild("testNode");
node.setProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED, Type.NAME);
User user1 = userManager1.createUser("testUser", "testUser");
JackrabbitAccessControlList acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
acl1.addEntry(user1.getPrincipal(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:all"), true);
aclMgr1.setPolicy("/testNode", acl1);
root1.commit();
syncClusterNodes();
root2.refresh();
JackrabbitAccessControlList acl2 = AccessControlUtils.getAccessControlList(aclMgr2, "/testNode");
AccessControlEntry[] aces = acl2.getAccessControlEntries();
assertEquals(1, aces.length);
}
Also used :
User(org.apache.jackrabbit.api.security.user.User)
Tree(org.apache.jackrabbit.oak.api.Tree)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Test(org.junit.Test)
Example 3 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.
the class VersionStorageTest method after.
@Override
public void after() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
if (testPrincipal.equals(ace.getPrincipal())) {
acl.removeAccessControlEntry(ace);
}
}
acMgr.setPolicy("/", acl);
root.commit();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 4 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.
the class PermissionHookTest method testReorderAddAndRemoveAces2.
/**
* ACE : 0 1 2 3 4 5 6 7
* Before : tp ev p0 p1 p2 p3
* After : ev p2 p1 p3 p4 p5
*/
@Test
public void testReorderAddAndRemoveAces2() throws Exception {
createPrincipals();
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
for (int i = 0; i < 4; i++) {
acl.addAccessControlEntry(principals.get(i), privilegesFromNames(JCR_READ));
}
acMgr.setPolicy(testPath, acl);
root.commit();
AccessControlEntry[] aces = acl.getAccessControlEntries();
acl.removeAccessControlEntry(aces[0]);
acl.removeAccessControlEntry(aces[2]);
acl.orderBefore(aces[4], aces[3]);
acl.addAccessControlEntry(principals.get(4), privilegesFromNames(JCR_READ));
acl.addAccessControlEntry(principals.get(5), privilegesFromNames(JCR_READ));
acMgr.setPolicy(testPath, acl);
root.commit();
Tree entry = getEntry(principals.get(2), testPath, 1);
assertIndex(1, entry);
entry = getEntry(principals.get(1), testPath, 2);
assertIndex(2, entry);
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Tree(org.apache.jackrabbit.oak.api.Tree)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 5 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class AbstractEntryTest method testEquals.
public void testEquals() throws RepositoryException, NotExecutableException {
Map<AccessControlEntry, AccessControlEntry> equalAces = new HashMap<AccessControlEntry, AccessControlEntry>();
JackrabbitAccessControlEntry ace = createEntry(new String[] { Privilege.JCR_ALL }, true);
// create same entry again
equalAces.put(ace, createEntry(new String[] { Privilege.JCR_ALL }, true));
// create entry with declared aggregate privileges
Privilege[] declaredAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getDeclaredAggregatePrivileges();
equalAces.put(ace, createEntry(testPrincipal, declaredAllPrivs, true));
// create entry with aggregate privileges
Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getAggregatePrivileges();
equalAces.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true));
// create entry with different privilege order
List<Privilege> reordered = new ArrayList<Privilege>(Arrays.asList(aggregateAllPrivs));
reordered.add(reordered.remove(0));
equalAces.put(createEntry(testPrincipal, reordered.toArray(new Privilege[reordered.size()]), true), createEntry(testPrincipal, aggregateAllPrivs, true));
// even if entries are build with aggregated or declared aggregate privileges
equalAces.put(createEntry(testPrincipal, declaredAllPrivs, true), createEntry(testPrincipal, aggregateAllPrivs, true));
for (AccessControlEntry entry : equalAces.keySet()) {
assertEquals(entry, equalAces.get(entry));
}
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
Aggregations
AccessControlEntry (javax.jcr.security.AccessControlEntry)126
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)50
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)50
Privilege (javax.jcr.security.Privilege)47
AccessControlManager (javax.jcr.security.AccessControlManager)39
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39
AccessControlList (javax.jcr.security.AccessControlList)38
Test (org.junit.Test)29
Principal (java.security.Principal)28
NodeImpl (org.apache.jackrabbit.core.NodeImpl)13
ArrayList (java.util.ArrayList)12
Node (javax.jcr.Node)12
Value (javax.jcr.Value)10
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)9
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)9
ByteArrayInputStream (java.io.ByteArrayInputStream)8
InputStream (java.io.InputStream)8
RepositoryException (javax.jcr.RepositoryException)8
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)8
ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)8
