Example 76 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class AbstractACLTemplateTest method testEffect2.
public void testEffect2() throws RepositoryException, NotExecutableException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
pt.addEntry(testPrincipal, privilegesFromName(Privilege.JCR_READ), true, Collections.<String, Value>emptyMap());
// same entry but with revers 'isAllow' flag
assertTrue(pt.addEntry(testPrincipal, privilegesFromName(Privilege.JCR_READ), false, Collections.<String, Value>emptyMap()));
// test net-effect
PrivilegeBits allows = PrivilegeBits.getInstance();
PrivilegeBits denies = PrivilegeBits.getInstance();
AccessControlEntry[] entries = pt.getAccessControlEntries();
for (AccessControlEntry ace : entries) {
if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
PrivilegeBits entryBits = privilegeMgr.getBits(ace.getPrivileges());
if (((JackrabbitAccessControlEntry) ace).isAllow()) {
allows.addDifference(entryBits, denies);
} else {
denies.addDifference(entryBits, allows);
}
}
}
assertTrue(allows.isEmpty());
assertEquals(privilegeMgr.getBits(privilegesFromName(Privilege.JCR_READ)), denies);
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
Value(javax.jcr.Value)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 77 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class AbstractVersionManagementTest method testRemoveVersion3.
public void testRemoveVersion3() throws RepositoryException, NotExecutableException {
Node trn = getTestNode();
Node n = createVersionableNode(testRootNode);
String path = getTestSession().getRootNode().getPath();
JackrabbitAccessControlList tmpl = getPolicy(acMgr, path, testUser.getPrincipal());
AccessControlEntry entry;
try {
// NOTE: don't use 'modifyPrivileges' in order not to have the
// root-policy cleared on tear-down.
tmpl.addEntry(testUser.getPrincipal(), privilegesFromName(Privilege.JCR_VERSION_MANAGEMENT), true, getRestrictions(superuser, path));
acMgr.setPolicy(tmpl.getPath(), tmpl);
superuser.save();
Node testNode = trn.getNode(nodeName1);
Version v = testNode.checkin();
testNode.checkout();
testNode.checkin();
// -> VersionHistory.removeVersion must be allowed
testNode.getVersionHistory().removeVersion(v.getName());
} finally {
// revert privilege modification (manually remove the ACE added)
AccessControlEntry[] entries = tmpl.getAccessControlEntries();
for (AccessControlEntry entry1 : entries) {
if (entry1.getPrincipal().equals(testUser.getPrincipal())) {
tmpl.removeAccessControlEntry(entry1);
}
}
acMgr.setPolicy(tmpl.getPath(), tmpl);
superuser.save();
}
}
Also used :
Version(javax.jcr.version.Version)
Node(javax.jcr.Node)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 78 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class ServerAccessControlList method removeAccessControlEntry.
public void removeAccessControlEntry(RemoteAccessControlEntry ace) throws RepositoryException {
if (ace instanceof ServerAccessControlEntry) {
AccessControlEntry lace = ((ServerAccessControlEntry) ace).getAccessControlEntry();
((AccessControlList) getAccessControlPolicy()).removeAccessControlEntry(lace);
} else {
throw new RepositoryException("Unsupported RemoteAccessControlEntry type " + ace.getClass());
}
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
RemoteAccessControlList(org.apache.jackrabbit.rmi.remote.security.RemoteAccessControlList)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
RemoteAccessControlEntry(org.apache.jackrabbit.rmi.remote.security.RemoteAccessControlEntry)
RepositoryException(javax.jcr.RepositoryException)
Example 79 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class JsonDiffHandlerImportTest method testAllPolicyNode.
/**
* Test adding 'rep:policy' policy node as a child node of /testroot without
* intermediate node.
*/
public void testAllPolicyNode() throws Exception {
try {
testRootNode.addMixin("rep:AccessControllable");
JsonDiffHandler handler = new JsonDiffHandler(superuser, testRoot, null);
new DiffParser(handler).parse(JSOP_POLICY_TREE);
assertTrue(testRootNode.hasNode("rep:policy"));
assertTrue(testRootNode.getNode("rep:policy").getDefinition().isProtected());
assertTrue(testRootNode.getNode("rep:policy").getPrimaryNodeType().getName().equals("rep:ACL"));
assertPolicy(acMgr, testRootNode, 1);
AccessControlEntry entry = ((AccessControlList) acMgr.getPolicies(testRoot)[0]).getAccessControlEntries()[0];
assertEquals(EveryonePrincipal.NAME, entry.getPrincipal().getName());
assertEquals(1, entry.getPrivileges().length);
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
} finally {
superuser.refresh(false);
}
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Example 80 with AccessControlEntry
use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class ACLTemplate method addEntry.
/**
* Known restrictions are:
* <pre>
* rep:nodePath (mandatory) value-type: PATH
* rep:glob (optional) value-type: STRING
* </pre>
*
* @see org.apache.jackrabbit.api.security.JackrabbitAccessControlList#addEntry(Principal, Privilege[], boolean, Map)
*/
public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws AccessControlException, RepositoryException {
if (restrictions == null || restrictions.isEmpty()) {
log.debug("Restrictions missing. Using default: rep:nodePath = " + getPath() + "; rep:glob = null.");
// default restrictions:
restrictions = Collections.singletonMap(jcrNodePathName, valueFactory.createValue(getPath(), PropertyType.PATH));
}
AccessControlEntry entry = createEntry(principal, privileges, isAllow, restrictions);
if (entries.contains(entry)) {
log.debug("Entry is already contained in policy -> no modification.");
return false;
} else {
// TODO: to be improved. clean redundant entries
entries.add(0, entry);
return true;
}
}
Also used :
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Aggregations
AccessControlEntry (javax.jcr.security.AccessControlEntry)126
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)50
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)50
Privilege (javax.jcr.security.Privilege)47
AccessControlManager (javax.jcr.security.AccessControlManager)39
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39
AccessControlList (javax.jcr.security.AccessControlList)38
Test (org.junit.Test)29
Principal (java.security.Principal)28
NodeImpl (org.apache.jackrabbit.core.NodeImpl)13
ArrayList (java.util.ArrayList)12
Node (javax.jcr.Node)12
Value (javax.jcr.Value)10
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)9
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)9
ByteArrayInputStream (java.io.ByteArrayInputStream)8
InputStream (java.io.InputStream)8
RepositoryException (javax.jcr.RepositoryException)8
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)8
ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)8
