Search in sources :

Example 21 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class ACLTemplateTest method testInsertionOrder.

public void testInsertionOrder() throws Exception {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ);
    Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
    Privilege[] addNodePriv = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
    String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
    Map<String, Value> restrictions = Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));
    pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions);
    pt.addEntry(testPrincipal, writePriv, false, emptyRestrictions);
    pt.addEntry(testPrincipal, addNodePriv, true, restrictions);
    AccessControlEntry[] entries = pt.getAccessControlEntries();
    assertTrue(Arrays.equals(readPriv, entries[0].getPrivileges()));
    assertTrue(Arrays.equals(writePriv, entries[1].getPrivileges()));
    assertTrue(Arrays.equals(addNodePriv, entries[2].getPrivileges()));
}
Also used : Value(javax.jcr.Value) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) SessionImpl(org.apache.jackrabbit.core.SessionImpl) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 22 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class ACLTemplateTest method testMultipleEntryEffect2.

public void testMultipleEntryEffect2() throws RepositoryException, NotExecutableException {
    Privilege repwrite = getAccessControlManager(superuser).privilegeFromName(PrivilegeRegistry.REP_WRITE);
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    pt.addAccessControlEntry(testPrincipal, new Privilege[] { repwrite });
    // add deny entry for mod_props
    Privilege modProperties = getAccessControlManager(superuser).privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES);
    assertTrue(pt.addEntry(testPrincipal, new Privilege[] { modProperties }, false, null));
    // net-effect: 2 entries with the allow entry being adjusted
    assertTrue(pt.size() == 2);
    AccessControlEntry[] entries = pt.getAccessControlEntries();
    for (AccessControlEntry entry1 : entries) {
        ACLTemplate.Entry entry = (ACLTemplate.Entry) entry1;
        PrivilegeBits privs = entry.getPrivilegeBits();
        if (entry.isAllow()) {
            Privilege[] result = privilegesFromNames(new String[] { Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_NODE_TYPE_MANAGEMENT, Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE });
            PrivilegeBits bits = privilegeMgr.getBits(result);
            assertEquals(privs, bits);
        } else {
            assertEquals(privs, privilegeMgr.getBits(modProperties));
        }
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) PrivilegeBits(org.apache.jackrabbit.core.security.authorization.PrivilegeBits) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 23 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class JackrabbitAccessControlListTest method testAddEntry2.

public void testAddEntry2() throws NotExecutableException, RepositoryException {
    Principal princ = getValidPrincipal();
    Privilege[] privs = privilegesFromName(PrivilegeRegistry.REP_WRITE);
    templ.addEntry(princ, privs, true, Collections.<String, Value>emptyMap());
    AccessControlEntry[] entries = templ.getAccessControlEntries();
    assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0);
    PrivilegeBits allows = PrivilegeBits.getInstance();
    for (AccessControlEntry en : entries) {
        PrivilegeBits bits = privilegeMgr.getBits(en.getPrivileges());
        if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
            allows.add(bits);
        }
    }
    assertTrue("After successfully granting WRITE, the entries must reflect this", allows.includes(privilegeMgr.getBits(privs)));
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal)

Example 24 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testModifyExistingPolicy.

@Test
public void testModifyExistingPolicy() throws Exception {
    ACL acl = getApplicablePolicy(testPath);
    assertTrue(acl.addAccessControlEntry(testPrincipal, testPrivileges));
    AccessControlEntry allowTest = acl.getAccessControlEntries()[0];
    acMgr.setPolicy(testPath, acl);
    root.commit();
    acl = (ACL) acMgr.getPolicies(testPath)[0];
    assertTrue(acl.addEntry(EveryonePrincipal.getInstance(), testPrivileges, false, getGlobRestriction("*/something")));
    AccessControlEntry[] aces = acl.getAccessControlEntries();
    assertEquals(2, aces.length);
    AccessControlEntry denyEveryone = aces[1];
    assertEquals(EveryonePrincipal.getInstance(), denyEveryone.getPrincipal());
    acl.orderBefore(denyEveryone, allowTest);
    acMgr.setPolicy(testPath, acl);
    root.commit();
    acl = (ACL) acMgr.getPolicies(testPath)[0];
    aces = acl.getAccessControlEntries();
    assertEquals(2, aces.length);
    assertEquals(denyEveryone, aces[0]);
    assertEquals(allowTest, aces[1]);
    Privilege[] readAc = new Privilege[] { acMgr.privilegeFromName(PrivilegeConstants.JCR_READ_ACCESS_CONTROL) };
    assertTrue(acl.addEntry(testPrincipal, readAc, false, Collections.<String, Value>emptyMap()));
    assertEquals(3, acl.size());
    AccessControlEntry denyTest = acl.getAccessControlEntries()[2];
    acl.orderBefore(denyTest, allowTest);
    acMgr.setPolicy(testPath, acl);
    acl = (ACL) acMgr.getPolicies(testPath)[0];
    aces = acl.getAccessControlEntries();
    assertEquals(3, aces.length);
    assertEquals(denyEveryone, aces[0]);
    assertEquals(denyTest, aces[1]);
    assertEquals(allowTest, aces[2]);
}
Also used : Value(javax.jcr.Value) AccessControlEntry(javax.jcr.security.AccessControlEntry) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) Privilege(javax.jcr.security.Privilege) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 25 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testSetPrincipalPolicyWithNewMvRestriction.

@Test
public void testSetPrincipalPolicyWithNewMvRestriction() throws Exception {
    setupPolicy(testPath);
    root.commit();
    JackrabbitAccessControlPolicy[] policies = acMgr.getPolicies(testPrincipal);
    ACL acl = (ACL) policies[0];
    Map<String, Value> restrictions = new HashMap();
    restrictions.put(REP_NODE_PATH, getValueFactory().createValue(testPath, PropertyType.PATH));
    Map<String, Value[]> mvRestrictions = new HashMap();
    ValueFactory vf = getValueFactory(root);
    Value[] restrValues = new Value[] { vf.createValue("itemname", PropertyType.NAME), vf.createValue("propName", PropertyType.NAME) };
    mvRestrictions.put(REP_ITEM_NAMES, restrValues);
    assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, restrictions, mvRestrictions));
    acMgr.setPolicy(acl.getPath(), acl);
    AccessControlEntry[] entries = ((ACL) acMgr.getPolicies(testPath)[0]).getAccessControlEntries();
    assertEquals(2, entries.length);
    ACE newEntry = (ACE) entries[1];
    assertEquals(1, newEntry.getRestrictions().size());
    assertArrayEquals(restrValues, newEntry.getRestrictions(REP_ITEM_NAMES));
}
Also used : ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) HashMap(java.util.HashMap) AccessControlEntry(javax.jcr.security.AccessControlEntry) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) ValueFactory(javax.jcr.ValueFactory) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) Value(javax.jcr.Value) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

AccessControlEntry (javax.jcr.security.AccessControlEntry)126 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)50 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)50 Privilege (javax.jcr.security.Privilege)47 AccessControlManager (javax.jcr.security.AccessControlManager)39 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39 AccessControlList (javax.jcr.security.AccessControlList)38 Test (org.junit.Test)29 Principal (java.security.Principal)28 NodeImpl (org.apache.jackrabbit.core.NodeImpl)13 ArrayList (java.util.ArrayList)12 Node (javax.jcr.Node)12 Value (javax.jcr.Value)10 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)9 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)9 ByteArrayInputStream (java.io.ByteArrayInputStream)8 InputStream (java.io.InputStream)8 RepositoryException (javax.jcr.RepositoryException)8 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)8 ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)8