Examples with AccessControlEntry javax.jcr.security.AccessControlEntry used on opensource projects

Search in sources :

Example 31 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.

the class ACLTest method testUpdateGroupEntry.

@Test
public void testUpdateGroupEntry() throws Exception {
    Privilege[] readPriv = privilegesFromNames(JCR_READ);
    Privilege[] writePriv = privilegesFromNames(JCR_WRITE);
    Principal everyone = principalManager.getEveryone();
    acl.addEntry(testPrincipal, readPriv, true);
    acl.addEntry(everyone, readPriv, true);
    acl.addEntry(testPrincipal, writePriv, false);
    // adding an entry that should update the existing allow-entry for everyone.
    acl.addEntry(everyone, writePriv, true);
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    assertEquals(3, entries.length);
    JackrabbitAccessControlEntry princ2AllowEntry = (JackrabbitAccessControlEntry) entries[1];
    assertEquals(everyone, princ2AllowEntry.getPrincipal());
    assertACE(princ2AllowEntry, true, privilegesFromNames(JCR_READ, JCR_WRITE));
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Test(org.junit.Test)

Example 32 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.

the class ACLTest method testAllowWriteDenyRemoveGroupEntries.

@Test
public void testAllowWriteDenyRemoveGroupEntries() throws Exception {
    Principal everyone = principalManager.getEveryone();
    Privilege[] grPriv = privilegesFromNames(REP_WRITE);
    Privilege[] dePriv = privilegesFromNames(JCR_REMOVE_CHILD_NODES);
    acl.addEntry(everyone, grPriv, true, Collections.<String, Value>emptyMap());
    acl.addEntry(everyone, dePriv, false, Collections.<String, Value>emptyMap());
    Set<Privilege> allows = new HashSet<Privilege>();
    Set<Privilege> denies = new HashSet<Privilege>();
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    for (AccessControlEntry en : entries) {
        if (everyone.equals(en.getPrincipal()) && en instanceof JackrabbitAccessControlEntry) {
            JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) en;
            Privilege[] privs = ace.getPrivileges();
            if (ace.isAllow()) {
                allows.addAll(Arrays.asList(privs));
            } else {
                denies.addAll(Arrays.asList(privs));
            }
        }
    }
    Privilege[] expected = privilegesFromNames(JCR_ADD_CHILD_NODES, JCR_REMOVE_NODE, JCR_MODIFY_PROPERTIES, JCR_NODE_TYPE_MANAGEMENT);
    assertEquals(expected.length, allows.size());
    assertEquals(ImmutableSet.copyOf(expected), allows);
    assertEquals(1, denies.size());
    assertArrayEquals(privilegesFromNames(JCR_REMOVE_CHILD_NODES), denies.toArray(new Privilege[denies.size()]));
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 33 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class ACLEditor method setPolicy.

/**
     * @see AccessControlEditor#setPolicy(String,AccessControlPolicy)
     */
public void setPolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException {
    checkProtectsNode(nodePath);
    checkValidPolicy(nodePath, policy);
    ACLTemplate acl = (ACLTemplate) policy;
    NodeImpl acNode = getAcNode(nodePath);
    if (acNode == null) {
        throw new PathNotFoundException("No such node " + nodePath);
    }
    // write the entries to the node
    NodeImpl aclNode;
    if (acNode.hasNode(N_POLICY)) {
        aclNode = acNode.getNode(N_POLICY);
        // remove all existing aces
        for (NodeIterator aceNodes = aclNode.getNodes(); aceNodes.hasNext(); ) {
            NodeImpl aceNode = (NodeImpl) aceNodes.nextNode();
            removeItem(aceNode);
        }
    } else {
        /* doesn't exist yet -> create */
        aclNode = addNode(acNode, N_POLICY, NT_REP_ACL);
    }
    /* add all new entries defined on the template */
    AccessControlEntry[] aces = acl.getAccessControlEntries();
    for (AccessControlEntry ace1 : aces) {
        AccessControlEntryImpl ace = (AccessControlEntryImpl) ace1;
        // create the ACE node
        Name nodeName = getUniqueNodeName(aclNode, "entry");
        Name ntName = (ace.isAllow()) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
        NodeImpl aceNode = addNode(aclNode, nodeName, ntName);
        ValueFactory vf = session.getValueFactory();
        // write the rep:principalName property
        setProperty(aceNode, P_PRINCIPAL_NAME, vf.createValue(ace.getPrincipal().getName()));
        // ... and the rep:privileges property
        Privilege[] privs = ace.getPrivileges();
        Value[] vs = new Value[privs.length];
        for (int j = 0; j < privs.length; j++) {
            vs[j] = vf.createValue(privs[j].getName(), PropertyType.NAME);
        }
        setProperty(aceNode, P_PRIVILEGES, vs);
        // store the restrictions:
        Set<Name> restrNames = ace.getRestrictions().keySet();
        for (Name restrName : restrNames) {
            Value value = ace.getRestriction(restrName);
            setProperty(aceNode, restrName, value);
        }
    }
    // mark the parent modified.
    markModified((NodeImpl) aclNode.getParent());
}
Also used : NodeIterator(javax.jcr.NodeIterator) AccessControlEntryImpl(org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl) NodeImpl(org.apache.jackrabbit.core.NodeImpl) AccessControlEntry(javax.jcr.security.AccessControlEntry) ValueFactory(javax.jcr.ValueFactory) Name(org.apache.jackrabbit.spi.Name) Value(javax.jcr.Value) PathNotFoundException(javax.jcr.PathNotFoundException) Privilege(javax.jcr.security.Privilege)

Example 34 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class ACLProvider method getEffectivePolicies.

/**
     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(org.apache.jackrabbit.spi.Path,org.apache.jackrabbit.core.security.authorization.CompiledPermissions)
     */
public AccessControlPolicy[] getEffectivePolicies(Path absPath, CompiledPermissions permissions) throws ItemNotFoundException, RepositoryException {
    if (absPath == null) {
        // TODO: JCR-2774
        log.warn("TODO: JCR-2774 - Repository level permissions.");
        return new AccessControlPolicy[0];
    }
    String jcrPath = session.getJCRPath(absPath);
    String pName = ISO9075.encode(session.getJCRName(ACLTemplate.P_NODE_PATH));
    int ancestorCnt = absPath.getAncestorCount();
    // search all ACEs whose rep:nodePath property equals the specified
    // absPath or any of it's ancestors
    StringBuilder stmt = new StringBuilder("/jcr:root");
    stmt.append(acRoot.getPath());
    stmt.append("//element(*,");
    stmt.append(session.getJCRName(NT_REP_ACE));
    stmt.append(")[");
    for (int i = 0; i <= ancestorCnt; i++) {
        String path = Text.getRelativeParent(jcrPath, i);
        if (i > 0) {
            stmt.append(" or ");
        }
        stmt.append("@");
        stmt.append(pName);
        stmt.append("='");
        stmt.append(path.replaceAll("'", "''"));
        stmt.append("'");
    }
    stmt.append("]");
    QueryResult result;
    try {
        QueryManager qm = session.getWorkspace().getQueryManager();
        Query q = qm.createQuery(stmt.toString(), Query.XPATH);
        result = q.execute();
    } catch (RepositoryException e) {
        log.error("Unexpected error while searching effective policies. {}", e.getMessage());
        throw new UnsupportedOperationException("Retrieve effective policies at absPath '" + jcrPath + "' not supported.", e);
    }
    /**
         * Loop over query results and verify that
         * - the corresponding ACE really takes effect on the specified absPath.
         * - the corresponding ACL can be read by the editing session.
         */
    Set<AccessControlPolicy> acls = new LinkedHashSet<AccessControlPolicy>();
    for (NodeIterator it = result.getNodes(); it.hasNext(); ) {
        Node aceNode = it.nextNode();
        String accessControlledNodePath = Text.getRelativeParent(aceNode.getPath(), 2);
        Path acPath = session.getQPath(accessControlledNodePath);
        AccessControlPolicy[] policies = editor.getPolicies(accessControlledNodePath);
        if (policies.length > 0) {
            ACLTemplate acl = (ACLTemplate) policies[0];
            for (AccessControlEntry ace : acl.getAccessControlEntries()) {
                ACLTemplate.Entry entry = (ACLTemplate.Entry) ace;
                if (entry.matches(jcrPath)) {
                    if (permissions.grants(acPath, Permission.READ_AC)) {
                        acls.add(new UnmodifiableAccessControlList(acl));
                        break;
                    } else {
                        throw new AccessDeniedException("Access denied at " + accessControlledNodePath);
                    }
                }
            }
        }
    }
    return acls.toArray(new AccessControlPolicy[acls.size()]);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) NodeIterator(javax.jcr.NodeIterator) Path(org.apache.jackrabbit.spi.Path) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessDeniedException(javax.jcr.AccessDeniedException) Query(javax.jcr.query.Query) Node(javax.jcr.Node) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) QueryResult(javax.jcr.query.QueryResult) AccessControlEntry(javax.jcr.security.AccessControlEntry) QueryManager(javax.jcr.query.QueryManager) UnmodifiableAccessControlList(org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList)

Example 35 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class AccessControlListTest method currentPrivileges.

private static List<Privilege> currentPrivileges(AccessControlList acl, Principal principal) throws RepositoryException {
    List<Privilege> privileges = new ArrayList<Privilege>();
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    for (int i = 0; i < entries.length; i++) {
        AccessControlEntry ace = entries[i];
        if (principal.equals(ace.getPrincipal())) {
            privileges.addAll(Arrays.asList(ace.getPrivileges()));
        }
    }
    return privileges;
}
Also used : ArrayList(java.util.ArrayList) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege)

Aggregations

AccessControlEntry (javax.jcr.security.AccessControlEntry)126 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)50 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)50 Privilege (javax.jcr.security.Privilege)47 AccessControlManager (javax.jcr.security.AccessControlManager)39 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39 AccessControlList (javax.jcr.security.AccessControlList)38 Test (org.junit.Test)29 Principal (java.security.Principal)28 NodeImpl (org.apache.jackrabbit.core.NodeImpl)13 ArrayList (java.util.ArrayList)12 Node (javax.jcr.Node)12 Value (javax.jcr.Value)10 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)9 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)9 ByteArrayInputStream (java.io.ByteArrayInputStream)8 InputStream (java.io.InputStream)8 RepositoryException (javax.jcr.RepositoryException)8 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)8 ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial