Search in sources :

Example 36 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class AccessControlListTest method tearDown.

protected void tearDown() throws Exception {
    try {
        // restore original entries (remove others).
        AccessControlList list = getList(acMgr, path);
        AccessControlEntry[] entries = list.getAccessControlEntries();
        for (int i = 0; i < entries.length; i++) {
            AccessControlEntry ace = entries[i];
            if (testPrincipal.equals(ace.getPrincipal())) {
                list.removeAccessControlEntry(ace);
            }
        }
        if (!privilegesToRestore.isEmpty()) {
            list.addAccessControlEntry(testPrincipal, (Privilege[]) privilegesToRestore.toArray(new Privilege[privilegesToRestore.size()]));
        }
        if (list.getAccessControlEntries().length > 0 && acMgr.getPolicies(path).length > 0) {
            acMgr.setPolicy(path, list);
            superuser.save();
        }
    } catch (Exception e) {
        log.warn("Unexpected error while removing test entries.", e);
    }
    super.tearDown();
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) AccessDeniedException(javax.jcr.AccessDeniedException) AccessControlException(javax.jcr.security.AccessControlException) RepositoryException(javax.jcr.RepositoryException) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)

Example 37 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class AccessControlListTest method testGetAccessControlEntries.

public void testGetAccessControlEntries() throws RepositoryException, AccessDeniedException, NotExecutableException {
    checkCanReadAc(path);
    AccessControlList acl = getList(acMgr, path);
    // call must succeed.
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    assertNotNull("AccessControlList#getAccessControlEntries must not return null.", entries);
    for (int i = 0; i < entries.length; i++) {
        assertNotNull("An ACE must contain a principal", entries[i].getPrincipal());
        Privilege[] privs = entries[i].getPrivileges();
        assertTrue("An ACE must contain at least a single privilege", privs != null && privs.length > 0);
    }
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege)

Example 38 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class AccessControlListTest method testAddAccessControlEntryAndSetPolicy.

public void testAddAccessControlEntryAndSetPolicy() throws RepositoryException, NotExecutableException {
    checkCanModifyAc(path);
    AccessControlList acl = getList(acMgr, path);
    List<AccessControlEntry> originalAces = Arrays.asList(acl.getAccessControlEntries());
    if (!acl.addAccessControlEntry(testPrincipal, privs)) {
        throw new NotExecutableException();
    }
    // re-access ACL from AC-Manager -> must not yet have changed
    assertEquals("Before calling setPolicy any modifications to an ACL must not be reflected in the policies", originalAces, Arrays.asList(getList(acMgr, path).getAccessControlEntries()));
    // setting the modified policy -> policy must change.
    acMgr.setPolicy(path, acl);
    assertEquals("Before calling setPolicy any modifications to an ACL must not be reflected in the policies", Arrays.asList(acl.getAccessControlEntries()), Arrays.asList(getList(acMgr, path).getAccessControlEntries()));
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 39 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class AccessControlListTest method testAddPrivilegesPresentInEntries.

public void testAddPrivilegesPresentInEntries() throws NotExecutableException, RepositoryException {
    checkCanModifyAc(path);
    AccessControlList acl = getList(acMgr, path);
    acl.addAccessControlEntry(testPrincipal, privs);
    Set<Privilege> assignedPrivs = new HashSet<Privilege>();
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    for (int i = 0; i < entries.length; i++) {
        if (entries[i].getPrincipal().equals(testPrincipal)) {
            Privilege[] prvs = entries[i].getPrivileges();
            for (int j = 0; j < prvs.length; j++) {
                if (prvs[j].isAggregate()) {
                    assignedPrivs.addAll(Arrays.asList(prvs[j].getAggregatePrivileges()));
                } else {
                    assignedPrivs.add(prvs[j]);
                }
            }
        }
    }
    Set<Privilege> expected = new HashSet<Privilege>();
    for (int i = 0; i < privs.length; i++) {
        if (privs[i].isAggregate()) {
            expected.addAll(Arrays.asList(privs[i].getAggregatePrivileges()));
        } else {
            expected.add(privs[i]);
        }
    }
    assertTrue("getAccessControlEntries must contain an entry or entries that grant at least the added privileges.", assignedPrivs.containsAll(expected));
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) HashSet(java.util.HashSet)

Example 40 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.

the class AccessControlImporter method getACL.

@CheckForNull
private JackrabbitAccessControlList getACL(Tree tree) throws RepositoryException {
    String nodeName = tree.getName();
    JackrabbitAccessControlList acList = null;
    if (!tree.isRoot()) {
        Tree parent = tree.getParent();
        if (AccessControlConstants.REP_POLICY.equals(nodeName) && ntMgr.isNodeType(tree, AccessControlConstants.NT_REP_ACL)) {
            String path = parent.getPath();
            acList = getACL(path);
        } else if (AccessControlConstants.REP_REPO_POLICY.equals(nodeName) && ntMgr.isNodeType(tree, AccessControlConstants.NT_REP_ACL) && parent.isRoot()) {
            acList = getACL((String) null);
        }
    }
    if (acList != null) {
        // clear all existing entries
        for (AccessControlEntry ace : acList.getAccessControlEntries()) {
            acList.removeAccessControlEntry(ace);
        }
    }
    return acList;
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) CheckForNull(javax.annotation.CheckForNull)

Aggregations

AccessControlEntry (javax.jcr.security.AccessControlEntry)126 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)50 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)50 Privilege (javax.jcr.security.Privilege)47 AccessControlManager (javax.jcr.security.AccessControlManager)39 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39 AccessControlList (javax.jcr.security.AccessControlList)38 Test (org.junit.Test)29 Principal (java.security.Principal)28 NodeImpl (org.apache.jackrabbit.core.NodeImpl)13 ArrayList (java.util.ArrayList)12 Node (javax.jcr.Node)12 Value (javax.jcr.Value)10 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)9 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)9 ByteArrayInputStream (java.io.ByteArrayInputStream)8 InputStream (java.io.InputStream)8 RepositoryException (javax.jcr.RepositoryException)8 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)8 ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)8