Search in sources :

Example 1 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class NodeDelegate method unlock.

public void unlock() throws RepositoryException {
    String path = getPath();
    Root root = sessionDelegate.getContentSession().getLatestRoot();
    Tree tree = root.getTree(path);
    if (!tree.exists()) {
        throw new ItemNotFoundException("Node " + path + " does not exist");
    } else if (!isNodeType(tree, MIX_LOCKABLE, root)) {
        throw new LockException("Node " + path + " is not lockable");
    } else if (!tree.hasProperty(JCR_LOCKISDEEP)) {
        throw new LockException("Node " + path + " is not locked");
    }
    try {
        tree.removeProperty(JCR_LOCKISDEEP);
        tree.removeProperty(JCR_LOCKOWNER);
        sessionDelegate.commit(root);
    } catch (CommitFailedException e) {
        if (e.isAccessViolation()) {
            throw new AccessControlException("Access denied to unlock node " + path, e);
        } else {
            throw new RepositoryException("Unable to unlock node " + path, e);
        }
    }
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) LockException(javax.jcr.lock.LockException) Tree(org.apache.jackrabbit.oak.api.Tree) AccessControlException(javax.jcr.security.AccessControlException) RepositoryException(javax.jcr.RepositoryException) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) ItemNotFoundException(javax.jcr.ItemNotFoundException)

Example 2 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class NodeDelegate method lock.

public void lock(boolean isDeep) throws RepositoryException {
    String path = getPath();
    Root root = sessionDelegate.getContentSession().getLatestRoot();
    Tree tree = root.getTree(path);
    if (!tree.exists()) {
        throw new ItemNotFoundException("Node " + path + " does not exist");
    } else if (!isNodeType(tree, MIX_LOCKABLE, root)) {
        throw new LockException("Node " + path + " is not lockable");
    } else if (tree.hasProperty(JCR_LOCKISDEEP)) {
        throw new LockException("Node " + path + " is already locked");
    }
    // look for locked ancestor
    Tree inheritedLock = findLock(tree, true);
    if (inheritedLock != null) {
        throw new LockException("Node already indirectly locked by " + inheritedLock.getPath());
    }
    // scan for locked descendant
    if (isDeep) {
        Tree descendantLock = findDescendantLock(tree);
        if (descendantLock != null) {
            throw new LockException("Lock conflicts with lock hold by " + descendantLock.getPath());
        }
    }
    try {
        String owner = sessionDelegate.getAuthInfo().getUserID();
        if (owner == null) {
            owner = "";
        }
        tree.setProperty(JCR_LOCKISDEEP, isDeep);
        tree.setProperty(JCR_LOCKOWNER, owner);
        sessionDelegate.commit(root);
    } catch (CommitFailedException e) {
        if (e.isAccessViolation()) {
            throw new AccessControlException("Access denied to lock node " + path, e);
        } else {
            throw new RepositoryException("Unable to lock node " + path, e);
        }
    }
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) LockException(javax.jcr.lock.LockException) Tree(org.apache.jackrabbit.oak.api.Tree) AccessControlException(javax.jcr.security.AccessControlException) RepositoryException(javax.jcr.RepositoryException) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) ItemNotFoundException(javax.jcr.ItemNotFoundException)

Example 3 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testSetInvalidPolicy.

@Test
public void testSetInvalidPolicy() throws Exception {
    try {
        acMgr.setPolicy(testPath, new TestACL(testPath, getRestrictionProvider(), getNamePathMapper()));
        fail("Setting invalid policy must fail");
    } catch (AccessControlException e) {
    // success
    }
    ACL acl = setupPolicy(testPath);
    try {
        acMgr.setPolicy(testPath, new TestACL(testPath, getRestrictionProvider(), getNamePathMapper()));
        fail("Setting invalid policy must fail");
    } catch (AccessControlException e) {
    // success
    }
    ACL repoAcl = setupPolicy(null);
    try {
        acMgr.setPolicy(testPath, repoAcl);
        fail("Setting invalid policy must fail");
    } catch (AccessControlException e) {
    // success
    }
    try {
        acMgr.setPolicy(null, acl);
        fail("Setting invalid policy must fail");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) AccessControlException(javax.jcr.security.AccessControlException) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 4 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testSetPolicyAtDifferentPath.

@Test
public void testSetPolicyAtDifferentPath() throws Exception {
    try {
        ACL acl = getApplicablePolicy(testPath);
        acMgr.setPolicy("/", acl);
        fail("Setting access control policy at a different node path must fail");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 5 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testRemovePolicyAcContent.

@Test
public void testRemovePolicyAcContent() throws Exception {
    for (String acPath : getAcContentPaths()) {
        try {
            AccessControlPolicy acl = createPolicy(acPath);
            acMgr.removePolicy(acPath, acl);
            fail("Removing access control policy to access control content should fail");
        } catch (AccessControlException e) {
        // success
        }
    }
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlException(javax.jcr.security.AccessControlException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

AccessControlException (javax.jcr.security.AccessControlException)86 Test (org.junit.Test)32 Privilege (javax.jcr.security.Privilege)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Principal (java.security.Principal)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)11 Tree (org.apache.jackrabbit.oak.api.Tree)11 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)8 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)8 RepositoryException (javax.jcr.RepositoryException)6 Value (javax.jcr.Value)6 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)6 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)6 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6 AccessControlEntry (javax.jcr.security.AccessControlEntry)5 AccessControlList (javax.jcr.security.AccessControlList)5 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)5 PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)4