Search in sources :

Example 56 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class CompositeRestrictionProviderTest method testValidateInvalidRestrictionDef.

@Test
public void testValidateInvalidRestrictionDef() throws Exception {
    RestrictionProvider rp = CompositeRestrictionProvider.newInstance(rp1, rp3);
    NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
    NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
    rNode.setValues(REP_GLOB, new Value[] { vf.createValue(10), vf.createValue(290) });
    try {
        rp.validateRestrictions("/test", aceNode.getTree());
        fail("Validation must detect invalid restriction definition");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider) CompositeRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider) AccessControlException(javax.jcr.security.AccessControlException) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 57 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class CompositeRestrictionProviderTest method testValidateUnsupportedRestriction.

@Test
public void testValidateUnsupportedRestriction() throws Exception {
    RestrictionProvider rp = CompositeRestrictionProvider.newInstance(rp1, rp3);
    NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
    NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
    rNode.setString("unsupported", "value");
    try {
        rp.validateRestrictions("/test", aceNode.getTree());
        fail("Validation must detect unsupported restriction");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider) CompositeRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider) AccessControlException(javax.jcr.security.AccessControlException) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 58 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class RestrictionProviderImplTest method testValidateGlobRestriction.

@Test
public void testValidateGlobRestriction() throws Exception {
    Tree t = new NodeUtil(root.getTree("/")).addChild("testTree", "nt:unstructured").getTree();
    String path = t.getPath();
    AccessControlManager acMgr = getAccessControlManager(root);
    List<String> globs = ImmutableList.of("/1*/2*/3*/4*/5*/6*/7*/8*/9*/10*/11*/12*/13*/14*/15*/16*/17*/18*/19*/20*/21*", "*********************");
    for (String glob : globs) {
        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
        acl.addEntry(getTestUser().getPrincipal(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ), true, Collections.singletonMap(REP_GLOB, getValueFactory().createValue(glob)));
        acMgr.setPolicy(path, acl);
        try {
            provider.validateRestrictions(path, t.getChild(REP_POLICY).getChild("allow"));
            fail("AccessControlException expected.");
        } catch (AccessControlException e) {
        // success
        } finally {
            acMgr.removePolicy(path, acl);
        }
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Tree(org.apache.jackrabbit.oak.api.Tree) AccessControlException(javax.jcr.security.AccessControlException) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 59 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class CompositeRestrictionProviderTest method testValidateRestrictions.

@Test
public void testValidateRestrictions() throws Exception {
    NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
    NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
    rNode.setBoolean("boolean", true);
    rNode.setValues("longs", new Value[] { vf.createValue(10), vf.createValue(290) });
    rNode.setString(REP_GLOB, "*");
    // empty array
    rNode.setNames(REP_NT_NAMES);
    provider.validateRestrictions("/test", aceNode.getTree());
    // remove mandatory restriction
    rNode.removeProperty("boolean");
    try {
        provider.validateRestrictions("/test", aceNode.getTree());
        fail("validation should detect missing mandatory restrictions");
    } catch (AccessControlException e) {
    // success
    }
    // set with wrong type
    rNode.setName("boolean", "nt:base");
    try {
        provider.validateRestrictions("/test", aceNode.getTree());
        fail("validation should detect wrong restriction type");
    } catch (AccessControlException e) {
    // success
    } finally {
        rNode.setBoolean("boolean", true);
    }
    rNode.setStrings(REP_GLOB, "*", "/jcr:content");
    try {
        provider.validateRestrictions("/test", aceNode.getTree());
        fail("validation should detect wrong restriction type (multi vs single valued)");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 60 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class L5_AccessControlListImplTest method testAddEntryWithInvalidPrivilege.

public void testAddEntryWithInvalidPrivilege() throws Exception {
    String privilegeName = "AccessControlListImplTestPrivilege";
    Privilege customPriv = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager().registerPrivilege(privilegeName, true, new String[0]);
    // EXERCISE : walks through this test and explain why adding those ACEs fails.
    List<Privilege[]> invalidPrivileges = ImmutableList.of(new Privilege[0], null, new Privilege[] { customPriv });
    for (Privilege[] privs : invalidPrivileges) {
        try {
            acl.addAccessControlEntry(testPrincipal, privs);
            fail("Adding an ACE with invalid privilege array should fail.");
        } catch (AccessControlException e) {
        // success
        }
    }
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) Privilege(javax.jcr.security.Privilege)

Aggregations

AccessControlException (javax.jcr.security.AccessControlException)86 Test (org.junit.Test)32 Privilege (javax.jcr.security.Privilege)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Principal (java.security.Principal)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)11 Tree (org.apache.jackrabbit.oak.api.Tree)11 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)8 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)8 RepositoryException (javax.jcr.RepositoryException)6 Value (javax.jcr.Value)6 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)6 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)6 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6 AccessControlEntry (javax.jcr.security.AccessControlEntry)5 AccessControlList (javax.jcr.security.AccessControlList)5 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)5 PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)4