use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class CompositeRestrictionProviderTest method testValidateInvalidRestrictionDef.
@Test
public void testValidateInvalidRestrictionDef() throws Exception {
RestrictionProvider rp = CompositeRestrictionProvider.newInstance(rp1, rp3);
NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
rNode.setValues(REP_GLOB, new Value[] { vf.createValue(10), vf.createValue(290) });
try {
rp.validateRestrictions("/test", aceNode.getTree());
fail("Validation must detect invalid restriction definition");
} catch (AccessControlException e) {
// success
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class CompositeRestrictionProviderTest method testValidateUnsupportedRestriction.
@Test
public void testValidateUnsupportedRestriction() throws Exception {
RestrictionProvider rp = CompositeRestrictionProvider.newInstance(rp1, rp3);
NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
rNode.setString("unsupported", "value");
try {
rp.validateRestrictions("/test", aceNode.getTree());
fail("Validation must detect unsupported restriction");
} catch (AccessControlException e) {
// success
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class RestrictionProviderImplTest method testValidateGlobRestriction.
@Test
public void testValidateGlobRestriction() throws Exception {
Tree t = new NodeUtil(root.getTree("/")).addChild("testTree", "nt:unstructured").getTree();
String path = t.getPath();
AccessControlManager acMgr = getAccessControlManager(root);
List<String> globs = ImmutableList.of("/1*/2*/3*/4*/5*/6*/7*/8*/9*/10*/11*/12*/13*/14*/15*/16*/17*/18*/19*/20*/21*", "*********************");
for (String glob : globs) {
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
acl.addEntry(getTestUser().getPrincipal(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ), true, Collections.singletonMap(REP_GLOB, getValueFactory().createValue(glob)));
acMgr.setPolicy(path, acl);
try {
provider.validateRestrictions(path, t.getChild(REP_POLICY).getChild("allow"));
fail("AccessControlException expected.");
} catch (AccessControlException e) {
// success
} finally {
acMgr.removePolicy(path, acl);
}
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class CompositeRestrictionProviderTest method testValidateRestrictions.
@Test
public void testValidateRestrictions() throws Exception {
NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
rNode.setBoolean("boolean", true);
rNode.setValues("longs", new Value[] { vf.createValue(10), vf.createValue(290) });
rNode.setString(REP_GLOB, "*");
// empty array
rNode.setNames(REP_NT_NAMES);
provider.validateRestrictions("/test", aceNode.getTree());
// remove mandatory restriction
rNode.removeProperty("boolean");
try {
provider.validateRestrictions("/test", aceNode.getTree());
fail("validation should detect missing mandatory restrictions");
} catch (AccessControlException e) {
// success
}
// set with wrong type
rNode.setName("boolean", "nt:base");
try {
provider.validateRestrictions("/test", aceNode.getTree());
fail("validation should detect wrong restriction type");
} catch (AccessControlException e) {
// success
} finally {
rNode.setBoolean("boolean", true);
}
rNode.setStrings(REP_GLOB, "*", "/jcr:content");
try {
provider.validateRestrictions("/test", aceNode.getTree());
fail("validation should detect wrong restriction type (multi vs single valued)");
} catch (AccessControlException e) {
// success
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class L5_AccessControlListImplTest method testAddEntryWithInvalidPrivilege.
public void testAddEntryWithInvalidPrivilege() throws Exception {
String privilegeName = "AccessControlListImplTestPrivilege";
Privilege customPriv = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager().registerPrivilege(privilegeName, true, new String[0]);
// EXERCISE : walks through this test and explain why adding those ACEs fails.
List<Privilege[]> invalidPrivileges = ImmutableList.of(new Privilege[0], null, new Privilege[] { customPriv });
for (Privilege[] privs : invalidPrivileges) {
try {
acl.addAccessControlEntry(testPrincipal, privs);
fail("Adding an ACE with invalid privilege array should fail.");
} catch (AccessControlException e) {
// success
}
}
}
Aggregations