Search in sources :

Example 61 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class L5_AccessControlListImplTest method testRemoveInvalidEntry.

public void testRemoveInvalidEntry() throws RepositoryException {
    assertTrue(AccessControlUtils.addAccessControlEntry(superuser, testRoot, testPrincipal, testPrivileges, true));
    // EXERCISE : walk through the removal and explain the expected behaviour.
    try {
        acl.removeAccessControlEntry(new JackrabbitAccessControlEntry() {

            public boolean isAllow() {
                return false;
            }

            public String[] getRestrictionNames() {
                return new String[0];
            }

            public Value getRestriction(String restrictionName) {
                return null;
            }

            public Value[] getRestrictions(String restrictionName) {
                return null;
            }

            public Principal getPrincipal() {
                return testPrincipal;
            }

            public Privilege[] getPrivileges() {
                return testPrivileges;
            }
        });
        fail("Passing an unknown ACE should fail");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Value(javax.jcr.Value) AccessControlException(javax.jcr.security.AccessControlException) InvalidTestPrincipal(org.apache.jackrabbit.oak.security.authorization.accesscontrol.InvalidTestPrincipal) Principal(java.security.Principal)

Example 62 with AccessControlException

use of javax.jcr.security.AccessControlException in project APM by Cognifide.

the class JackrabbitAccessControlListUtil method getModifiableAcl.

public static JackrabbitAccessControlList getModifiableAcl(final AccessControlManager accessManager, final String path) throws RepositoryException {
    final JackrabbitAccessControlList acl = getAccessControlList(accessManager, path);
    if (null != acl) {
        return acl;
    }
    final JackrabbitAccessControlList applicableAcl = getApplicableAccessControlList(accessManager, path);
    if (null != applicableAcl) {
        return applicableAcl;
    }
    throw new AccessControlException("No modifiable ACL at " + path);
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 63 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class AbstractRestrictionProvider method createRestriction.

@Nonnull
@Override
public Restriction createRestriction(String oakPath, @Nonnull String oakName, @Nonnull Value... values) throws RepositoryException {
    RestrictionDefinition definition = getDefinition(oakPath, oakName);
    Type<?> requiredType = definition.getRequiredType();
    for (Value v : values) {
        if (requiredType.tag() != PropertyType.UNDEFINED && requiredType.tag() != v.getType()) {
            throw new AccessControlException("Unsupported restriction: Expected value of type " + requiredType);
        }
    }
    PropertyState propertyState;
    if (requiredType.isArray()) {
        propertyState = PropertyStates.createProperty(oakName, Arrays.asList(values), requiredType.tag());
    } else {
        if (values.length != 1) {
            throw new AccessControlException("Unsupported restriction: Expected single value.");
        }
        propertyState = PropertyStates.createProperty(oakName, values[0]);
    }
    return createRestriction(propertyState, definition);
}
Also used : Value(javax.jcr.Value) AccessControlException(javax.jcr.security.AccessControlException) PropertyState(org.apache.jackrabbit.oak.api.PropertyState) Nonnull(javax.annotation.Nonnull)

Example 64 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class L5_AccessControlListImplTest method testAddEntryWithInvalidPrincipals.

public void testAddEntryWithInvalidPrincipals() throws Exception {
    // EXERCISE: explain for each principal in the list why using it for an ACE fails
    List<Principal> invalidPrincipals = ImmutableList.of(new InvalidTestPrincipal("unknown"), null, new PrincipalImpl(""), new Principal() {

        @Override
        public String getName() {
            return "unknown";
        }
    });
    for (Principal principal : invalidPrincipals) {
        try {
            acl.addAccessControlEntry(principal, testPrivileges);
            fail("Adding an ACE with an invalid principal should fail");
        } catch (AccessControlException e) {
        // success
        }
    }
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) InvalidTestPrincipal(org.apache.jackrabbit.oak.security.authorization.accesscontrol.InvalidTestPrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) InvalidTestPrincipal(org.apache.jackrabbit.oak.security.authorization.accesscontrol.InvalidTestPrincipal)

Example 65 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class AccessControlWorkspaceImporterTest method testImportRepoACLAtTestNode.

/**
 * Make sure repo-level acl is not imported below any other node than the
 * root node.
 *
 * @throws Exception
 */
public void testImportRepoACLAtTestNode() throws Exception {
    try {
        Node target = testRootNode.addNode("test");
        target.addMixin("rep:RepoAccessControllable");
        superuser.save();
        doImport(target.getPath(), XML_REPO_POLICY_TREE);
        fail("Importing repo policy to non-root node must fail");
    } catch (AccessControlException e) {
    // success
    } finally {
        superuser.refresh(false);
    }
}
Also used : Node(javax.jcr.Node) AccessControlException(javax.jcr.security.AccessControlException)

Aggregations

AccessControlException (javax.jcr.security.AccessControlException)86 Test (org.junit.Test)32 Privilege (javax.jcr.security.Privilege)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Principal (java.security.Principal)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)11 Tree (org.apache.jackrabbit.oak.api.Tree)11 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)8 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)8 RepositoryException (javax.jcr.RepositoryException)6 Value (javax.jcr.Value)6 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)6 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)6 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6 AccessControlEntry (javax.jcr.security.AccessControlEntry)5 AccessControlList (javax.jcr.security.AccessControlList)5 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)5 PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)4