Search in sources :

Example 66 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class ImmutableACLTest method assertImmutable.

private void assertImmutable(JackrabbitAccessControlList acl) throws Exception {
    String msg = "ACL should be immutable.";
    try {
        acl.addAccessControlEntry(testPrincipal, testPrivileges);
        fail(msg);
    } catch (AccessControlException e) {
    // success
    }
    try {
        acl.addEntry(testPrincipal, testPrivileges, true);
        fail(msg);
    } catch (AccessControlException e) {
    // success
    }
    try {
        acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>emptyMap());
        fail(msg);
    } catch (AccessControlException e) {
    // success
    }
    try {
        acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>emptyMap(), Collections.<String, Value[]>emptyMap());
        fail(msg);
    } catch (AccessControlException e) {
    // success
    }
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    if (entries.length > 1) {
        try {
            acl.orderBefore(entries[0], null);
            fail(msg);
        } catch (AccessControlException e) {
        // success
        }
        try {
            acl.orderBefore(entries[1], entries[0]);
            fail(msg);
        } catch (AccessControlException e) {
        // success
        }
    }
    for (AccessControlEntry ace : entries) {
        try {
            acl.removeAccessControlEntry(ace);
            fail(msg);
        } catch (AccessControlException e) {
        // success
        }
    }
}
Also used : Value(javax.jcr.Value) AccessControlException(javax.jcr.security.AccessControlException) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 67 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class PrivilegeRegistrationTest method testCustomPrivilegeVisibleAfterRefresh.

/**
 * @since oak
 */
@Test
public void testCustomPrivilegeVisibleAfterRefresh() throws RepositoryException {
    Session s2 = getAdminSession();
    PrivilegeManager pm = getPrivilegeManager(s2);
    try {
        boolean isAbstract = false;
        String privName = "testCustomPrivilegeVisibleAfterRefresh";
        privilegeManager.registerPrivilege(privName, isAbstract, new String[0]);
        // before refreshing: privilege not visible
        try {
            Privilege priv = pm.getPrivilege(privName);
            fail("Custom privilege will show up after Session#refresh()");
        } catch (AccessControlException e) {
        // success
        }
        // latest after refresh privilege manager must be updated
        s2.refresh(true);
        Privilege priv = pm.getPrivilege(privName);
        assertEquals(privName, priv.getName());
        assertEquals(isAbstract, priv.isAbstract());
        assertFalse(priv.isAggregate());
    } finally {
        s2.logout();
    }
}
Also used : PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager) AccessControlException(javax.jcr.security.AccessControlException) Privilege(javax.jcr.security.Privilege) Session(javax.jcr.Session) Test(org.junit.Test)

Example 68 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class CombinedEditor method setPolicy.

/**
 * @see AccessControlEditor#setPolicy(String,AccessControlPolicy)
 */
public void setPolicy(String nodePath, AccessControlPolicy template) throws AccessControlException, PathNotFoundException, RepositoryException {
    for (AccessControlEditor editor : editors) {
        try {
            // return as soon as the first editor successfully handled the
            // specified template
            editor.setPolicy(nodePath, template);
            log.debug("Set template " + template + " using " + editor);
            return;
        } catch (AccessControlException e) {
            log.debug(e.getMessage());
        // ignore and try next
        }
    }
    // none accepted -> throw
    throw new AccessControlException("None of the editors accepted policy " + template + " at " + nodePath);
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) AccessControlEditor(org.apache.jackrabbit.core.security.authorization.AccessControlEditor)

Example 69 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class ACLEditor method createTemplate.

/**
 * @param acNode the acl node
 * @return the polict
 * @throws RepositoryException if an error occurs
 */
private JackrabbitAccessControlPolicy createTemplate(NodeImpl acNode) throws RepositoryException {
    if (!acNode.isNodeType(NT_REP_PRINCIPAL_ACCESS_CONTROL)) {
        String msg = "Unable to edit Access Control at " + acNode.getPath() + ". Expected node of type rep:PrinicipalAccessControl, was " + acNode.getPrimaryNodeType().getName();
        log.debug(msg);
        throw new AccessControlException(msg);
    }
    Principal principal = getPrincipal(acNode.getPath());
    if (principal == null) {
        // use fall back in order to be able to get/remove the policy
        String principalName = getPathName(acNode.getPath());
        log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
        principal = new PrincipalImpl(principalName);
    }
    return new ACLTemplate(principal, acNode);
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)

Example 70 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class ACLEditor method editAccessControlPolicies.

/**
 * @see AccessControlEditor#editAccessControlPolicies(String)
 */
public AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
    checkProtectsNode(nodePath);
    if (Text.isDescendant(acRootPath, nodePath)) {
        NodeImpl acNode = getAcNode(nodePath);
        if (acNode == null) {
            // check validity and create the ac node
            Principal p = getPrincipal(nodePath);
            if (p == null) {
                throw new AccessControlException("Access control modification not allowed at " + nodePath);
            }
            acNode = createAcNode(nodePath);
        }
        if (!isAccessControlled(acNode)) {
            return new AccessControlPolicy[] { createTemplate(acNode) };
        }
    // else: acl has already been set before -> use getPolicies instead
    }
    // or policy has been set before in which case getPolicies should be used instead.
    return new AccessControlPolicy[0];
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) AccessControlException(javax.jcr.security.AccessControlException) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) Principal(java.security.Principal)

Aggregations

AccessControlException (javax.jcr.security.AccessControlException)86 Test (org.junit.Test)32 Privilege (javax.jcr.security.Privilege)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Principal (java.security.Principal)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)11 Tree (org.apache.jackrabbit.oak.api.Tree)11 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)8 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)8 RepositoryException (javax.jcr.RepositoryException)6 Value (javax.jcr.Value)6 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)6 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)6 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6 AccessControlEntry (javax.jcr.security.AccessControlEntry)5 AccessControlList (javax.jcr.security.AccessControlList)5 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)5 PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)4