use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class ImmutableACLTest method assertImmutable.
private void assertImmutable(JackrabbitAccessControlList acl) throws Exception {
String msg = "ACL should be immutable.";
try {
acl.addAccessControlEntry(testPrincipal, testPrivileges);
fail(msg);
} catch (AccessControlException e) {
// success
}
try {
acl.addEntry(testPrincipal, testPrivileges, true);
fail(msg);
} catch (AccessControlException e) {
// success
}
try {
acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>emptyMap());
fail(msg);
} catch (AccessControlException e) {
// success
}
try {
acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>emptyMap(), Collections.<String, Value[]>emptyMap());
fail(msg);
} catch (AccessControlException e) {
// success
}
AccessControlEntry[] entries = acl.getAccessControlEntries();
if (entries.length > 1) {
try {
acl.orderBefore(entries[0], null);
fail(msg);
} catch (AccessControlException e) {
// success
}
try {
acl.orderBefore(entries[1], entries[0]);
fail(msg);
} catch (AccessControlException e) {
// success
}
}
for (AccessControlEntry ace : entries) {
try {
acl.removeAccessControlEntry(ace);
fail(msg);
} catch (AccessControlException e) {
// success
}
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class PrivilegeRegistrationTest method testCustomPrivilegeVisibleAfterRefresh.
/**
* @since oak
*/
@Test
public void testCustomPrivilegeVisibleAfterRefresh() throws RepositoryException {
Session s2 = getAdminSession();
PrivilegeManager pm = getPrivilegeManager(s2);
try {
boolean isAbstract = false;
String privName = "testCustomPrivilegeVisibleAfterRefresh";
privilegeManager.registerPrivilege(privName, isAbstract, new String[0]);
// before refreshing: privilege not visible
try {
Privilege priv = pm.getPrivilege(privName);
fail("Custom privilege will show up after Session#refresh()");
} catch (AccessControlException e) {
// success
}
// latest after refresh privilege manager must be updated
s2.refresh(true);
Privilege priv = pm.getPrivilege(privName);
assertEquals(privName, priv.getName());
assertEquals(isAbstract, priv.isAbstract());
assertFalse(priv.isAggregate());
} finally {
s2.logout();
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit by apache.
the class CombinedEditor method setPolicy.
/**
* @see AccessControlEditor#setPolicy(String,AccessControlPolicy)
*/
public void setPolicy(String nodePath, AccessControlPolicy template) throws AccessControlException, PathNotFoundException, RepositoryException {
for (AccessControlEditor editor : editors) {
try {
// return as soon as the first editor successfully handled the
// specified template
editor.setPolicy(nodePath, template);
log.debug("Set template " + template + " using " + editor);
return;
} catch (AccessControlException e) {
log.debug(e.getMessage());
// ignore and try next
}
}
// none accepted -> throw
throw new AccessControlException("None of the editors accepted policy " + template + " at " + nodePath);
}
use of javax.jcr.security.AccessControlException in project jackrabbit by apache.
the class ACLEditor method createTemplate.
/**
* @param acNode the acl node
* @return the polict
* @throws RepositoryException if an error occurs
*/
private JackrabbitAccessControlPolicy createTemplate(NodeImpl acNode) throws RepositoryException {
if (!acNode.isNodeType(NT_REP_PRINCIPAL_ACCESS_CONTROL)) {
String msg = "Unable to edit Access Control at " + acNode.getPath() + ". Expected node of type rep:PrinicipalAccessControl, was " + acNode.getPrimaryNodeType().getName();
log.debug(msg);
throw new AccessControlException(msg);
}
Principal principal = getPrincipal(acNode.getPath());
if (principal == null) {
// use fall back in order to be able to get/remove the policy
String principalName = getPathName(acNode.getPath());
log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
principal = new PrincipalImpl(principalName);
}
return new ACLTemplate(principal, acNode);
}
use of javax.jcr.security.AccessControlException in project jackrabbit by apache.
the class ACLEditor method editAccessControlPolicies.
/**
* @see AccessControlEditor#editAccessControlPolicies(String)
*/
public AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
checkProtectsNode(nodePath);
if (Text.isDescendant(acRootPath, nodePath)) {
NodeImpl acNode = getAcNode(nodePath);
if (acNode == null) {
// check validity and create the ac node
Principal p = getPrincipal(nodePath);
if (p == null) {
throw new AccessControlException("Access control modification not allowed at " + nodePath);
}
acNode = createAcNode(nodePath);
}
if (!isAccessControlled(acNode)) {
return new AccessControlPolicy[] { createTemplate(acNode) };
}
// else: acl has already been set before -> use getPolicies instead
}
// or policy has been set before in which case getPolicies should be used instead.
return new AccessControlPolicy[0];
}
Aggregations