Search in sources :

Example 6 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class CompositeRestrictionProviderTest method testWriteUnsupportedRestrictions.

@Test
public void testWriteUnsupportedRestrictions() throws Exception {
    NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
    Restriction invalid = new RestrictionImpl(PropertyStates.createProperty("invalid", vf.createValue(true)), false);
    try {
        provider.writeRestrictions("/test", aceNode.getTree(), ImmutableSet.<Restriction>of(invalid));
        fail("AccessControlException expected");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) AccessControlException(javax.jcr.security.AccessControlException) RestrictionImpl(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 7 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class ACLTest method testInvalidRestrictionType.

@Test
public void testInvalidRestrictionType() throws Exception {
    RestrictionProvider rp = new TestRestrictionProvider("restr", Type.NAME, false);
    JackrabbitAccessControlList acl = createACL(TEST_PATH, new ArrayList(), namePathMapper, rp);
    try {
        acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>singletonMap("restr", getValueFactory().createValue(true)));
        fail("Invalid restriction type.");
    } catch (AccessControlException e) {
    // mandatory restriction missing -> success
    }
}
Also used : RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider) AbstractRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider) ArrayList(java.util.ArrayList) AccessControlException(javax.jcr.security.AccessControlException) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Test(org.junit.Test)

Example 8 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class ACLTest method testRemoveInvalidEntry.

@Test
public void testRemoveInvalidEntry() throws Exception {
    try {
        acl.removeAccessControlEntry(new JackrabbitAccessControlEntry() {

            public boolean isAllow() {
                return false;
            }

            public String[] getRestrictionNames() {
                return new String[0];
            }

            public Value getRestriction(String restrictionName) {
                return null;
            }

            public Value[] getRestrictions(String restrictionName) {
                return null;
            }

            public Principal getPrincipal() {
                return testPrincipal;
            }

            public Privilege[] getPrivileges() {
                return testPrivileges;
            }
        });
        fail("Passing an unknown ACE should fail");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Value(javax.jcr.Value) AccessControlException(javax.jcr.security.AccessControlException) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Test(org.junit.Test)

Example 9 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class CugAccessControlManagerTest method testRemoveInvalidPolicy.

@Test
public void testRemoveInvalidPolicy() throws Exception {
    List<AccessControlPolicy> invalidPolicies = ImmutableList.of(new AccessControlPolicy() {
    }, new NamedAccessControlPolicy() {

        public String getName() {
            return "name";
        }
    }, InvalidCug.INSTANCE);
    for (AccessControlPolicy policy : invalidPolicies) {
        try {
            cugAccessControlManager.removePolicy(SUPPORTED_PATH, policy);
            fail("Invalid cug policy must be detected.");
        } catch (AccessControlException e) {
        // success
        }
    }
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlException(javax.jcr.security.AccessControlException) NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy) Test(org.junit.Test)

Example 10 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class ACL method orderBefore.

@Override
public void orderBefore(AccessControlEntry srcEntry, AccessControlEntry destEntry) throws RepositoryException {
    ACE src = checkACE(srcEntry);
    ACE dest = (destEntry == null) ? null : checkACE(destEntry);
    if (src.equals(dest)) {
        log.debug("'srcEntry' equals 'destEntry' -> no reordering required.");
        return;
    }
    int index = (dest == null) ? entries.size() - 1 : entries.indexOf(dest);
    if (index < 0) {
        throw new AccessControlException("'destEntry' not contained in this AccessControlList.");
    } else {
        if (entries.remove(src)) {
            // re-insert the srcEntry at the new position.
            entries.add(index, src);
        } else {
            // src entry not contained in this list.
            throw new AccessControlException("srcEntry not contained in this AccessControlList");
        }
    }
}
Also used : ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) AccessControlException(javax.jcr.security.AccessControlException)

Aggregations

AccessControlException (javax.jcr.security.AccessControlException)86 Test (org.junit.Test)32 Privilege (javax.jcr.security.Privilege)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Principal (java.security.Principal)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)11 Tree (org.apache.jackrabbit.oak.api.Tree)11 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)8 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)8 RepositoryException (javax.jcr.RepositoryException)6 Value (javax.jcr.Value)6 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)6 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)6 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6 AccessControlEntry (javax.jcr.security.AccessControlEntry)5 AccessControlList (javax.jcr.security.AccessControlList)5 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)5 PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)4