Search in sources :

Example 11 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class AccessControlValidator method checkValidRestrictions.

private void checkValidRestrictions(@Nonnull Tree aceTree) throws CommitFailedException {
    String path;
    Tree aclTree = checkNotNull(aceTree.getParent());
    String aclPath = aclTree.getPath();
    if (REP_REPO_POLICY.equals(Text.getName(aclPath))) {
        path = null;
    } else {
        path = Text.getRelativeParent(aclPath, 1);
    }
    try {
        restrictionProvider.validateRestrictions(path, aceTree);
    } catch (AccessControlException e) {
        throw new CommitFailedException(ACCESS_CONTROL, 1, "Access control violation", e);
    } catch (RepositoryException e) {
        throw new CommitFailedException(OAK, 13, "Internal error", e);
    }
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) AbstractTree(org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree) AccessControlException(javax.jcr.security.AccessControlException) RepositoryException(javax.jcr.RepositoryException) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)

Example 12 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class AccessControlManagerImpl method removePolicy.

@Override
public void removePolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy) throws RepositoryException {
    String oakPath = getOakPath(absPath);
    Util.checkValidPolicy(oakPath, policy);
    if (policy instanceof PrincipalACL) {
        PrincipalACL principalAcl = (PrincipalACL) policy;
        for (ACE ace : principalAcl.getEntries()) {
            String path = getNodePath(ace);
            Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL, true);
            Tree aclTree = getAclTree(path, tree);
            if (aclTree == null) {
                throw new AccessControlException("Unable to retrieve policy node at " + path);
            }
            Iterator<Tree> children = aclTree.getChildren().iterator();
            while (children.hasNext()) {
                Tree child = children.next();
                if (ace.equals(createACE(path, child, principalAcl.rProvider))) {
                    child.remove();
                }
            }
            if (!aclTree.getChildren().iterator().hasNext()) {
                aclTree.remove();
            }
        }
    } else {
        Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL, true);
        Tree aclTree = getAclTree(oakPath, tree);
        if (aclTree != null) {
            aclTree.remove();
        } else {
            throw new AccessControlException("No policy to remove at " + absPath);
        }
    }
}
Also used : ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) Tree(org.apache.jackrabbit.oak.api.Tree) AccessControlException(javax.jcr.security.AccessControlException)

Example 13 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testGetEffectivePoliciesInvalidPrincipals.

@Test
public void testGetEffectivePoliciesInvalidPrincipals() throws Exception {
    Principal unknown = getPrincipalManager(root).getPrincipal("unknown");
    int i = 0;
    while (unknown != null) {
        unknown = getPrincipalManager(root).getPrincipal("unknown" + i);
    }
    unknown = new InvalidTestPrincipal("unknown" + i);
    try {
        acMgr.getEffectivePolicies(Collections.singleton(unknown));
        fail("Unknown principal should be detected.");
    } catch (AccessControlException e) {
    // success
    }
    try {
        acMgr.getEffectivePolicies(ImmutableSet.of(unknown, EveryonePrincipal.getInstance(), testPrincipal));
        fail("Unknown principal should be detected.");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 14 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class L2_AccessControlManagerTest method testRemovePolicy.

public void testRemovePolicy() throws RepositoryException {
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testRoot);
    // EXERCISE: explain why
    try {
        acMgr.removePolicy(testRoot, acl);
        fail("EXERCISE");
    } catch (AccessControlException e) {
    // success
    }
    AccessControlUtils.addAccessControlEntry(superuser, testRoot, testPrincipal, new String[] { Privilege.JCR_READ }, false);
    acl = AccessControlUtils.getAccessControlList(acMgr, testRoot);
    acMgr.removePolicy(testRoot, acl);
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 15 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class WriteWithCustomPrivilege method setUp.

@Override
protected void setUp() throws Exception {
    super.setUp();
    PrivilegeManager privilegeManager = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager();
    try {
        privilegeManager.getPrivilege("replicate");
    } catch (AccessControlException e) {
        privilegeManager.registerPrivilege("replicate", false, null);
    }
}
Also used : PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager) AccessControlException(javax.jcr.security.AccessControlException) JackrabbitWorkspace(org.apache.jackrabbit.api.JackrabbitWorkspace)

Aggregations

AccessControlException (javax.jcr.security.AccessControlException)86 Test (org.junit.Test)32 Privilege (javax.jcr.security.Privilege)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Principal (java.security.Principal)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)11 Tree (org.apache.jackrabbit.oak.api.Tree)11 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)8 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)8 RepositoryException (javax.jcr.RepositoryException)6 Value (javax.jcr.Value)6 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)6 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)6 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6 AccessControlEntry (javax.jcr.security.AccessControlEntry)5 AccessControlList (javax.jcr.security.AccessControlList)5 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)5 PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)4