use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class AccessControlValidator method checkValidRestrictions.
private void checkValidRestrictions(@Nonnull Tree aceTree) throws CommitFailedException {
String path;
Tree aclTree = checkNotNull(aceTree.getParent());
String aclPath = aclTree.getPath();
if (REP_REPO_POLICY.equals(Text.getName(aclPath))) {
path = null;
} else {
path = Text.getRelativeParent(aclPath, 1);
}
try {
restrictionProvider.validateRestrictions(path, aceTree);
} catch (AccessControlException e) {
throw new CommitFailedException(ACCESS_CONTROL, 1, "Access control violation", e);
} catch (RepositoryException e) {
throw new CommitFailedException(OAK, 13, "Internal error", e);
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class AccessControlManagerImpl method removePolicy.
@Override
public void removePolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy) throws RepositoryException {
String oakPath = getOakPath(absPath);
Util.checkValidPolicy(oakPath, policy);
if (policy instanceof PrincipalACL) {
PrincipalACL principalAcl = (PrincipalACL) policy;
for (ACE ace : principalAcl.getEntries()) {
String path = getNodePath(ace);
Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL, true);
Tree aclTree = getAclTree(path, tree);
if (aclTree == null) {
throw new AccessControlException("Unable to retrieve policy node at " + path);
}
Iterator<Tree> children = aclTree.getChildren().iterator();
while (children.hasNext()) {
Tree child = children.next();
if (ace.equals(createACE(path, child, principalAcl.rProvider))) {
child.remove();
}
}
if (!aclTree.getChildren().iterator().hasNext()) {
aclTree.remove();
}
}
} else {
Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL, true);
Tree aclTree = getAclTree(oakPath, tree);
if (aclTree != null) {
aclTree.remove();
} else {
throw new AccessControlException("No policy to remove at " + absPath);
}
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testGetEffectivePoliciesInvalidPrincipals.
@Test
public void testGetEffectivePoliciesInvalidPrincipals() throws Exception {
Principal unknown = getPrincipalManager(root).getPrincipal("unknown");
int i = 0;
while (unknown != null) {
unknown = getPrincipalManager(root).getPrincipal("unknown" + i);
}
unknown = new InvalidTestPrincipal("unknown" + i);
try {
acMgr.getEffectivePolicies(Collections.singleton(unknown));
fail("Unknown principal should be detected.");
} catch (AccessControlException e) {
// success
}
try {
acMgr.getEffectivePolicies(ImmutableSet.of(unknown, EveryonePrincipal.getInstance(), testPrincipal));
fail("Unknown principal should be detected.");
} catch (AccessControlException e) {
// success
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class L2_AccessControlManagerTest method testRemovePolicy.
public void testRemovePolicy() throws RepositoryException {
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testRoot);
// EXERCISE: explain why
try {
acMgr.removePolicy(testRoot, acl);
fail("EXERCISE");
} catch (AccessControlException e) {
// success
}
AccessControlUtils.addAccessControlEntry(superuser, testRoot, testPrincipal, new String[] { Privilege.JCR_READ }, false);
acl = AccessControlUtils.getAccessControlList(acMgr, testRoot);
acMgr.removePolicy(testRoot, acl);
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class WriteWithCustomPrivilege method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
PrivilegeManager privilegeManager = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager();
try {
privilegeManager.getPrivilege("replicate");
} catch (AccessControlException e) {
privilegeManager.registerPrivilege("replicate", false, null);
}
}
Aggregations