use of javax.jcr.security.AccessControlException in project pentaho-kettle by pentaho.
the class PurRepositoryTestingUtils method setAclManagementCallback.
/**
* Create a {@linkplain JcrCallback} for setting up ACL management in test repository
*
* @return acl management callback
*/
static JcrCallback setAclManagementCallback() {
return new JcrCallback() {
@Override
public Object doInJcr(Session session) throws IOException, RepositoryException {
PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
Workspace workspace = session.getWorkspace();
PrivilegeManager privilegeManager = ((JackrabbitWorkspace) workspace).getPrivilegeManager();
try {
privilegeManager.getPrivilege(pentahoJcrConstants.getPHO_ACLMANAGEMENT_PRIVILEGE());
} catch (AccessControlException ace) {
privilegeManager.registerPrivilege(pentahoJcrConstants.getPHO_ACLMANAGEMENT_PRIVILEGE(), false, new String[0]);
}
session.save();
return null;
}
};
}
use of javax.jcr.security.AccessControlException in project pentaho-platform by pentaho.
the class DefaultBackingRepositoryLifecycleManager method createCustomPrivilege.
private void createCustomPrivilege() {
txnTemplate.execute(new TransactionCallbackWithoutResult() {
public void doInTransactionWithoutResult(final TransactionStatus status) {
adminJcrTemplate.execute(new JcrCallback() {
@Override
public Object doInJcr(Session session) throws IOException, RepositoryException {
PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
Workspace workspace = session.getWorkspace();
PrivilegeManager privilegeManager = ((JackrabbitWorkspace) workspace).getPrivilegeManager();
try {
privilegeManager.getPrivilege(pentahoJcrConstants.getPHO_ACLMANAGEMENT_PRIVILEGE());
} catch (AccessControlException ace) {
privilegeManager.registerPrivilege(pentahoJcrConstants.getPHO_ACLMANAGEMENT_PRIVILEGE(), false, new String[0]);
}
session.save();
return null;
}
});
}
});
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class AdminPrincipalsBaseTest method testAdminPrincipal.
/**
* Test if the ACL code properly deals the creation of ACEs for administrative
* principals which have full access anyway.
*
* @since Oak 1.1.1
* @see <a href="https://issues.apache.org/jira/browse/OAK-2158">OAK-2158</a>
*/
@Test
public void testAdminPrincipal() throws Exception {
try {
boolean success = acl.addAccessControlEntry(new AdminPrincipal() {
@Override
public String getName() {
return "admin";
}
}, privilegesFromNames(PrivilegeConstants.JCR_READ));
assertResult(success);
} catch (AccessControlException e) {
assertException();
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class CugAccessControlManager method setPolicy.
@Override
public void setPolicy(String absPath, AccessControlPolicy policy) throws RepositoryException {
String oakPath = getOakPath(absPath);
if (isSupportedPath(oakPath)) {
checkValidPolicy(absPath, policy);
Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL, true);
Tree typeRoot = getRoot().getTree(NodeTypeConstants.NODE_TYPES_PATH);
if (!TreeUtil.isNodeType(tree, MIX_REP_CUG_MIXIN, typeRoot)) {
TreeUtil.addMixin(tree, MIX_REP_CUG_MIXIN, typeRoot, null);
}
Tree cug;
if (tree.hasChild(REP_CUG_POLICY)) {
cug = tree.getChild(REP_CUG_POLICY);
if (!CugUtil.definesCug(cug)) {
throw new AccessControlException("Unexpected primary type of node rep:cugPolicy.");
}
} else {
cug = TreeUtil.addChild(tree, REP_CUG_POLICY, NT_REP_CUG_POLICY, typeRoot, null);
}
cug.setProperty(REP_PRINCIPAL_NAMES, ((CugPolicyImpl) policy).getPrincipalNames(), Type.STRINGS);
} else {
throw new AccessControlException("Unsupported path: " + absPath);
}
}
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class ACL method addEntry.
// ----------------------------------------< JackrabbitAccessControlList >---
@Override
public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions, Map<String, Value[]> mvRestrictions) throws RepositoryException {
if (privileges == null || privileges.length == 0) {
throw new AccessControlException("Privileges may not be null nor an empty array");
}
for (Privilege p : privileges) {
Privilege pv = getPrivilegeManager().getPrivilege(p.getName());
if (pv.isAbstract()) {
throw new AccessControlException("Privilege " + p + " is abstract.");
}
}
if (!checkValidPrincipal(principal)) {
return false;
}
for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getOakPath())) {
String jcrName = getNamePathMapper().getJcrName(def.getName());
if (def.isMandatory() && (restrictions == null || !restrictions.containsKey(jcrName))) {
throw new AccessControlException("Mandatory restriction " + jcrName + " is missing.");
}
}
Set<Restriction> rs;
if (restrictions == null && mvRestrictions == null) {
rs = Collections.emptySet();
} else {
rs = new HashSet<Restriction>();
if (restrictions != null) {
for (String jcrName : restrictions.keySet()) {
String oakName = getNamePathMapper().getOakName(jcrName);
rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName, restrictions.get(oakName)));
}
}
if (mvRestrictions != null) {
for (String jcrName : mvRestrictions.keySet()) {
String oakName = getNamePathMapper().getOakName(jcrName);
rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName, mvRestrictions.get(oakName)));
}
}
}
ACE entry = createACE(principal, getPrivilegeBits(privileges), isAllow, rs);
if (entries.contains(entry)) {
log.debug("Entry is already contained in policy -> no modification.");
return false;
} else {
return internalAddEntry(entry);
}
}
Aggregations