Example 21 with AccessControlException
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class AccessControlImporterTest method testImportRepoACLAtTestNode.
/**
* Make sure repo-level acl is not imported below any other node than the
* root node.
*
* @throws Exception
*/
public void testImportRepoACLAtTestNode() throws Exception {
try {
Node target = testRootNode.addNode("test");
target.addMixin("rep:RepoAccessControllable");
doImport(target.getPath(), XML_REPO_POLICY_TREE);
assertTrue(target.hasNode("rep:repoPolicy"));
assertFalse(target.hasNode("rep:repoPolicy/allow0"));
Node n = target.getNode("rep:repoPolicy");
assertEquals("rep:RepoAccessControllable", n.getDefinition().getDeclaringNodeType().getName());
try {
superuser.save();
fail("Importing repo policy to non-root node must fail");
} catch (AccessControlException e) {
// success
}
} finally {
superuser.refresh(false);
}
}
Also used :
Node(javax.jcr.Node)
AccessControlException(javax.jcr.security.AccessControlException)
Example 22 with AccessControlException
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class CopyTest method testCopyFromProtectedParentSource.
/**
* @see <a href="https://issues.apache.org/jira/browse/OAK-2810">OAK-2810</a>
*/
@Test
public void testCopyFromProtectedParentSource() throws Exception {
// create a protected source parent node (not meant for permission validation this time)
allow(childNPath, privilegesFromName(PrivilegeConstants.JCR_ALL));
Node sourceNode = null;
NodeIterator nodeIterator = superuser.getNode(childNPath).getNode(AccessControlConstants.REP_POLICY).getNodes();
while (nodeIterator.hasNext()) {
Node n = nodeIterator.nextNode();
if (n.getDefinition().isProtected()) {
sourceNode = n;
break;
}
}
if (sourceNode == null || !sourceNode.getParent().getDefinition().isProtected()) {
throw new NotExecutableException("No protected parent found");
}
try {
superuser.getWorkspace().copy(sourceNode.getPath(), destPath);
} catch (AccessControlException e) {
// success : the copy fails because an isolated ACE is copied but
// NOT because the source-parent was a protected node.
}
}
Also used :
NodeIterator(javax.jcr.NodeIterator)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
Node(javax.jcr.Node)
AccessControlException(javax.jcr.security.AccessControlException)
Test(org.junit.Test)
Example 23 with AccessControlException
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class AbstractRestrictionProviderTest method testValidateRestrictionsUnsupportedRestriction.
@Test
public void testValidateRestrictionsUnsupportedRestriction() throws Exception {
Restriction mand = restrictionProvider.createRestriction(testPath, "mandatory", valueFactory.createValue(true));
try {
Tree ace = getAceTree(mand, new RestrictionImpl(PropertyStates.createProperty("unsupported", "value"), false));
restrictionProvider.validateRestrictions(testPath, ace);
fail("wrong type with restriction 'rep:glob");
} catch (AccessControlException e) {
// success
}
}
Also used :
Tree(org.apache.jackrabbit.oak.api.Tree)
AccessControlException(javax.jcr.security.AccessControlException)
Test(org.junit.Test)
Example 24 with AccessControlException
use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.
the class AbstractRestrictionProviderTest method testValidateRestrictionsWrongType.
@Test
public void testValidateRestrictionsWrongType() throws Exception {
Restriction mand = restrictionProvider.createRestriction(testPath, "mandatory", valueFactory.createValue(true));
try {
Tree ace = getAceTree(mand, new RestrictionImpl(PropertyStates.createProperty(REP_GLOB, true), false));
restrictionProvider.validateRestrictions(testPath, ace);
fail("wrong type with restriction 'rep:glob");
} catch (AccessControlException e) {
// success
}
}
Also used :
Tree(org.apache.jackrabbit.oak.api.Tree)
AccessControlException(javax.jcr.security.AccessControlException)
Test(org.junit.Test)
Example 25 with AccessControlException
use of javax.jcr.security.AccessControlException in project jackrabbit by apache.
the class WriteTest method testInvalidPrincipal.
public void testInvalidPrincipal() throws Exception {
PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
String unknown = "unknown";
while (pMgr.hasPrincipal(unknown)) {
unknown = unknown + "_";
}
Principal principal = new PrincipalImpl(unknown);
if (acMgr instanceof JackrabbitAccessControlManager) {
// first try applicable policies
try {
AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acMgr).getApplicablePolicies(principal);
assertNotNull(policies);
assertEquals(0, policies.length);
} catch (AccessControlException e) {
// success
}
// second existing policies
try {
AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acMgr).getPolicies(principal);
assertNotNull(policies);
assertEquals(0, policies.length);
} catch (AccessControlException e) {
// success
}
} else {
throw new NotExecutableException();
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlException(javax.jcr.security.AccessControlException)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Aggregations
AccessControlException (javax.jcr.security.AccessControlException)86
Test (org.junit.Test)32
Privilege (javax.jcr.security.Privilege)20
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19
Principal (java.security.Principal)17
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)11
Tree (org.apache.jackrabbit.oak.api.Tree)11
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)8
JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)8
RepositoryException (javax.jcr.RepositoryException)6
Value (javax.jcr.Value)6
TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)6
Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)6
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)6
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6
AccessControlEntry (javax.jcr.security.AccessControlEntry)5
AccessControlList (javax.jcr.security.AccessControlList)5
EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)5
PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)4
