Search in sources :

Example 26 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class CombinedEditor method removePolicy.

/**
 * @see AccessControlEditor#removePolicy(String,AccessControlPolicy)
 */
public void removePolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException {
    for (AccessControlEditor editor : editors) {
        try {
            // return as soon as the first editor successfully handled the
            // specified template
            editor.removePolicy(nodePath, policy);
            log.debug("Removed template " + policy + " using " + editor);
            return;
        } catch (AccessControlException e) {
            log.debug(e.getMessage());
        // ignore and try next
        }
    }
    // neither of the editors was able to remove a policy at nodePath
    throw new AccessControlException("Unable to remove template " + policy);
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) AccessControlEditor(org.apache.jackrabbit.core.security.authorization.AccessControlEditor)

Example 27 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class ACLEditor method removePolicy.

/**
 * @see AccessControlEditor#removePolicy(String,AccessControlPolicy)
 */
public void removePolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException {
    checkProtectsNode(nodePath);
    checkValidPolicy(nodePath, policy);
    NodeImpl acNode = getAcNode(nodePath);
    if (isAccessControlled(acNode)) {
        // build the template in order to have a return value
        AccessControlPolicy tmpl = createTemplate(acNode);
        if (tmpl.equals(policy)) {
            removeItem(acNode.getNode(N_POLICY));
            return;
        }
    }
    // to the node at 'nodePath' -> throw exception. no policy was removed
    throw new AccessControlException("Policy " + policy + " does not apply to " + nodePath);
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) AccessControlException(javax.jcr.security.AccessControlException)

Example 28 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class ACLEditor method editAccessControlPolicies.

/**
 * @see AccessControlEditor#editAccessControlPolicies(Principal)
 */
public JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws RepositoryException {
    if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
        throw new AccessControlException("Cannot edit access control: " + principal.getName() + " isn't a known principal.");
    }
    String nPath = getPathToAcNode(principal);
    NodeImpl acNode;
    if (!session.nodeExists(nPath)) {
        acNode = createAcNode(nPath);
    } else {
        acNode = (NodeImpl) session.getNode(nPath);
    }
    if (!isAccessControlled(acNode)) {
        return new JackrabbitAccessControlPolicy[] { createTemplate(acNode) };
    } else {
        // no additional applicable policies present.
        return new JackrabbitAccessControlPolicy[0];
    }
}
Also used : NodeImpl(org.apache.jackrabbit.core.NodeImpl) AccessControlException(javax.jcr.security.AccessControlException) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)

Example 29 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class ACLEditor method removePolicy.

/**
 * @see AccessControlEditor#removePolicy(String,AccessControlPolicy)
 */
public synchronized void removePolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, RepositoryException {
    checkProtectsNode(nodePath);
    checkValidPolicy(nodePath, policy);
    NodeImpl aclNode = getAclNode(nodePath);
    if (aclNode != null) {
        removeItem(aclNode);
    } else {
        throw new AccessControlException("No policy to remove at " + nodePath);
    }
}
Also used : NodeImpl(org.apache.jackrabbit.core.NodeImpl) AccessControlException(javax.jcr.security.AccessControlException)

Example 30 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class PrivilegeRegistry method getBits.

/**
 * Best effort approach to calculate bits for built-in privileges. Throws
 * <code>UnsupportedOperationException</code> if the workaround fails.
 *
 * @param privileges An array of privileges.
 * @return The privilege bits.
 * @throws AccessControlException If the specified array is null
 * or if it contains an unregistered privilege.
 * @see #getPrivileges(int)
 * @deprecated Use {@link PrivilegeManagerImpl#getBits(javax.jcr.security.Privilege...)} instead.
 */
public static int getBits(Privilege[] privileges) throws AccessControlException {
    if (privileges == null || privileges.length == 0) {
        throw new AccessControlException("Privilege array is empty or null.");
    }
    Map<String, String> lookup = new HashMap<String, String>(2);
    lookup.put(Name.NS_REP_PREFIX, Name.NS_REP_URI);
    lookup.put(Name.NS_JCR_PREFIX, Name.NS_JCR_URI);
    int bits = NO_PRIVILEGE;
    for (Privilege priv : privileges) {
        String prefix = Text.getNamespacePrefix(priv.getName());
        if (lookup.containsKey(prefix)) {
            Name n = NAME_FACTORY.create(lookup.get(prefix), Text.getLocalName(priv.getName()));
            if (PRIVILEGE_NAMES.containsKey(n)) {
                bits |= PRIVILEGE_NAMES.get(n);
            } else if (NameConstants.JCR_WRITE.equals(n)) {
                bits |= createJcrWriteDefinition().bits.longValue();
            } else if (REP_WRITE_NAME.equals(n)) {
                Definition jcrWrite = createJcrWriteDefinition();
                bits |= createRepWriteDefinition(jcrWrite).bits.longValue();
            } else if (NameConstants.JCR_ALL.equals(n)) {
                for (Name pn : PRIVILEGE_NAMES.keySet()) {
                    bits |= PRIVILEGE_NAMES.get(pn);
                }
            } else {
                throw new AccessControlException("Unknown privilege '" + priv.getName() + "'.");
            }
        } else {
            throw new AccessControlException("Unknown privilege '" + priv.getName() + "'.");
        }
    }
    return bits;
}
Also used : HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) PrivilegeDefinition(org.apache.jackrabbit.spi.PrivilegeDefinition) AccessControlException(javax.jcr.security.AccessControlException) Privilege(javax.jcr.security.Privilege) Name(org.apache.jackrabbit.spi.Name)

Aggregations

AccessControlException (javax.jcr.security.AccessControlException)86 Test (org.junit.Test)32 Privilege (javax.jcr.security.Privilege)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Principal (java.security.Principal)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)11 Tree (org.apache.jackrabbit.oak.api.Tree)11 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)8 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)8 RepositoryException (javax.jcr.RepositoryException)6 Value (javax.jcr.Value)6 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)6 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)6 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6 AccessControlEntry (javax.jcr.security.AccessControlEntry)5 AccessControlList (javax.jcr.security.AccessControlList)5 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)5 PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)4