Search in sources :

Example 36 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class RSessionAccessControlPolicyTest method testSetInvalidPolicy.

public void testSetInvalidPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
    try {
        testAcMgr.setPolicy(path, new AccessControlPolicy() {

            public String getName() throws RepositoryException {
                return getClass().getName();
            }

            public String getDescription() throws RepositoryException {
                return "";
            }
        });
        fail("Invalid policy may not be set by a READ-only session.");
    } catch (AccessControlException e) {
    // success.
    }
}
Also used : AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlException(javax.jcr.security.AccessControlException) RepositoryException(javax.jcr.RepositoryException)

Example 37 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class RSessionAccessControlPolicyTest method testSetPolicy.

public void testSetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
    // retrieve valid policy using superuser session:
    AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
    if (!it.hasNext()) {
        throw new NotExecutableException();
    }
    try {
        testAcMgr.setPolicy(path, it.nextAccessControlPolicy());
        fail("read only session may not modify AC content.");
    } catch (AccessControlException e) {
    // success.
    }
}
Also used : NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) AccessControlException(javax.jcr.security.AccessControlException) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)

Example 38 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class AccessControlManagerImpl method checkAcccessControlItem.

/**
 * Checks whether if the given nodePath points to an access
 * control policy or entry node.
 * @param nodePath
 * @throws AccessControlException
 * @throws RepositoryException
 */
private void checkAcccessControlItem(String nodePath) throws AccessControlException, RepositoryException {
    NodeState controlledState = getNodeState(nodePath);
    Name ntName = controlledState.getNodeTypeName();
    boolean isAcItem = ntName.equals(NT_REP_ACL) || ntName.equals(NT_REP_GRANT_ACE) || ntName.equals(NT_REP_DENY_ACE);
    if (isAcItem) {
        throw new AccessControlException("The path: " + nodePath + " points to an access control content node");
    }
}
Also used : NodeState(org.apache.jackrabbit.jcr2spi.state.NodeState) AccessControlException(javax.jcr.security.AccessControlException) Name(org.apache.jackrabbit.spi.Name)

Example 39 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit by apache.

the class AccessControlManagerImpl method removePolicy.

public void removePolicy(String absPath, AccessControlPolicy policy) throws RepositoryException {
    checkValidNodePath(absPath);
    checkValidPolicy(policy);
    NodeState aclNode = getAclNode(absPath);
    if (aclNode != null) {
        removeNode(aclNode);
    } else {
        throw new AccessControlException("No policy exist at " + absPath);
    }
}
Also used : NodeState(org.apache.jackrabbit.jcr2spi.state.NodeState) AccessControlException(javax.jcr.security.AccessControlException)

Example 40 with AccessControlException

use of javax.jcr.security.AccessControlException in project jackrabbit-oak by apache.

the class CugAccessControlManager method removePolicy.

@Override
public void removePolicy(String absPath, AccessControlPolicy policy) throws RepositoryException {
    String oakPath = getOakPath(absPath);
    if (isSupportedPath(oakPath)) {
        checkValidPolicy(absPath, policy);
        Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL, true);
        Tree cug = tree.getChild(REP_CUG_POLICY);
        if (!CugUtil.definesCug(cug)) {
            throw new AccessControlException("Unexpected primary type of node rep:cugPolicy.");
        } else {
            // remove the rep:CugMixin if it has been explicitly added upon setPolicy
            Set<String> mixins = Sets.newHashSet(TreeUtil.getNames(tree, NodeTypeConstants.JCR_MIXINTYPES));
            if (mixins.remove(MIX_REP_CUG_MIXIN)) {
                tree.setProperty(JcrConstants.JCR_MIXINTYPES, mixins, NAMES);
            } else {
                log.debug("Cannot remove mixin type " + MIX_REP_CUG_MIXIN);
            }
            cug.remove();
        }
    } else {
        throw new AccessControlException("Unsupported path: " + absPath);
    }
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) AccessControlException(javax.jcr.security.AccessControlException)

Aggregations

AccessControlException (javax.jcr.security.AccessControlException)86 Test (org.junit.Test)32 Privilege (javax.jcr.security.Privilege)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Principal (java.security.Principal)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)11 Tree (org.apache.jackrabbit.oak.api.Tree)11 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)9 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)8 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)8 RepositoryException (javax.jcr.RepositoryException)6 Value (javax.jcr.Value)6 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)6 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)6 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6 AccessControlEntry (javax.jcr.security.AccessControlEntry)5 AccessControlList (javax.jcr.security.AccessControlList)5 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)5 PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)4