Example 61 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit-oak by apache.
the class AccessControlManagementTest method testSetModifiedPolicy.
@Test
public void testSetModifiedPolicy() throws Exception {
/* grant 'testUser' rep:write, rep:readAccessControl and
rep:modifyAccessControl privileges at 'path' */
Privilege[] privileges = privilegesFromNames(new String[] { REP_WRITE, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL });
JackrabbitAccessControlList acl = allow(path, privileges);
/*
testuser must be allowed to set (modified) policy at target node.
*/
AccessControlPolicy[] policies = testAcMgr.getPolicies(path);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof AccessControlList);
AccessControlList policy = (AccessControlList) policies[0];
if (policy.addAccessControlEntry(testUser.getPrincipal(), privilegesFromName(Privilege.JCR_LOCK_MANAGEMENT))) {
testAcMgr.setPolicy(path, acl);
testSession.save();
}
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Test(org.junit.Test)
Example 62 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit-oak by apache.
the class GroupImportWithPoliciesTest method testImportGroupWithPolicies.
@Test
public void testImportGroupWithPolicies() throws Exception {
Node target = getTargetNode();
doImport(getTargetPath(), xml, ImportUUIDBehavior.IMPORT_UUID_COLLISION_REMOVE_EXISTING);
assertTrue(getImportSession().hasPendingChanges());
Authorizable newGroup = getUserManager().getAuthorizable("g");
assertNotNull(newGroup);
assertTrue(newGroup.isGroup());
assertEquals("g", newGroup.getPrincipal().getName());
assertEquals("g", newGroup.getID());
Node n = getImportSession().getNode(newGroup.getPath());
assertTrue(n.isNew());
assertTrue(n.getParent().isSame(target));
assertEquals("g", n.getName());
assertEquals("g", n.getProperty(UserConstants.REP_PRINCIPAL_NAME).getString());
AccessControlList acl = AccessControlUtils.getAccessControlList(getImportSession(), newGroup.getPath());
assertNotNull(acl);
AccessControlEntry[] aces = acl.getAccessControlEntries();
assertEquals(1, aces.length);
assertEquals("administrators", aces[0].getPrincipal().getName());
assertEquals(PrivilegeConstants.JCR_READ, aces[0].getPrivileges()[0].getName());
// saving changes of the import -> must succeed. add mandatory
// props should have been created.
getImportSession().save();
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
Node(javax.jcr.Node)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Test(org.junit.Test)
Example 63 with AccessControlList
use of javax.jcr.security.AccessControlList in project sling by apache.
the class PrivilegesInfo method getEffectiveAccessControlEntries.
private AccessControlEntry[] getEffectiveAccessControlEntries(Session session, String absPath) throws RepositoryException {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
AccessControlPolicy[] policies = accessControlManager.getEffectivePolicies(absPath);
for (AccessControlPolicy accessControlPolicy : policies) {
if (accessControlPolicy instanceof AccessControlList) {
AccessControlEntry[] accessControlEntries = ((AccessControlList) accessControlPolicy).getAccessControlEntries();
return accessControlEntries;
}
}
return new AccessControlEntry[0];
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Example 64 with AccessControlList
use of javax.jcr.security.AccessControlList in project sling by apache.
the class GetEffectiveAclServlet method getAccessControlEntries.
@Override
protected AccessControlEntry[] getAccessControlEntries(Session session, String absPath) throws RepositoryException {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
AccessControlPolicy[] policies = accessControlManager.getEffectivePolicies(absPath);
List<AccessControlEntry> allEntries = new ArrayList<AccessControlEntry>();
for (AccessControlPolicy accessControlPolicy : policies) {
if (accessControlPolicy instanceof AccessControlList) {
AccessControlEntry[] accessControlEntries = ((AccessControlList) accessControlPolicy).getAccessControlEntries();
for (AccessControlEntry accessControlEntry : accessControlEntries) {
allEntries.add(accessControlEntry);
}
}
}
return allEntries.toArray(new AccessControlEntry[allEntries.size()]);
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
ArrayList(java.util.ArrayList)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Example 65 with AccessControlList
use of javax.jcr.security.AccessControlList in project sling by apache.
the class PrivilegesInfo method getEffectiveAccessRightsForPrincipal.
/**
* Returns the effective access rights for the resource at the specified path for the given
* principalId.
*
* @param session the current JCR session
* @param absPath the path of the resource to retrieve the rights for
* @param principalId the principalId to get the access rights for
* @return access rights for the specified principal
* @throws RepositoryException
*/
public AccessRights getEffectiveAccessRightsForPrincipal(Session session, String absPath, String principalId) throws RepositoryException {
AccessRights rights = new AccessRights();
if (principalId != null && principalId.length() > 0) {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
AccessControlPolicy[] policies = accessControlManager.getEffectivePolicies(absPath);
for (AccessControlPolicy accessControlPolicy : policies) {
if (accessControlPolicy instanceof AccessControlList) {
AccessControlEntry[] accessControlEntries = ((AccessControlList) accessControlPolicy).getAccessControlEntries();
for (AccessControlEntry ace : accessControlEntries) {
if (principalId.equals(ace.getPrincipal().getName())) {
boolean isAllow = AccessControlUtil.isAllow(ace);
if (isAllow) {
rights.getGranted().addAll(Arrays.asList(ace.getPrivileges()));
} else {
rights.getDenied().addAll(Arrays.asList(ace.getPrivileges()));
}
}
}
}
}
}
return rights;
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Aggregations
AccessControlList (javax.jcr.security.AccessControlList)97
AccessControlEntry (javax.jcr.security.AccessControlEntry)49
AccessControlManager (javax.jcr.security.AccessControlManager)49
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39
Privilege (javax.jcr.security.Privilege)25
Node (javax.jcr.Node)17
RepositoryException (javax.jcr.RepositoryException)17
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)17
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)15
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)15
Test (org.junit.Test)13
Principal (java.security.Principal)12
AccessDeniedException (javax.jcr.AccessDeniedException)12
ArrayList (java.util.ArrayList)9
HashSet (java.util.HashSet)6
AccessControlException (javax.jcr.security.AccessControlException)6
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6
NodeImpl (org.apache.jackrabbit.core.NodeImpl)6
MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)5
AccessControlException (java.security.AccessControlException)5
