Examples with AccessControlList javax.jcr.security.AccessControlList used on opensource projects

Search in sources :

Example 66 with AccessControlList

use of javax.jcr.security.AccessControlList in project sling by apache.

the class PrivilegesInfo method getDeclaredAccessRightsForPrincipal.

/**
	 * Returns the declared access rights for the resource at the specified path for the given
	 * principalId.
	 * 
	 * @param session the current JCR session
	 * @param absPath the path of the resource to retrieve the rights for
	 * @param principalId the principalId to get the access rights for
	 * @return access rights for the specified principal
	 * @throws RepositoryException
	 */
public AccessRights getDeclaredAccessRightsForPrincipal(Session session, String absPath, String principalId) throws RepositoryException {
    AccessRights rights = new AccessRights();
    if (principalId != null && principalId.length() > 0) {
        AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
        AccessControlPolicy[] policies = accessControlManager.getPolicies(absPath);
        for (AccessControlPolicy accessControlPolicy : policies) {
            if (accessControlPolicy instanceof AccessControlList) {
                AccessControlEntry[] accessControlEntries = ((AccessControlList) accessControlPolicy).getAccessControlEntries();
                for (AccessControlEntry ace : accessControlEntries) {
                    if (principalId.equals(ace.getPrincipal().getName())) {
                        boolean isAllow = AccessControlUtil.isAllow(ace);
                        if (isAllow) {
                            rights.getGranted().addAll(Arrays.asList(ace.getPrivileges()));
                        } else {
                            rights.getDenied().addAll(Arrays.asList(ace.getPrivileges()));
                        }
                    }
                }
            }
        }
    }
    return rights;
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 67 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit-oak by apache.

the class MountPermissionStoreTest method before.

@Override
@Before
public void before() throws Exception {
    super.before();
    Tree rootNode = root.getTree("/");
    Tree test = TreeUtil.addChild(rootNode, TEST_NAME, JcrConstants.NT_UNSTRUCTURED);
    Tree content = TreeUtil.addChild(test, CONTENT_NAME, JcrConstants.NT_UNSTRUCTURED);
    Tree child = TreeUtil.addChild(content, "child", JcrConstants.NT_UNSTRUCTURED);
    AccessControlManager acMgr = getAccessControlManager(root);
    Privilege[] privileges = AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ);
    AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, content.getPath());
    assertNotNull(acl);
    acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges);
    acMgr.setPolicy(content.getPath(), acl);
    AccessControlList acl2 = AccessControlUtils.getAccessControlList(acMgr, child.getPath());
    assertNotNull(acl2);
    acl2.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges);
    acMgr.setPolicy(child.getPath(), acl2);
    root.commit();
    String wspName = adminSession.getWorkspaceName();
    PermissionProvider pp = config.getPermissionProvider(root, wspName, ImmutableSet.of(EveryonePrincipal.getInstance()));
    assertTrue(pp instanceof MountPermissionProvider);
    permissionStore = ((MountPermissionProvider) pp).getPermissionStore(root, wspName, RestrictionProvider.EMPTY);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) Privilege(javax.jcr.security.Privilege) Before(org.junit.Before)

Example 68 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AcReadWriteTest method testSetModifiedPolicy.

public void testSetModifiedPolicy() throws RepositoryException, NotExecutableException {
    /* precondition:
          testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    /* grant 'testUser' rep:write, rep:readAccessControl and
           rep:modifyAccessControl privileges at 'path' */
    Privilege[] privileges = privilegesFromNames(new String[] { PrivilegeRegistry.REP_WRITE, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL });
    JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
    /*
         testuser must be allowed to set (modified) policy at target node.
        */
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    AccessControlPolicy[] policies = testAcMgr.getPolicies(path);
    assertEquals(1, policies.length);
    assertTrue(policies[0] instanceof AccessControlList);
    AccessControlList acl = (AccessControlList) policies[0];
    if (acl.addAccessControlEntry(testUser.getPrincipal(), new Privilege[] { testAcMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT) })) {
        testAcMgr.setPolicy(path, acl);
        testSession.save();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Session(javax.jcr.Session)

Example 69 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class EntryCollectorTest method testCache.

public void testCache() throws Exception {
    // --- test1 : add an ACE at path --------------------------------------
    modifyPrivileges(path, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_READ), true);
    AccessControlPolicy[] plcs = acMgr.getEffectivePolicies(path);
    AccessControlPolicy[] plcs2 = acMgr.getEffectivePolicies(childNPath);
    // effective policies must be the equal on path and childPath
    assertTrue(Arrays.equals(plcs, plcs2));
    // the policy at 'path' must contain a single ACE
    verifyACEs(plcs2, path, 1);
    // --- test2: modify the policy at 'path' ------------------------------
    modifyPrivileges(path, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_WRITE), false);
    plcs = acMgr.getEffectivePolicies(path);
    plcs2 = acMgr.getEffectivePolicies(childNPath);
    // effective policies must be the equal on path and childNPath
    assertTrue(Arrays.equals(plcs, plcs2));
    verifyACEs(plcs2, path, 2);
    // --- test3: add an policy at childNPath ------------------------------
    modifyPrivileges(childNPath, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_ADD_CHILD_NODES), true);
    plcs = acMgr.getEffectivePolicies(path);
    plcs2 = acMgr.getEffectivePolicies(childNPath);
    assertFalse(Arrays.equals(plcs, plcs2));
    verifyACEs(plcs2, path, 2);
    verifyACEs(plcs2, childNPath, 1);
    // --- test4: modify policy at childNPath ------------------------------
    modifyPrivileges(childNPath, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES), true);
    plcs = acMgr.getEffectivePolicies(path);
    plcs2 = acMgr.getEffectivePolicies(childNPath);
    assertFalse(Arrays.equals(plcs, plcs2));
    verifyACEs(plcs2, path, 2);
    // still a single ACE at childNPath. but privileges must be adjusted
    verifyACEs(plcs2, childNPath, 1);
    AccessControlList acl = null;
    for (AccessControlPolicy p : plcs2) {
        if (p instanceof JackrabbitAccessControlList && childNPath.equals(((JackrabbitAccessControlList) p).getPath())) {
            acl = (AccessControlList) p;
        }
    }
    Privilege[] privs = privilegesFromNames(new String[] { Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_REMOVE_CHILD_NODES });
    assertEquals(privs, acl.getAccessControlEntries()[0].getPrivileges());
    // --- test4: remove policy at childNPath ------------------------------
    acMgr.removePolicy(childNPath, acMgr.getPolicies(childNPath)[0]);
    superuser.save();
    plcs = acMgr.getEffectivePolicies(path);
    AccessControlPolicy[] plcs3 = acMgr.getEffectivePolicies(childNPath);
    assertTrue(Arrays.equals(plcs, plcs3));
    assertFalse(Arrays.equals(plcs2, plcs3));
    for (AccessControlPolicy p : plcs3) {
        if (p instanceof JackrabbitAccessControlList) {
            if (childNPath.equals(((JackrabbitAccessControlList) p).getPath())) {
                fail("Policy at path has been removed.");
            }
        }
    }
    verifyACEs(plcs, path, 2);
}
Also used : JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 70 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class ServerAccessControlList method removeAccessControlEntry.

public void removeAccessControlEntry(RemoteAccessControlEntry ace) throws RepositoryException {
    if (ace instanceof ServerAccessControlEntry) {
        AccessControlEntry lace = ((ServerAccessControlEntry) ace).getAccessControlEntry();
        ((AccessControlList) getAccessControlPolicy()).removeAccessControlEntry(lace);
    } else {
        throw new RepositoryException("Unsupported RemoteAccessControlEntry type " + ace.getClass());
    }
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) RemoteAccessControlList(org.apache.jackrabbit.rmi.remote.security.RemoteAccessControlList) AccessControlEntry(javax.jcr.security.AccessControlEntry) RemoteAccessControlEntry(org.apache.jackrabbit.rmi.remote.security.RemoteAccessControlEntry) RepositoryException(javax.jcr.RepositoryException)

Aggregations

AccessControlList (javax.jcr.security.AccessControlList)97 AccessControlEntry (javax.jcr.security.AccessControlEntry)49 AccessControlManager (javax.jcr.security.AccessControlManager)49 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39 Privilege (javax.jcr.security.Privilege)25 Node (javax.jcr.Node)17 RepositoryException (javax.jcr.RepositoryException)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)17 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)15 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)15 Test (org.junit.Test)13 Principal (java.security.Principal)12 AccessDeniedException (javax.jcr.AccessDeniedException)12 ArrayList (java.util.ArrayList)9 HashSet (java.util.HashSet)6 AccessControlException (javax.jcr.security.AccessControlException)6 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 NodeImpl (org.apache.jackrabbit.core.NodeImpl)6 MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)5 AccessControlException (java.security.AccessControlException)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial