Examples with AccessControlList - javax.jcr.security.AccessControlList

Example 71 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class ServerAccessControlList method addAccessControlEntry.

public boolean addAccessControlEntry(RemotePrincipal principal, RemotePrivilege[] privileges) throws RepositoryException {
    Principal p = null;
    if (principal instanceof ServerPrincipal) {
        p = ((ServerPrincipal) principal).getPrincipal();
    }
    Privilege[] privs = new Privilege[privileges.length];
    for (int i = 0; privs != null && i < privs.length; i++) {
        if (privileges[i] instanceof ServerPrivilege) {
            privs[i] = ((ServerPrivilege) privileges[i]).getPrivilege();
        } else {
            // not a compatible remote privilege, abort
            privs = null;
        }
    }
    if (p != null && privs != null) {
        return ((AccessControlList) getAccessControlPolicy()).addAccessControlEntry(p, privs);
    }
    throw new RepositoryException("Unsupported Remote types");
}

Also used : AccessControlList(javax.jcr.security.AccessControlList) RemoteAccessControlList(org.apache.jackrabbit.rmi.remote.security.RemoteAccessControlList) ServerPrincipal(org.apache.jackrabbit.rmi.server.principal.ServerPrincipal) RepositoryException(javax.jcr.RepositoryException) Privilege(javax.jcr.security.Privilege) RemotePrivilege(org.apache.jackrabbit.rmi.remote.security.RemotePrivilege) Principal(java.security.Principal) ServerPrincipal(org.apache.jackrabbit.rmi.server.principal.ServerPrincipal) RemotePrincipal(org.apache.jackrabbit.rmi.remote.principal.RemotePrincipal)

Example 72 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AccessControlListTest method testRemoveAccessControlEntryAndSetPolicy.

public void testRemoveAccessControlEntryAndSetPolicy() throws NotExecutableException, RepositoryException {
    checkCanModifyAc(path);
    // add a new ACE that can be removed later on.
    AccessControlList acl = getList(acMgr, path);
    if (!acl.addAccessControlEntry(testPrincipal, privs)) {
        throw new NotExecutableException();
    } else {
        acMgr.setPolicy(path, acl);
    }
    // try to re-access the modifiable ACL in order to remove the ACE
    // added before.
    acl = getList(acMgr, path);
    AccessControlEntry ace = null;
    AccessControlEntry[] aces = acl.getAccessControlEntries();
    if (aces.length == 0) {
        throw new NotExecutableException();
    } else {
        ace = aces[0];
        acl.removeAccessControlEntry(ace);
    }
    // before setting the policy again -> no changes visible.
    assertEquals("Removal of an ACE must only be visible upon 'setPolicy'", Arrays.asList(aces), Arrays.asList(getList(acMgr, path).getAccessControlEntries()));
    // set policy again.
    acMgr.setPolicy(path, acl);
    assertEquals("After 'setPolicy' the ACE-removal must be visible to the editing session.", Arrays.asList(acl.getAccessControlEntries()), Arrays.asList(getList(acMgr, path).getAccessControlEntries()));
}

Also used : AccessControlList(javax.jcr.security.AccessControlList) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 73 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AccessControlListTest method testRemoveAccessControlEntryIsTransient.

public void testRemoveAccessControlEntryIsTransient() throws NotExecutableException, RepositoryException {
    checkCanModifyAc(path);
    AccessControlList acl = getList(acMgr, path);
    // make sure an ACE is present and modifications are persisted.
    if (acl.addAccessControlEntry(testPrincipal, privs)) {
        acMgr.setPolicy(path, acl);
        superuser.save();
    } else {
        throw new NotExecutableException();
    }
    // retrieve ACL again -> transient removal of the ace
    acl = getList(acMgr, path);
    AccessControlEntry ace = acl.getAccessControlEntries()[0];
    acl.removeAccessControlEntry(ace);
    acMgr.setPolicy(path, acl);
    // revert changes -> removed entry must be present again.
    superuser.refresh(false);
    List<AccessControlEntry> entries = Arrays.asList(getList(acMgr, path).getAccessControlEntries());
    assertTrue("After reverting any changes the removed ACE should be present again.", entries.contains(ace));
}

Also used : AccessControlList(javax.jcr.security.AccessControlList) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 74 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AccessControlListTest method testAddAccessControlEntryInvalidPrivilege.

public void testAddAccessControlEntryInvalidPrivilege() throws NotExecutableException, RepositoryException {
    checkCanModifyAc(path);
    try {
        Privilege[] invalidPrivs = new Privilege[] { new Privilege() {

            public String getName() {
                return null;
            }

            public boolean isAbstract() {
                return false;
            }

            public boolean isAggregate() {
                return false;
            }

            public Privilege[] getDeclaredAggregatePrivileges() {
                return new Privilege[0];
            }

            public Privilege[] getAggregatePrivileges() {
                return new Privilege[0];
            }
        } };
        AccessControlList acl = getList(acMgr, path);
        acl.addAccessControlEntry(testPrincipal, invalidPrivs);
        fail("Adding an entry with an invalid privilege must throw AccessControlException.");
    } catch (AccessControlException e) {
    // success.
    } finally {
        superuser.refresh(false);
    }
}

Also used : AccessControlList(javax.jcr.security.AccessControlList) AccessControlException(javax.jcr.security.AccessControlException) Privilege(javax.jcr.security.Privilege)

Example 75 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AccessControlListTest method testAddAccessControlEntryTwice.

public void testAddAccessControlEntryTwice() throws NotExecutableException, RepositoryException {
    checkCanModifyAc(path);
    AccessControlList acl = getList(acMgr, path);
    if (acl.addAccessControlEntry(testPrincipal, privs)) {
        assertFalse("Adding the same ACE twice should not modify the AC-List.", acl.addAccessControlEntry(testPrincipal, privs));
    }
}

Also used : AccessControlList(javax.jcr.security.AccessControlList)

Aggregations

AccessControlList (javax.jcr.security.AccessControlList)97 AccessControlEntry (javax.jcr.security.AccessControlEntry)49 AccessControlManager (javax.jcr.security.AccessControlManager)49 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39 Privilege (javax.jcr.security.Privilege)25 Node (javax.jcr.Node)17 RepositoryException (javax.jcr.RepositoryException)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)17 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)15 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)15 Test (org.junit.Test)13 Principal (java.security.Principal)12 AccessDeniedException (javax.jcr.AccessDeniedException)12 ArrayList (java.util.ArrayList)9 HashSet (java.util.HashSet)6 AccessControlException (javax.jcr.security.AccessControlException)6 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 NodeImpl (org.apache.jackrabbit.core.NodeImpl)6 MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)5 AccessControlException (java.security.AccessControlException)5