Example 21 with AccessControlList
use of javax.jcr.security.AccessControlList in project sling by apache.
the class PrivilegesInfo method getDeclaredAccessControlEntries.
private AccessControlEntry[] getDeclaredAccessControlEntries(Session session, String absPath) throws RepositoryException {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
AccessControlPolicy[] policies = accessControlManager.getPolicies(absPath);
for (AccessControlPolicy accessControlPolicy : policies) {
if (accessControlPolicy instanceof AccessControlList) {
AccessControlEntry[] accessControlEntries = ((AccessControlList) accessControlPolicy).getAccessControlEntries();
return accessControlEntries;
}
}
return new AccessControlEntry[0];
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Example 22 with AccessControlList
use of javax.jcr.security.AccessControlList in project camel by apache.
the class JcrAuthTestBase method createJndiContext.
@Override
protected Context createJndiContext() throws Exception {
Context context = super.createJndiContext();
repository = new TransientRepository(new File(REPO_PATH));
// set up a user to authenticate
SessionImpl session = (SessionImpl) repository.login(new SimpleCredentials("admin", "admin".toCharArray()));
UserManager userManager = session.getUserManager();
User user = (User) userManager.getAuthorizable("test");
if (user == null) {
user = userManager.createUser("test", "quatloos");
}
// set up permissions
String path = session.getRootNode().getPath();
AccessControlManager accessControlManager = session.getAccessControlManager();
AccessControlPolicyIterator acls = accessControlManager.getApplicablePolicies(path);
AccessControlList acl = null;
if (acls.hasNext()) {
acl = (AccessControlList) acls.nextAccessControlPolicy();
} else {
acl = (AccessControlList) accessControlManager.getPolicies(path)[0];
}
acl.addAccessControlEntry(user.getPrincipal(), accessControlManager.getSupportedPrivileges(path));
accessControlManager.setPolicy(path, acl);
session.save();
session.logout();
context.bind("repository", repository);
return context;
}
Also used :
Context(javax.naming.Context)
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
SimpleCredentials(javax.jcr.SimpleCredentials)
User(org.apache.jackrabbit.api.security.user.User)
TransientRepository(org.apache.jackrabbit.core.TransientRepository)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
File(java.io.File)
Example 23 with AccessControlList
use of javax.jcr.security.AccessControlList in project sling by apache.
the class ResourceResolverTest method removeAce.
// ---------- internal
private void removeAce(Session adminSession, Principal principal, String absPath) throws Exception {
AccessControlManager accessControlManager = adminSession.getAccessControlManager();
AccessControlPolicy[] policies = accessControlManager.getPolicies(absPath);
for (AccessControlPolicy plc : policies) {
if (plc instanceof AccessControlList) {
boolean modified = false;
AccessControlList acl = ((AccessControlList) plc);
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
if (principal.equals(ace.getPrincipal())) {
acl.removeAccessControlEntry(ace);
modified = true;
}
}
if (modified) {
accessControlManager.setPolicy(absPath, acl);
}
}
}
if (adminSession.hasPendingChanges()) {
adminSession.save();
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Example 24 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testEffectivePoliciesFiltering.
@Test
public void testEffectivePoliciesFiltering() throws Exception {
// create first policy with multiple ACEs for the test principal set.
ACL policy = getApplicablePolicy(testPath);
policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
policy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false);
policy.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT), false);
assertEquals(3, policy.getAccessControlEntries().length);
acMgr.setPolicy(testPath, policy);
root.commit();
// different ways to create the principal-set to make sure the filtering
// doesn't rely on principal equality but rather on the name.
List<Principal> principals = ImmutableList.of(testPrincipal, new PrincipalImpl(testPrincipal.getName()), new Principal() {
@Override
public String getName() {
return testPrincipal.getName();
}
});
for (Principal princ : principals) {
AccessControlPolicy[] policies = acMgr.getEffectivePolicies(ImmutableSet.of(princ));
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof AccessControlList);
AccessControlList acl = (AccessControlList) policies[0];
assertEquals(2, acl.getAccessControlEntries().length);
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
assertEquals(princ.getName(), ace.getPrincipal().getName());
}
}
}
Also used :
AbstractAccessControlList(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlList)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
AccessControlList(javax.jcr.security.AccessControlList)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 25 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit-oak by apache.
the class VersionManagementTest method testRemoveVersion3.
/**
* @since oak (DIFF: jr required jcr:versionManagement privilege on the version store)
*/
@Test
public void testRemoveVersion3() throws Exception {
Node n = createVersionableNode(superuser.getNode(path));
Version v = n.checkin();
n.checkout();
n.checkin();
testSession.refresh(false);
assertFalse(testAcMgr.hasPrivileges(n.getPath(), versionPrivileges));
AccessControlList acl = allow(SYSTEM, versionPrivileges);
try {
Node testNode = testSession.getNode(n.getPath());
testNode.getVersionHistory().removeVersion(v.getName());
fail("Missing jcr:versionManagement privilege -> remove a version must fail.");
} catch (AccessDeniedException e) {
// success
} finally {
// revert privilege modification (manually remove the ACE added)
for (AccessControlEntry entry : acl.getAccessControlEntries()) {
if (entry.getPrincipal().equals(testUser.getPrincipal())) {
acl.removeAccessControlEntry(entry);
}
}
acMgr.setPolicy(SYSTEM, acl);
superuser.save();
}
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
AccessDeniedException(javax.jcr.AccessDeniedException)
Version(javax.jcr.version.Version)
Node(javax.jcr.Node)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Test(org.junit.Test)
Aggregations
AccessControlList (javax.jcr.security.AccessControlList)97
AccessControlEntry (javax.jcr.security.AccessControlEntry)49
AccessControlManager (javax.jcr.security.AccessControlManager)49
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39
Privilege (javax.jcr.security.Privilege)25
Node (javax.jcr.Node)17
RepositoryException (javax.jcr.RepositoryException)17
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)17
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)15
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)15
Test (org.junit.Test)13
Principal (java.security.Principal)12
AccessDeniedException (javax.jcr.AccessDeniedException)12
ArrayList (java.util.ArrayList)9
HashSet (java.util.HashSet)6
AccessControlException (javax.jcr.security.AccessControlException)6
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6
NodeImpl (org.apache.jackrabbit.core.NodeImpl)6
MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)5
AccessControlException (java.security.AccessControlException)5
