Examples with AccessControlList javax.jcr.security.AccessControlList used on opensource projects

Search in sources :

Example 31 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AccessControlImporterTest method testImportEmptyExistingPolicy.

/**
 * Imports an empty resource-based ACL for a policy that already exists.
 *
 * @throws Exception
 */
public void testImportEmptyExistingPolicy() throws Exception {
    NodeImpl target = (NodeImpl) testRootNode;
    target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
    AccessControlManager acMgr = sImpl.getAccessControlManager();
    for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
        AccessControlPolicy policy = it.nextAccessControlPolicy();
        if (policy instanceof AccessControlList) {
            acMgr.setPolicy(target.getPath(), policy);
        }
    }
    try {
        InputStream in = new ByteArrayInputStream(XML_POLICY_ONLY.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(0, entries.length);
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 32 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AccessControlImporterTest method testImportPolicyExists.

/**
 * Imports a resource-based ACL containing a single entry for a policy that
 * already exists.
 *
 * @throws Exception
 */
public void testImportPolicyExists() throws Exception {
    // all ACEs for an import. maybe control this behavior via uuid-flag.
    if (true) {
        return;
    }
    NodeImpl target = (NodeImpl) testRootNode;
    target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
    AccessControlManager acMgr = sImpl.getAccessControlManager();
    for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
        AccessControlPolicy policy = it.nextAccessControlPolicy();
        if (policy instanceof AccessControlList) {
            Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT) };
            ((AccessControlList) policy).addAccessControlEntry(sImpl.getPrincipalManager().getEveryone(), privs);
            acMgr.setPolicy(target.getPath(), policy);
        }
    }
    try {
        InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_2.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals("everyone", entry.getPrincipal().getName());
        List<Privilege> privs = Arrays.asList(entry.getPrivileges());
        assertEquals(2, privs.size());
        assertTrue(privs.contains(acMgr.privilegeFromName(Privilege.JCR_WRITE)) && privs.contains(acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT)));
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) ByteArrayInputStream(java.io.ByteArrayInputStream) Privilege(javax.jcr.security.Privilege)

Example 33 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AbstractRepositoryOperationTest method testGetEffectivePoliciesByPrincipal.

public void testGetEffectivePoliciesByPrincipal() throws Exception {
    if (!(acMgr instanceof JackrabbitAccessControlManager)) {
        throw new NotExecutableException();
    }
    JackrabbitAccessControlManager jAcMgr = (JackrabbitAccessControlManager) acMgr;
    Set<Principal> principalSet = Collections.singleton(testUser.getPrincipal());
    try {
        // initial state: no repo level policy
        AccessControlPolicy[] policies = acMgr.getPolicies(null);
        assertNotNull(policies);
        assertEquals(0, policies.length);
        AccessControlPolicy[] effective = jAcMgr.getEffectivePolicies(principalSet);
        assertNotNull(effective);
        assertEquals(0, effective.length);
        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
        assertTrue(it.hasNext());
        // modify the repo level policy
        modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
        modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
        // verify that the effective policies for the given principal set
        // is properly calculated.
        AccessControlPolicy[] eff = jAcMgr.getEffectivePolicies(principalSet);
        assertNotNull(eff);
        assertEquals(1, eff.length);
        assertTrue(eff[0] instanceof AccessControlList);
        AccessControlList acl = (AccessControlList) eff[0];
        AccessControlEntry[] aces = acl.getAccessControlEntries();
        assertNotNull(aces);
        assertEquals(2, aces.length);
        for (AccessControlEntry ace : aces) {
            assertEquals(testUser.getPrincipal(), ace.getPrincipal());
        }
    } catch (UnsupportedRepositoryOperationException e) {
        throw new NotExecutableException();
    } finally {
        // remove it again
        for (AccessControlPolicy plc : acMgr.getPolicies(null)) {
            acMgr.removePolicy(null, plc);
        }
        superuser.save();
        // back to initial state: no repo level policy
        AccessControlPolicy[] policies = acMgr.getPolicies(null);
        assertNotNull(policies);
        assertEquals(0, policies.length);
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) UnsupportedRepositoryOperationException(javax.jcr.UnsupportedRepositoryOperationException) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) AccessControlEntry(javax.jcr.security.AccessControlEntry) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) Principal(java.security.Principal)

Example 34 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AbstractRepositoryOperationTest method testRepoPolicyAPI.

public void testRepoPolicyAPI() throws Exception {
    try {
        // initial state: no repo level policy
        AccessControlPolicy[] policies = acMgr.getPolicies(null);
        assertNotNull(policies);
        assertEquals(0, policies.length);
        AccessControlPolicy[] effective = acMgr.getEffectivePolicies(null);
        assertNotNull(effective);
        assertEquals(0, effective.length);
        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
        assertNotNull(it);
        assertTrue(it.hasNext());
        AccessControlPolicy acp = it.nextAccessControlPolicy();
        assertNotNull(acp);
        assertTrue(acp instanceof JackrabbitAccessControlPolicy);
        // modify the repo level policy
        modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
        modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
        AccessControlPolicy[] plcs = acMgr.getPolicies(null);
        assertNotNull(plcs);
        assertEquals(1, plcs.length);
        assertTrue(plcs[0] instanceof AccessControlList);
        AccessControlList acl = (AccessControlList) plcs[0];
        AccessControlEntry[] aces = acl.getAccessControlEntries();
        assertNotNull(aces);
        assertEquals(2, aces.length);
        assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, true);
        assertPermission(Permission.NAMESPACE_MNGMT, true);
        assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
        assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
        effective = acMgr.getEffectivePolicies(null);
        assertNotNull(effective);
        assertEquals(1, effective.length);
        assertTrue(effective[0] instanceof AccessControlList);
        acl = (AccessControlList) effective[0];
        aces = acl.getAccessControlEntries();
        assertNotNull(aces);
        assertEquals(2, aces.length);
        // change the policy: removing the second entry in the access control list
        acl = (AccessControlList) acMgr.getPolicies(null)[0];
        AccessControlEntry toRemove = acl.getAccessControlEntries()[1];
        acl.removeAccessControlEntry(toRemove);
        acMgr.setPolicy(null, acl);
        superuser.save();
        acl = (AccessControlList) acMgr.getPolicies(null)[0];
        aces = acl.getAccessControlEntries();
        assertNotNull(aces);
        assertEquals(1, aces.length);
        assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, false);
        assertPermission(Permission.NAMESPACE_MNGMT, false);
        assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
        assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
    } catch (UnsupportedRepositoryOperationException e) {
        throw new NotExecutableException();
    } finally {
        // remove it again
        for (AccessControlPolicy plc : acMgr.getPolicies(null)) {
            acMgr.removePolicy(null, plc);
        }
        superuser.save();
        // back to initial state: no repo level policy
        AccessControlPolicy[] policies = acMgr.getPolicies(null);
        assertNotNull(policies);
        assertEquals(0, policies.length);
        AccessControlPolicy[] effective = acMgr.getEffectivePolicies(null);
        assertNotNull(effective);
        assertEquals(0, effective.length);
        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
        assertNotNull(it);
        assertTrue(it.hasNext());
        AccessControlPolicy acp = it.nextAccessControlPolicy();
        assertNotNull(acp);
        assertTrue(acp instanceof JackrabbitAccessControlPolicy);
    }
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) UnsupportedRepositoryOperationException(javax.jcr.UnsupportedRepositoryOperationException) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) AccessControlEntry(javax.jcr.security.AccessControlEntry) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)

Example 35 with AccessControlList

use of javax.jcr.security.AccessControlList in project jackrabbit by apache.

the class AccessControlListTest method testGetAccessControlEntries.

public void testGetAccessControlEntries() throws RepositoryException, AccessDeniedException, NotExecutableException {
    checkCanReadAc(path);
    AccessControlList acl = getList(acMgr, path);
    // call must succeed.
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    assertNotNull("AccessControlList#getAccessControlEntries must not return null.", entries);
    for (int i = 0; i < entries.length; i++) {
        assertNotNull("An ACE must contain a principal", entries[i].getPrincipal());
        Privilege[] privs = entries[i].getPrivileges();
        assertTrue("An ACE must contain at least a single privilege", privs != null && privs.length > 0);
    }
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege)

Aggregations

AccessControlList (javax.jcr.security.AccessControlList)97 AccessControlEntry (javax.jcr.security.AccessControlEntry)49 AccessControlManager (javax.jcr.security.AccessControlManager)49 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39 Privilege (javax.jcr.security.Privilege)25 Node (javax.jcr.Node)17 RepositoryException (javax.jcr.RepositoryException)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)17 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)15 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)15 Test (org.junit.Test)13 Principal (java.security.Principal)12 AccessDeniedException (javax.jcr.AccessDeniedException)12 ArrayList (java.util.ArrayList)9 HashSet (java.util.HashSet)6 AccessControlException (javax.jcr.security.AccessControlException)6 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 NodeImpl (org.apache.jackrabbit.core.NodeImpl)6 MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)5 AccessControlException (java.security.AccessControlException)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial