Example 36 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit by apache.
the class AccessControlListTest method tearDown.
protected void tearDown() throws Exception {
try {
// restore original entries (remove others).
AccessControlList list = getList(acMgr, path);
AccessControlEntry[] entries = list.getAccessControlEntries();
for (int i = 0; i < entries.length; i++) {
AccessControlEntry ace = entries[i];
if (testPrincipal.equals(ace.getPrincipal())) {
list.removeAccessControlEntry(ace);
}
}
if (!privilegesToRestore.isEmpty()) {
list.addAccessControlEntry(testPrincipal, (Privilege[]) privilegesToRestore.toArray(new Privilege[privilegesToRestore.size()]));
}
if (list.getAccessControlEntries().length > 0 && acMgr.getPolicies(path).length > 0) {
acMgr.setPolicy(path, list);
superuser.save();
}
} catch (Exception e) {
log.warn("Unexpected error while removing test entries.", e);
}
super.tearDown();
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
AccessDeniedException(javax.jcr.AccessDeniedException)
AccessControlException(javax.jcr.security.AccessControlException)
RepositoryException(javax.jcr.RepositoryException)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
Example 37 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit by apache.
the class AccessControlListTest method testAddAggregatedPrivilegesSeparately.
public void testAddAggregatedPrivilegesSeparately() throws NotExecutableException, RepositoryException {
checkCanModifyAc(path);
Privilege aggregate = null;
for (int i = 0; i < privs.length; i++) {
if (privs[i].isAggregate()) {
aggregate = privs[i];
break;
}
}
if (aggregate == null) {
throw new NotExecutableException("No aggregate privilege supported at " + path);
}
AccessControlList acl = getList(acMgr, path);
acl.addAccessControlEntry(testPrincipal, new Privilege[] { aggregate });
Privilege[] privs = aggregate.getAggregatePrivileges();
for (int i = 0; i < privs.length; i++) {
boolean modified = acl.addAccessControlEntry(testPrincipal, new Privilege[] { privs[i] });
assertFalse("Adding the aggregated privs individually later on must not modify the policy", modified);
}
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
Privilege(javax.jcr.security.Privilege)
Example 38 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit by apache.
the class AccessControlListTest method testAddAccessControlEntryAndSetPolicy.
public void testAddAccessControlEntryAndSetPolicy() throws RepositoryException, NotExecutableException {
checkCanModifyAc(path);
AccessControlList acl = getList(acMgr, path);
List<AccessControlEntry> originalAces = Arrays.asList(acl.getAccessControlEntries());
if (!acl.addAccessControlEntry(testPrincipal, privs)) {
throw new NotExecutableException();
}
// re-access ACL from AC-Manager -> must not yet have changed
assertEquals("Before calling setPolicy any modifications to an ACL must not be reflected in the policies", originalAces, Arrays.asList(getList(acMgr, path).getAccessControlEntries()));
// setting the modified policy -> policy must change.
acMgr.setPolicy(path, acl);
assertEquals("Before calling setPolicy any modifications to an ACL must not be reflected in the policies", Arrays.asList(acl.getAccessControlEntries()), Arrays.asList(getList(acMgr, path).getAccessControlEntries()));
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Example 39 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit by apache.
the class AccessControlListTest method testAddAggregatePrivilege.
public void testAddAggregatePrivilege() throws NotExecutableException, RepositoryException {
checkCanModifyAc(path);
Privilege aggregate = null;
for (int i = 0; i < privs.length; i++) {
if (privs[i].isAggregate()) {
aggregate = privs[i];
break;
}
}
if (aggregate == null) {
throw new NotExecutableException("No aggregate privilege supported at " + path);
}
AccessControlList acl = getList(acMgr, path);
acl.addAccessControlEntry(testPrincipal, new Privilege[] { aggregate });
// make sure all privileges are present now
List<Privilege> privs = currentPrivileges(acl, testPrincipal);
assertTrue("Privileges added through 'addAccessControlEntry' must be " + "reflected upon getAccessControlEntries", privs.contains(aggregate) || privs.containsAll(Arrays.asList(aggregate.getAggregatePrivileges())));
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
Privilege(javax.jcr.security.Privilege)
Example 40 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit by apache.
the class AccessControlListTest method testAddPrivilegesPresentInEntries.
public void testAddPrivilegesPresentInEntries() throws NotExecutableException, RepositoryException {
checkCanModifyAc(path);
AccessControlList acl = getList(acMgr, path);
acl.addAccessControlEntry(testPrincipal, privs);
Set<Privilege> assignedPrivs = new HashSet<Privilege>();
AccessControlEntry[] entries = acl.getAccessControlEntries();
for (int i = 0; i < entries.length; i++) {
if (entries[i].getPrincipal().equals(testPrincipal)) {
Privilege[] prvs = entries[i].getPrivileges();
for (int j = 0; j < prvs.length; j++) {
if (prvs[j].isAggregate()) {
assignedPrivs.addAll(Arrays.asList(prvs[j].getAggregatePrivileges()));
} else {
assignedPrivs.add(prvs[j]);
}
}
}
}
Set<Privilege> expected = new HashSet<Privilege>();
for (int i = 0; i < privs.length; i++) {
if (privs[i].isAggregate()) {
expected.addAll(Arrays.asList(privs[i].getAggregatePrivileges()));
} else {
expected.add(privs[i]);
}
}
assertTrue("getAccessControlEntries must contain an entry or entries that grant at least the added privileges.", assignedPrivs.containsAll(expected));
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
HashSet(java.util.HashSet)
Aggregations
AccessControlList (javax.jcr.security.AccessControlList)97
AccessControlEntry (javax.jcr.security.AccessControlEntry)49
AccessControlManager (javax.jcr.security.AccessControlManager)49
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39
Privilege (javax.jcr.security.Privilege)25
Node (javax.jcr.Node)17
RepositoryException (javax.jcr.RepositoryException)17
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)17
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)15
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)15
Test (org.junit.Test)13
Principal (java.security.Principal)12
AccessDeniedException (javax.jcr.AccessDeniedException)12
ArrayList (java.util.ArrayList)9
HashSet (java.util.HashSet)6
AccessControlException (javax.jcr.security.AccessControlException)6
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6
NodeImpl (org.apache.jackrabbit.core.NodeImpl)6
MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)5
AccessControlException (java.security.AccessControlException)5
