use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.
the class AccessControlImporterTest method testImportEmptyExistingPolicy.
/**
* Imports an empty resource-based ACL for a policy that already exists.
*
* @throws Exception
*/
public void testImportEmptyExistingPolicy() throws Exception {
NodeImpl target = (NodeImpl) testRootNode;
target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
AccessControlManager acMgr = sImpl.getAccessControlManager();
for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
if (policy instanceof AccessControlList) {
acMgr.setPolicy(target.getPath(), policy);
}
}
try {
InputStream in = new ByteArrayInputStream(XML_POLICY_ONLY.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(0, entries.length);
} finally {
superuser.refresh(false);
}
}
use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.
the class AccessControlImporterTest method testImportACLUnknown.
/**
* Imports a resource-based ACL containing a single entry.
*
* @throws Exception
*/
public void testImportACLUnknown() throws Exception {
try {
NodeImpl target = (NodeImpl) testRootNode.addNode(nodeName1);
target.addMixin("rep:AccessControllable");
InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_4.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
String path = target.getPath();
AccessControlManager acMgr = sImpl.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(path);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(2, entries.length);
AccessControlEntry entry = entries[0];
assertEquals("unknownprincipal", entry.getPrincipal().getName());
assertEquals(1, entry.getPrivileges().length);
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
entry = entries[1];
assertEquals("admin", entry.getPrincipal().getName());
assertEquals(1, entry.getPrivileges().length);
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
} finally {
superuser.refresh(false);
}
}
use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.
the class AccessControlImporterTest method testImportRepoACLAtRoot.
/**
* Repo level acl must be imported underneath the root node.
*
* @throws Exception
*/
public void testImportRepoACLAtRoot() throws Exception {
NodeImpl target = (NodeImpl) sImpl.getRootNode();
AccessControlManager acMgr = sImpl.getAccessControlManager();
try {
// need to add mixin. in contrast to only using JCR API to retrieve
// and set the policies the protected item import only is called if
// the node to be imported is defined to be protected. however, if
// the root node doesn't have the mixin assigned the defining node
// type of the imported policy nodes will be rep:root (unstructured)
// and the items will not be detected as being protected.
target.addMixin("rep:RepoAccessControllable");
InputStream in = new ByteArrayInputStream(XML_REPO_POLICY_TREE.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
AccessControlPolicy[] policies = acMgr.getPolicies(null);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(1, entries.length);
assertEquals(1, entries[0].getPrivileges().length);
assertEquals(acMgr.privilegeFromName("jcr:workspaceManagement"), entries[0].getPrivileges()[0]);
assertTrue(target.hasNode("rep:repoPolicy"));
assertTrue(target.hasNode("rep:repoPolicy/allow"));
// clean up again
acMgr.removePolicy(null, policies[0]);
assertFalse(target.hasNode("rep:repoPolicy"));
assertFalse(target.hasNode("rep:repoPolicy/allow"));
} finally {
superuser.refresh(false);
}
}
use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.
the class AccessControlImporterTest method testImportACL.
/**
* Imports a resource-based ACL containing a single entry.
*
* @throws Exception
*/
public void testImportACL() throws Exception {
NodeImpl target = (NodeImpl) testRootNode;
try {
InputStream in = new ByteArrayInputStream(XML_POLICY_TREE.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
assertTrue(target.hasNode("test"));
String path = target.getNode("test").getPath();
AccessControlManager acMgr = sImpl.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(path);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(1, entries.length);
AccessControlEntry entry = entries[0];
assertEquals("everyone", entry.getPrincipal().getName());
assertEquals(1, entry.getPrivileges().length);
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
} finally {
superuser.refresh(false);
}
}
use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.
the class AccessControlImporterTest method testImportPolicyExists.
/**
* Imports a resource-based ACL containing a single entry for a policy that
* already exists.
*
* @throws Exception
*/
public void testImportPolicyExists() throws Exception {
// all ACEs for an import. maybe control this behavior via uuid-flag.
if (true) {
return;
}
NodeImpl target = (NodeImpl) testRootNode;
target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
AccessControlManager acMgr = sImpl.getAccessControlManager();
for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
if (policy instanceof AccessControlList) {
Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT) };
((AccessControlList) policy).addAccessControlEntry(sImpl.getPrincipalManager().getEveryone(), privs);
acMgr.setPolicy(target.getPath(), policy);
}
}
try {
InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_2.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(1, entries.length);
AccessControlEntry entry = entries[0];
assertEquals("everyone", entry.getPrincipal().getName());
List<Privilege> privs = Arrays.asList(entry.getPrivileges());
assertEquals(2, privs.size());
assertTrue(privs.contains(acMgr.privilegeFromName(Privilege.JCR_WRITE)) && privs.contains(acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT)));
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
} finally {
superuser.refresh(false);
}
}
Aggregations