Search in sources :

Example 61 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class AccessControlImporterTest method testImportRepoACLAtTestNode.

/**
     * Make sure repo-level acl is not imported below any other node than the
     * root node.
     *
     * @throws Exception
     */
public void testImportRepoACLAtTestNode() throws Exception {
    NodeImpl target = (NodeImpl) testRootNode.addNode("test");
    target.addMixin("rep:RepoAccessControllable");
    AccessControlManager acMgr = sImpl.getAccessControlManager();
    try {
        InputStream in = new ByteArrayInputStream(XML_REPO_POLICY_TREE.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        AccessControlPolicy[] policies = acMgr.getPolicies(null);
        assertEquals(0, policies.length);
        assertTrue(target.hasNode("rep:repoPolicy"));
        assertFalse(target.hasNode("rep:repoPolicy/allow0"));
        Node n = target.getNode("rep:repoPolicy");
        assertEquals("rep:RepoAccessControllable", n.getDefinition().getDeclaringNodeType().getName());
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) Node(javax.jcr.Node)

Example 62 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class AccessControlImporterTest method testImportWithDefaultImporter.

/**
     * With the default importer that isn't able to deal with ACEs the
     * policy will be created but any ACEs will be ignored.
     *
     * @throws Exception
     */
public void testImportWithDefaultImporter() throws Exception {
    NodeImpl target = (NodeImpl) testRootNode;
    try {
        InputStream in = new ByteArrayInputStream(XML_POLICY_TREE.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, null);
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        assertTrue(target.hasNode("test"));
        String path = target.getNode("test").getPath();
        AccessControlManager acMgr = sImpl.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(path);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(0, entries.length);
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 63 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.

the class ConcurrentCreateNodesTest method createACLsForEveryone.

private void createACLsForEveryone(Session session, int numACLs) throws RepositoryException {
    AccessControlManager acMgr = session.getAccessControlManager();
    Node listenHere = session.getRootNode().addNode("nodes-with-acl");
    for (int i = 0; i < numACLs; i++) {
        String path = listenHere.addNode("node-" + i).getPath();
        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, path);
        if (acl.isEmpty()) {
            Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
            if (acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges)) {
                acMgr.setPolicy(path, acl);
            }
        }
    }
    session.save();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 64 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.

the class ConcurrentEveryoneACLTest method beforeSuite.

@Override
public void beforeSuite() throws Exception {
    Session session = loginWriter();
    AccessControlManager acMgr = session.getAccessControlManager();
    Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
    final Node root = session.getRootNode().addNode(ROOT_NODE_NAME, "nt:unstructured");
    for (int i = 0; i < NODE_COUNT; i++) {
        Node node = root.addNode("node" + i, "nt:unstructured");
        for (int j = 0; j < NODE_COUNT; j++) {
            Node newNode = node.addNode("node" + j, "nt:unstructured");
            JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, newNode.getPath());
            acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
            acMgr.setPolicy(newNode.getPath(), acl);
        }
        session.save();
    }
    // deny everyone on root node
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, root.getPath());
    acl.addEntry(EveryonePrincipal.getInstance(), privileges, false);
    acMgr.setPolicy(root.getPath(), acl);
    session.save();
    final int[] numACEs = new int[1];
    ItemVisitor v = new TraversingItemVisitor.Default() {

        @Override
        protected void entering(Node node, int i) throws RepositoryException {
            if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
                numACEs[0]++;
            }
            super.entering(node, i);
        }

        @Override
        protected void entering(Property prop, int i) throws RepositoryException {
            super.entering(prop, i);
        }
    };
    v.visit(root);
    System.out.println("Num ACEs: " + numACEs[0]);
    session.logout();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) ItemVisitor(javax.jcr.ItemVisitor) TraversingItemVisitor(javax.jcr.util.TraversingItemVisitor) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Property(javax.jcr.Property) Session(javax.jcr.Session)

Example 65 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.

the class HiddenTest method testCombinedSetup.

@Test
public void testCombinedSetup() throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    try {
        AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ));
        acMgr.setPolicy("/", acl);
        root.commit();
        PermissionProvider combined = getConfig(AuthorizationConfiguration.class).getPermissionProvider(readOnlyRoot, root.getContentSession().getWorkspaceName(), ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()));
        assertFalse(combined.hasPrivileges(hiddenTree, PrivilegeConstants.JCR_READ));
        assertTrue(combined.getPrivileges(hiddenTree).isEmpty());
        assertTrue(combined.isGranted(hiddenTree, null, Permissions.ALL));
        assertTrue(combined.isGranted(hiddenTree.getPath(), Permissions.getString(Permissions.ALL)));
        Tree t = readOnlyRoot.getTree("/");
        TreePermission tp = combined.getTreePermission(t, TreePermission.EMPTY);
        for (String name : PathUtils.elements(hiddenTree.getPath())) {
            t = t.getChild(name);
            tp = combined.getTreePermission(t, tp);
        }
        assertTrue(tp.isGranted(Permissions.ALL));
    } finally {
        AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ));
        acMgr.removePolicy("/", acl);
        root.commit();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) Test(org.junit.Test)

Aggregations

AccessControlManager (javax.jcr.security.AccessControlManager)192 Privilege (javax.jcr.security.Privilege)82 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)77 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)62 Session (javax.jcr.Session)47 Test (org.junit.Test)45 AccessControlEntry (javax.jcr.security.AccessControlEntry)39 Node (javax.jcr.Node)33 AccessControlList (javax.jcr.security.AccessControlList)32 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)23 Principal (java.security.Principal)22 Value (javax.jcr.Value)17 HashMap (java.util.HashMap)14 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)14 Group (org.apache.jackrabbit.api.security.user.Group)14 ValueFactory (javax.jcr.ValueFactory)13 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)13 NodeImpl (org.apache.jackrabbit.core.NodeImpl)13 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)12