Example 6 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.
the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.
public void testGetEffectivePoliciesByPrincipal() throws Exception {
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);
JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));
acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
if (acp.length == 0) {
acp = jacMgr.getPolicies(testUser.getPrincipal());
}
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlList);
// let testuser read the ACL defined for 'testUser' principal.
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
jacMgr.setPolicy(acl.getPath(), acl);
superuser.save();
Session testSession = getTestSession();
AccessControlManager testAcMgr = getTestACManager();
// effective policies for testPrinicpal only on path -> must succeed.
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
// effective policies for a combination of principals -> must fail
try {
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(((SessionImpl) testSession).getSubject().getPrincipals());
fail();
} catch (AccessDeniedException e) {
// success
}
}
Also used :
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlManager(javax.jcr.security.AccessControlManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessDeniedException(javax.jcr.AccessDeniedException)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Principal(java.security.Principal)
Session(javax.jcr.Session)
Example 7 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.
the class AuthorizableActionTest method assertAcAction.
private static void assertAcAction(Authorizable a, UserManagerImpl umgr) throws RepositoryException, NotExecutableException {
Session s = umgr.getSession();
AccessControlManager acMgr = s.getAccessControlManager();
boolean hasACL = false;
AccessControlPolicyIterator it = acMgr.getApplicablePolicies("/");
while (it.hasNext()) {
if (it.nextAccessControlPolicy() instanceof AccessControlList) {
hasACL = true;
break;
}
}
if (!hasACL) {
for (AccessControlPolicy p : acMgr.getPolicies("/")) {
if (p instanceof AccessControlList) {
hasACL = true;
break;
}
}
}
if (!hasACL) {
throw new NotExecutableException("No ACLs in workspace containing users.");
}
String path = a.getPath();
assertEquals(1, acMgr.getPolicies(path).length);
assertTrue(acMgr.getPolicies(path)[0] instanceof AccessControlList);
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Session(javax.jcr.Session)
Example 8 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class FlatTreeWithAceForSamePrincipalTest method beforeSuite.
@Override
protected void beforeSuite() throws Exception {
long start = System.currentTimeMillis();
admin = loginWriter();
userManager = ((JackrabbitSession) admin).getUserManager();
Principal userPrincipal = userManager.createUser(TEST_USER_ID, TEST_USER_ID).getPrincipal();
AccessControlManager acm = admin.getAccessControlManager();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acm, "/");
acl.addEntry(userPrincipal, AccessControlUtils.privilegesFromNames(acm, PrivilegeConstants.JCR_READ), true);
acm.setPolicy("/", acl);
Node a = admin.getRootNode().addNode(ROOT_NODE_NAME, "nt:folder");
for (int i = 1; i < 10000; i++) {
a.addNode("node" + i, "nt:folder");
acl = AccessControlUtils.getAccessControlList(acm, ROOT_PATH + "/node" + i);
acl.addEntry(userPrincipal, AccessControlUtils.privilegesFromNames(acm, PrivilegeConstants.JCR_READ), true);
acm.setPolicy(ROOT_PATH + "/node" + i, acl);
}
admin.save();
reader = login(new SimpleCredentials(TEST_USER_ID, TEST_USER_ID.toCharArray()));
long end = System.currentTimeMillis();
System.out.println("setup time " + (end - start));
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
SimpleCredentials(javax.jcr.SimpleCredentials)
Node(javax.jcr.Node)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Principal(java.security.Principal)
Example 9 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class PermissionHookTest method before.
@Override
@Before
public void before() throws Exception {
super.before();
testPrincipal = getTestUser().getPrincipal();
NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper);
NodeUtil testNode = rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED);
testNode.addChild("childNode", JcrConstants.NT_UNSTRUCTURED);
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
acl.addAccessControlEntry(testPrincipal, privilegesFromNames(JCR_ADD_CHILD_NODES));
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(JCR_READ));
acMgr.setPolicy(testPath, acl);
root.commit();
bitsProvider = new PrivilegeBitsProvider(root);
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)
Before(org.junit.Before)
Example 10 with AccessControlManager
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class TreePermissionImplTest method testCanReadProperties2.
@Test
public void testCanReadProperties2() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ), true);
acMgr.setPolicy("/test", acl);
root.commit();
Tree policyTree = root.getTree("/test/rep:policy");
NodeUtil ace = new NodeUtil(policyTree).addChild("ace2", NT_REP_DENY_ACE);
ace.setNames(REP_PRIVILEGES, PrivilegeConstants.REP_READ_PROPERTIES);
ace.setString(REP_PRINCIPAL_NAME, getTestUser().getPrincipal().getName());
root.commit();
TreePermission tp = getTreePermission("/test");
assertFalse(tp.canReadProperties());
assertTrue(tp.canRead());
assertFalse(tp.canReadProperties());
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Tree(org.apache.jackrabbit.oak.api.Tree)
TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Aggregations
AccessControlManager (javax.jcr.security.AccessControlManager)192
Privilege (javax.jcr.security.Privilege)82
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)77
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)62
Session (javax.jcr.Session)47
Test (org.junit.Test)45
AccessControlEntry (javax.jcr.security.AccessControlEntry)39
Node (javax.jcr.Node)33
AccessControlList (javax.jcr.security.AccessControlList)32
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)23
Principal (java.security.Principal)22
Value (javax.jcr.Value)17
HashMap (java.util.HashMap)14
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)14
Group (org.apache.jackrabbit.api.security.user.Group)14
ValueFactory (javax.jcr.ValueFactory)13
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)13
NodeImpl (org.apache.jackrabbit.core.NodeImpl)13
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)12
