Search in sources :

Example 16 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class AccessControlImporterTest method testImportEmptyExistingPolicy.

/**
     * Imports an empty resource-based ACL for a policy that already exists.
     *
     * @throws Exception
     */
public void testImportEmptyExistingPolicy() throws Exception {
    NodeImpl target = (NodeImpl) testRootNode;
    target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
    AccessControlManager acMgr = sImpl.getAccessControlManager();
    for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
        AccessControlPolicy policy = it.nextAccessControlPolicy();
        if (policy instanceof AccessControlList) {
            acMgr.setPolicy(target.getPath(), policy);
        }
    }
    try {
        InputStream in = new ByteArrayInputStream(XML_POLICY_ONLY.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(0, entries.length);
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 17 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class AccessControlImporterTest method testImportACLUnknown.

/**
     * Imports a resource-based ACL containing a single entry.
     *
     * @throws Exception
     */
public void testImportACLUnknown() throws Exception {
    try {
        NodeImpl target = (NodeImpl) testRootNode.addNode(nodeName1);
        target.addMixin("rep:AccessControllable");
        InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_4.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        String path = target.getPath();
        AccessControlManager acMgr = sImpl.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(path);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(2, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals("unknownprincipal", entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        entry = entries[1];
        assertEquals("admin", entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 18 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class AccessControlImporterTest method testImportRepoACLAtRoot.

/**
     * Repo level acl must be imported underneath the root node.
     *
     * @throws Exception
     */
public void testImportRepoACLAtRoot() throws Exception {
    NodeImpl target = (NodeImpl) sImpl.getRootNode();
    AccessControlManager acMgr = sImpl.getAccessControlManager();
    try {
        // need to add mixin. in contrast to only using JCR API to retrieve
        // and set the policies the protected item import only is called if
        // the node to be imported is defined to be protected. however, if
        // the root node doesn't have the mixin assigned the defining node
        // type of the imported policy nodes will be rep:root (unstructured)
        // and the items will not be detected as being protected.
        target.addMixin("rep:RepoAccessControllable");
        InputStream in = new ByteArrayInputStream(XML_REPO_POLICY_TREE.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        AccessControlPolicy[] policies = acMgr.getPolicies(null);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, entries.length);
        assertEquals(1, entries[0].getPrivileges().length);
        assertEquals(acMgr.privilegeFromName("jcr:workspaceManagement"), entries[0].getPrivileges()[0]);
        assertTrue(target.hasNode("rep:repoPolicy"));
        assertTrue(target.hasNode("rep:repoPolicy/allow"));
        // clean up again
        acMgr.removePolicy(null, policies[0]);
        assertFalse(target.hasNode("rep:repoPolicy"));
        assertFalse(target.hasNode("rep:repoPolicy/allow"));
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 19 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class AccessControlImporterTest method testImportACL.

/**
     * Imports a resource-based ACL containing a single entry.
     *
     * @throws Exception
     */
public void testImportACL() throws Exception {
    NodeImpl target = (NodeImpl) testRootNode;
    try {
        InputStream in = new ByteArrayInputStream(XML_POLICY_TREE.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        assertTrue(target.hasNode("test"));
        String path = target.getNode("test").getPath();
        AccessControlManager acMgr = sImpl.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(path);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals("everyone", entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 20 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class AccessControlImporterTest method testImportPolicyExists.

/**
     * Imports a resource-based ACL containing a single entry for a policy that
     * already exists.
     *
     * @throws Exception
     */
public void testImportPolicyExists() throws Exception {
    // all ACEs for an import. maybe control this behavior via uuid-flag.
    if (true) {
        return;
    }
    NodeImpl target = (NodeImpl) testRootNode;
    target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
    AccessControlManager acMgr = sImpl.getAccessControlManager();
    for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
        AccessControlPolicy policy = it.nextAccessControlPolicy();
        if (policy instanceof AccessControlList) {
            Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT) };
            ((AccessControlList) policy).addAccessControlEntry(sImpl.getPrincipalManager().getEveryone(), privs);
            acMgr.setPolicy(target.getPath(), policy);
        }
    }
    try {
        InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_2.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals("everyone", entry.getPrincipal().getName());
        List<Privilege> privs = Arrays.asList(entry.getPrivileges());
        assertEquals(2, privs.size());
        assertTrue(privs.contains(acMgr.privilegeFromName(Privilege.JCR_WRITE)) && privs.contains(acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT)));
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) ByteArrayInputStream(java.io.ByteArrayInputStream) Privilege(javax.jcr.security.Privilege)

Aggregations

AccessControlManager (javax.jcr.security.AccessControlManager)192 Privilege (javax.jcr.security.Privilege)82 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)77 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)62 Session (javax.jcr.Session)47 Test (org.junit.Test)45 AccessControlEntry (javax.jcr.security.AccessControlEntry)39 Node (javax.jcr.Node)33 AccessControlList (javax.jcr.security.AccessControlList)32 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)23 Principal (java.security.Principal)22 Value (javax.jcr.Value)17 HashMap (java.util.HashMap)14 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)14 Group (org.apache.jackrabbit.api.security.user.Group)14 ValueFactory (javax.jcr.ValueFactory)13 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)13 NodeImpl (org.apache.jackrabbit.core.NodeImpl)13 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)12