Search in sources :

Example 26 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.

the class ConcurrentReadAccessControlledTreeTest2 method addPolicy.

private void addPolicy(Node node) throws RepositoryException {
    AccessControlManager acMgr = node.getSession().getAccessControlManager();
    String path = node.getPath();
    int level = 0;
    if (node.isNodeType(AccessControlConstants.NT_REP_POLICY)) {
        level = 1;
    } else if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
        level = 2;
    } else if (node.isNodeType(AccessControlConstants.NT_REP_RESTRICTIONS)) {
        level = 3;
    }
    if (level > 0) {
        path = Text.getRelativeParent(path, level);
    }
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(node.getSession(), path);
    if (acl != null) {
        Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
        for (Principal principal : principals) {
            acl.addAccessControlEntry(principal, privileges);
        }
        acMgr.setPolicy(path, acl);
        adminSession.save();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal)

Example 27 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.

the class ConcurrentReadSinglePolicyTreeTest method visitingNode.

@Override
protected void visitingNode(Node node, int i) throws RepositoryException {
    super.visitingNode(node, i);
    String path = node.getPath();
    AccessControlManager acMgr = node.getSession().getAccessControlManager();
    if (testRoot.getPath().equals(path)) {
        JackrabbitAccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, path);
        if (policy != null) {
            policy.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ), true);
        }
        acMgr.setPolicy(path, policy);
    } else if (!path.contains("rep:policy")) {
        for (AccessControlPolicy policy : acMgr.getPolicies(path)) {
            if (policy instanceof JackrabbitAccessControlList) {
                acMgr.removePolicy(path, policy);
            }
        }
    }
    node.getSession().save();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 28 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.

the class ItemNameRestrictionTest method testRemoveTree2.

@Test
public void testRemoveTree2() throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a");
    acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_REMOVE_CHILD_NODES), true);
    acMgr.setPolicy(acl.getPath(), acl);
    root.commit();
    Root testRoot = testSession.getLatestRoot();
    List<String> paths = ImmutableList.of("/a/d/b/e/c", "/a/d/b");
    for (String p : paths) {
        testRoot.getTree(p).remove();
        testRoot.commit();
    }
    try {
        testRoot.getTree("/a").remove();
        testRoot.commit();
        fail();
    } catch (CommitFailedException e) {
        // success
        assertTrue(e.isAccessViolation());
    } finally {
        testRoot.refresh();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Root(org.apache.jackrabbit.oak.api.Root) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 29 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.

the class PermissionTest method addEntry.

private void addEntry(String path, boolean grant, String restriction, String... privilegeNames) throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
    if (restriction.length() > 0) {
        Map<String, Value> rs = new HashMap<String, Value>();
        rs.put("rep:glob", new StringValue(restriction));
        acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), grant, rs);
    } else {
        acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), grant);
    }
    acMgr.setPolicy(path, acl);
    root.commit();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) HashMap(java.util.HashMap) Value(javax.jcr.Value) StringValue(org.apache.jackrabbit.value.StringValue) StringValue(org.apache.jackrabbit.value.StringValue) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 30 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.

the class ItemNameRestrictionTest method before.

@Override
public void before() throws Exception {
    super.before();
    Tree rootTree = root.getTree("/");
    NodeUtil f = new NodeUtil(rootTree).getOrAddTree("a/d/b/e/c/f", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
    NodeUtil c = f.getParent();
    c.setString("prop", "value");
    c.setString("a", "value");
    testPrincipal = getTestUser().getPrincipal();
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a");
    vf = new ValueFactoryImpl(root, NamePathMapper.DEFAULT);
    acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_ADD_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE), true, Collections.<String, Value>emptyMap(), ImmutableMap.of(AccessControlConstants.REP_ITEM_NAMES, new Value[] { vf.createValue("a", PropertyType.NAME), vf.createValue("b", PropertyType.NAME), vf.createValue("c", PropertyType.NAME) }));
    acMgr.setPolicy(acl.getPath(), acl);
    UserManager uMgr = getUserManager(root);
    testGroup = uMgr.createGroup("testGroup" + UUID.randomUUID());
    root.commit();
    testSession = createTestSession();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ValueFactoryImpl(org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl) Value(javax.jcr.Value) Tree(org.apache.jackrabbit.oak.api.Tree) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)

Aggregations

AccessControlManager (javax.jcr.security.AccessControlManager)192 Privilege (javax.jcr.security.Privilege)82 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)77 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)62 Session (javax.jcr.Session)47 Test (org.junit.Test)45 AccessControlEntry (javax.jcr.security.AccessControlEntry)39 Node (javax.jcr.Node)33 AccessControlList (javax.jcr.security.AccessControlList)32 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)23 Principal (java.security.Principal)22 Value (javax.jcr.Value)17 HashMap (java.util.HashMap)14 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)14 Group (org.apache.jackrabbit.api.security.user.Group)14 ValueFactory (javax.jcr.ValueFactory)13 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)13 NodeImpl (org.apache.jackrabbit.core.NodeImpl)13 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)12