Examples with AccessControlManager javax.jcr.security.AccessControlManager used on opensource projects

Example 41 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class JcrSupportedPrivilegesProperty method asDavProperty.

/**
     * Calculated the supported privileges at {@code absPath} and build a
     * {@link org.apache.jackrabbit.webdav.security.SupportedPrivilegeSetProperty}
     * from the result.
     *
     * @return a new {@code SupportedPrivilegeSetProperty} property.
     * @throws RepositoryException
     */
public SupportedPrivilegeSetProperty asDavProperty() throws RepositoryException {
    if (privileges.isEmpty()) {
        AccessControlManager acMgr = session.getAccessControlManager();
        privileges.addAll(Arrays.asList(acMgr.getSupportedPrivileges(absPath)));
    }
    for (Privilege p : privileges) {
        if (!aggregated.contains(p.getName())) {
            createSupportedPrivilege(p);
        }
    }
    return new SupportedPrivilegeSetProperty(supportedPrivileges.values().toArray(new SupportedPrivilege[supportedPrivileges.size()]));
}

Example 42 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class WriteTest method testMultipleGroupPermissionsOnNode2.

public void testMultipleGroupPermissionsOnNode2() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    /* create a second group the test user is member of */
    Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
    UserManager umgr = getUserManager(superuser);
    Group group2 = umgr.createGroup(principal);
    try {
        group2.addMember(testUser);
        if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();
        }
        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        withdrawPrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        givePrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
             testuser must get the permissions/privileges inherited from
             the group it is member of.
             granting permissions for group2 must be effective
            */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        AccessControlManager testAcMgr = getTestACManager();
        assertTrue(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertTrue(testAcMgr.hasPrivileges(path, privs));
    } finally {
        group2.remove();
    }
}

Example 43 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class WriteTest method testReorderGroupPermissions.

public void testReorderGroupPermissions() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    /* create a second group the test user is member of */
    Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
    UserManager umgr = getUserManager(superuser);
    Group group2 = umgr.createGroup(principal);
    try {
        group2.addMember(testUser);
        if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();
        }
        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        withdrawPrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        givePrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
             testuser must get the permissions/privileges inherited from
             the group it is member of.
             granting permissions for group2 must be effective
            */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        AccessControlManager testAcMgr = getTestACManager();
        assertTrue(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertTrue(testAcMgr.hasPrivileges(path, privs));
        // reorder the ACEs
        AccessControlEntry srcEntry = null;
        AccessControlEntry destEntry = null;
        JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
        for (AccessControlEntry entry : acl.getAccessControlEntries()) {
            Principal princ = entry.getPrincipal();
            if (testGroup.getPrincipal().equals(princ)) {
                destEntry = entry;
            } else if (group2.getPrincipal().equals(princ)) {
                srcEntry = entry;
            }
        }
        acl.orderBefore(srcEntry, destEntry);
        acMgr.setPolicy(path, acl);
        superuser.save();
        /* after reordering the permissions must be denied */
        assertFalse(getTestSession().hasPermission(path, actions));
        assertFalse(testAcMgr.hasPrivileges(path, privs));
    } finally {
        group2.remove();
    }
}

Example 44 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class WriteTest method testInheritedGroupPermissions2.

public void testInheritedGroupPermissions2() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    AccessControlManager testAcMgr = getTestACManager();
    /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
    // NOTE: same as testInheritedGroupPermissions above but using
    // everyone on path, testgroup on childpath -> result must be the same
    /* give MODIFY_PROPERTIES privilege for everyone at 'path' */
    givePrivileges(path, EveryonePrincipal.getInstance(), privileges, getRestrictions(superuser, path));
    /*
         withdraw MODIFY_PROPERTIES privilege for testGroup at 'childNPath'
         */
    withdrawPrivileges(childNPath, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
    // result at 'child path' must be deny
    assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
}

Example 45 with AccessControlManager

use of javax.jcr.security.AccessControlManager in project jackrabbit by apache.

the class WriteTest method testMultipleGroupPermissionsOnNode.

public void testMultipleGroupPermissionsOnNode() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    /* create a second group the test user is member of */
    Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
    UserManager umgr = getUserManager(superuser);
    Group group2 = umgr.createGroup(principal);
    try {
        group2.addMember(testUser);
        if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();
        }
        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        withdrawPrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
             testuser must get the permissions/privileges inherited from
             the group it is member of.
             the denial of group2 must succeed
            */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        AccessControlManager testAcMgr = getTestACManager();
        assertFalse(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertFalse(testAcMgr.hasPrivileges(path, privs));
    } finally {
        group2.remove();
    }
}