Examples with AccessControlPolicy javax.jcr.security.AccessControlPolicy used on opensource projects

Example 1 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class WriteTest method testNotItemBasedPrincipal.

/**
     * Test for bug JCR-2621
     *
     * @throws Exception
     */
public void testNotItemBasedPrincipal() throws Exception {
    try {
        Principal everyone = ((JackrabbitSession) superuser).getPrincipalManager().getEveryone();
        JackrabbitAccessControlList acl = getPolicy(acMgr, path, everyone);
        acl.addEntry(everyone, privilegesFromName(Privilege.JCR_READ), true, getRestrictions(superuser, path));
        acMgr.setPolicy(acl.getPath(), acl);
        AccessControlPolicy[] plcs = acMgr.getPolicies(acl.getPath());
        assertEquals(1, plcs.length);
        acl = (JackrabbitAccessControlList) plcs[0];
        acl.addEntry(everyone, privilegesFromName(Privilege.JCR_WRITE), true, getRestrictions(superuser, path));
        acMgr.setPolicy(acl.getPath(), acl);
    } finally {
        // revert all kind of transient modifications
        superuser.refresh(false);
    }
}

Example 2 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class WriteTest method testInvalidPrincipal.

public void testInvalidPrincipal() throws Exception {
    PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
    String unknown = "unknown";
    while (pMgr.hasPrincipal(unknown)) {
        unknown = unknown + "_";
    }
    Principal principal = new PrincipalImpl(unknown);
    if (acMgr instanceof JackrabbitAccessControlManager) {
        // first try applicable policies
        try {
            AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acMgr).getApplicablePolicies(principal);
            assertNotNull(policies);
            assertEquals(0, policies.length);
        } catch (AccessControlException e) {
        // success
        }
        // second existing policies
        try {
            AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acMgr).getPolicies(principal);
            assertNotNull(policies);
            assertEquals(0, policies.length);
        } catch (AccessControlException e) {
        // success
        }
    } else {
        throw new NotExecutableException();
    }
}

Example 3 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.

public void testGetEffectivePoliciesByPrincipal() throws Exception {
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
    Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
    AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
    assertNotNull(acp);
    assertEquals(1, acp.length);
    assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);
    JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];
    assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
    assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));
    acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
    if (acp.length == 0) {
        acp = jacMgr.getPolicies(testUser.getPrincipal());
    }
    assertNotNull(acp);
    assertEquals(1, acp.length);
    assertTrue(acp[0] instanceof JackrabbitAccessControlList);
    // let testuser read the ACL defined for 'testUser' principal.
    JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
    acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
    jacMgr.setPolicy(acl.getPath(), acl);
    superuser.save();
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    // effective policies for testPrinicpal only on path -> must succeed.
    ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
    // effective policies for a combination of principals -> must fail
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(((SessionImpl) testSession).getSubject().getPrincipals());
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}

Example 4 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class AuthorizableActionTest method assertAcAction.

private static void assertAcAction(Authorizable a, UserManagerImpl umgr) throws RepositoryException, NotExecutableException {
    Session s = umgr.getSession();
    AccessControlManager acMgr = s.getAccessControlManager();
    boolean hasACL = false;
    AccessControlPolicyIterator it = acMgr.getApplicablePolicies("/");
    while (it.hasNext()) {
        if (it.nextAccessControlPolicy() instanceof AccessControlList) {
            hasACL = true;
            break;
        }
    }
    if (!hasACL) {
        for (AccessControlPolicy p : acMgr.getPolicies("/")) {
            if (p instanceof AccessControlList) {
                hasACL = true;
                break;
            }
        }
    }
    if (!hasACL) {
        throw new NotExecutableException("No ACLs in workspace containing users.");
    }
    String path = a.getPath();
    assertEquals(1, acMgr.getPolicies(path).length);
    assertTrue(acMgr.getPolicies(path)[0] instanceof AccessControlList);
}

Example 5 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class AccessControlImporterTest method testImportEmptyExistingPolicy.

/**
     * Imports an empty resource-based ACL for a policy that already exists.
     *
     * @throws Exception
     */
public void testImportEmptyExistingPolicy() throws Exception {
    NodeImpl target = (NodeImpl) testRootNode;
    target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
    AccessControlManager acMgr = sImpl.getAccessControlManager();
    for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
        AccessControlPolicy policy = it.nextAccessControlPolicy();
        if (policy instanceof AccessControlList) {
            acMgr.setPolicy(target.getPath(), policy);
        }
    }
    try {
        InputStream in = new ByteArrayInputStream(XML_POLICY_ONLY.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(0, entries.length);
    } finally {
        superuser.refresh(false);
    }
}