Examples with AccessControlPolicy javax.jcr.security.AccessControlPolicy used on opensource projects
Example 51 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImpl method getEffectivePolicies.
@Nonnull
@Override
public AccessControlPolicy[] getEffectivePolicies(@Nullable String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);
Root r = getRoot().getContentSession().getLatestRoot();
tree = r.getTree(tree.getPath());
List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
AccessControlPolicy policy = createACL(oakPath, tree, true);
if (policy != null) {
effective.add(policy);
}
if (oakPath != null) {
String parentPath = Text.getRelativeParent(oakPath, 1);
while (!parentPath.isEmpty()) {
Tree t = r.getTree(parentPath);
AccessControlPolicy plc = createACL(parentPath, t, true);
if (plc != null) {
effective.add(plc);
}
parentPath = (PathUtils.denotesRoot(parentPath)) ? "" : Text.getRelativeParent(parentPath, 1);
}
}
if (readPaths.contains(oakPath)) {
effective.add(ReadPolicy.INSTANCE);
}
return effective.toArray(new AccessControlPolicy[effective.size()]);
}
Also used :
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Root(org.apache.jackrabbit.oak.api.Root)
ArrayList(java.util.ArrayList)
Tree(org.apache.jackrabbit.oak.api.Tree)
Nonnull(javax.annotation.Nonnull)
Example 52 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testGetApplicablePoliciesByPrincipal.
@Test
public void testGetApplicablePoliciesByPrincipal() throws Exception {
List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
for (Principal principal : principals) {
AccessControlPolicy[] applicable = acMgr.getApplicablePolicies(principal);
assertNotNull(applicable);
assertEquals(1, applicable.length);
assertTrue(applicable[0] instanceof ACL);
}
}
Also used :
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 53 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testEffectivePoliciesFiltering.
@Test
public void testEffectivePoliciesFiltering() throws Exception {
// create first policy with multiple ACEs for the test principal set.
ACL policy = getApplicablePolicy(testPath);
policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
policy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false);
policy.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT), false);
assertEquals(3, policy.getAccessControlEntries().length);
acMgr.setPolicy(testPath, policy);
root.commit();
// different ways to create the principal-set to make sure the filtering
// doesn't rely on principal equality but rather on the name.
List<Principal> principals = ImmutableList.of(testPrincipal, new PrincipalImpl(testPrincipal.getName()), new Principal() {
@Override
public String getName() {
return testPrincipal.getName();
}
});
for (Principal princ : principals) {
AccessControlPolicy[] policies = acMgr.getEffectivePolicies(ImmutableSet.of(princ));
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof AccessControlList);
AccessControlList acl = (AccessControlList) policies[0];
assertEquals(2, acl.getAccessControlEntries().length);
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
assertEquals(princ.getName(), ace.getPrincipal().getName());
}
}
}
Also used :
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
AccessControlList(javax.jcr.security.AccessControlList)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 54 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testSetPolicyPropertyPath.
@Test
public void testSetPolicyPropertyPath() throws Exception {
try {
String path = "/jcr:primaryType";
AccessControlPolicy acl = createPolicy(path);
acMgr.setPolicy(path, acl);
fail("Setting access control policy at property path should fail");
} catch (PathNotFoundException e) {
// success
}
}
Also used :
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
PathNotFoundException(javax.jcr.PathNotFoundException)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 55 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testGetPoliciesAfterSet.
@Test
public void testGetPoliciesAfterSet() throws Exception {
setupPolicy(testPath);
AccessControlPolicy[] policies = acMgr.getPolicies(testPath);
assertNotNull(policies);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof ACL);
ACL acl = (ACL) policies[0];
assertFalse(acl.isEmpty());
}
Also used :
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Aggregations
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)182
Test (org.junit.Test)67
JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)66
AccessControlManager (javax.jcr.security.AccessControlManager)62
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)52
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)52
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)49
AccessControlEntry (javax.jcr.security.AccessControlEntry)40
AccessControlList (javax.jcr.security.AccessControlList)32
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32
NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)28
Privilege (javax.jcr.security.Privilege)28
Principal (java.security.Principal)24
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)23
NodeImpl (org.apache.jackrabbit.core.NodeImpl)18
TestACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)18
Node (javax.jcr.Node)17
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)17
Root (org.apache.jackrabbit.oak.api.Root)14
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)14
