Examples with AccessControlPolicy - javax.jcr.security.AccessControlPolicy

Example 61 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class AbstractWriteTest method testAccessControlRead.

public void testAccessControlRead() throws NotExecutableException, RepositoryException {
    AccessControlManager testAcMgr = getTestACManager();
    checkReadOnly(path);
    // re-grant READ in order to have an ACL-node
    Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
    JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
    // make sure the 'rep:policy' node has been created.
    assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
    Session testSession = getTestSession();
    /*
         Testuser must still have READ-only access only and must not be
         allowed to view the acl-node that has been created.
        */
    assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_READ_ACCESS_CONTROL)));
    assertFalse(testSession.itemExists(path + "/rep:policy"));
    Node n = testSession.getNode(tmpl.getPath());
    assertFalse(n.hasNode("rep:policy"));
    try {
        n.getNode("rep:policy");
        fail("Accessing the rep:policy node must throw PathNotFoundException.");
    } catch (PathNotFoundException e) {
    // ok.
    }
    /* Finally the test user must not be allowed to remove the policy. */
    try {
        testAcMgr.removePolicy(path, new AccessControlPolicy() {
        });
        fail("Test user must not be allowed to remove the access control policy.");
    } catch (AccessDeniedException e) {
    // success
    }
}

Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessDeniedException(javax.jcr.AccessDeniedException) JackrabbitNode(org.apache.jackrabbit.api.JackrabbitNode) Node(javax.jcr.Node) PathNotFoundException(javax.jcr.PathNotFoundException) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Session(javax.jcr.Session)

Example 62 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class AbstractWriteTest method testAccessControlModification.

public void testAccessControlModification() throws RepositoryException, NotExecutableException {
    AccessControlManager testAcMgr = getTestACManager();
    /* precondition:
          testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    Session testSession = getTestSession();
    // give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES| REMOVE_CHILD_NODES privileges at 'path'
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_MODIFY_PROPERTIES });
    JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
    /*
         testuser must not have
         - permission to view AC items
         - permission to modify AC items
        */
    // make sure the 'rep:policy' node has been created.
    assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
    // the policy node however must not be visible to the test-user
    assertFalse(testSession.itemExists(tmpl.getPath() + "/rep:policy"));
    try {
        testAcMgr.getPolicies(tmpl.getPath());
        fail("test user must not have READ_AC privilege.");
    } catch (AccessDeniedException e) {
    // success
    }
    try {
        testAcMgr.getEffectivePolicies(tmpl.getPath());
        fail("test user must not have READ_AC privilege.");
    } catch (AccessDeniedException e) {
    // success
    }
    try {
        testAcMgr.getEffectivePolicies(path);
        fail("test user must not have READ_AC privilege.");
    } catch (AccessDeniedException e) {
    // success
    }
    try {
        testAcMgr.removePolicy(tmpl.getPath(), new AccessControlPolicy() {
        });
        fail("test user must not have MODIFY_AC privilege.");
    } catch (AccessDeniedException e) {
    // success
    }
}

Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessDeniedException(javax.jcr.AccessDeniedException) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Session(javax.jcr.Session)

Example 63 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class JsonDiffHandlerImportTest method assertPolicy.

private static void assertPolicy(AccessControlManager acMgr, Node targetNode, int noACEs) throws RepositoryException {
    AccessControlPolicy[] policies = acMgr.getPolicies(targetNode.getPath());
    assertEquals(policies.length, 1);
    AccessControlPolicy acl = policies[0];
    assertTrue(acl instanceof JackrabbitAccessControlList);
    AccessControlEntry[] entries = ((JackrabbitAccessControlList) acl).getAccessControlEntries();
    assertEquals(noACEs, entries.length);
}

Also used : AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 64 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class AccessControlManagerImpl method getApplicable.

//--------------------------------------------------< private >---
private AccessControlPolicy[] getApplicable(String absPath) throws RepositoryException {
    NodeState controlledState;
    if (absPath == null) {
        controlledState = getRootNodeState();
    } else {
        controlledState = getNodeState(absPath);
    }
    AccessControlPolicy acl = null;
    NodeState aclNode = getAclNode(controlledState, absPath);
    if (aclNode == null) {
        acl = new AccessControlListImpl(absPath, npResolver, qvf);
    }
    return (acl == null) ? new AccessControlPolicy[0] : new AccessControlPolicy[] { acl };
}

Also used : AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeState(org.apache.jackrabbit.jcr2spi.state.NodeState)

Example 65 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class ConcurrentReadAccessControlledTreeTest method beforeSuite.

@Override
protected void beforeSuite() throws Exception {
    super.beforeSuite();
    ItemVisitor visitor = new TraversingItemVisitor.Default() {

        int counter = 0;

        @Override
        protected void entering(Node node, int level) throws RepositoryException {
            if (++counter == 10) {
                addPolicy(node);
                counter = 0;
            }
            super.entering(node, level);
        }

        private void addPolicy(Node node) throws RepositoryException {
            AccessControlManager acMgr = node.getSession().getAccessControlManager();
            String path = node.getPath();
            AccessControlPolicyIterator acIterator = acMgr.getApplicablePolicies(path);
            if (acIterator.hasNext()) {
                AccessControlPolicy policy = acIterator.nextAccessControlPolicy();
                if (policy instanceof AccessControlList) {
                    AccessControlList acl = (AccessControlList) policy;
                    Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
                    if (acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges)) {
                        acMgr.setPolicy(path, acl);
                        node.getSession().save();
                    }
                }
            }
        }
    };
    visitor.visit(testRoot);
    for (int i = 0; i < bgReaders; i++) {
        addBackgroundJob(new RandomRead(loginReader(), false));
    }
}

Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) ItemVisitor(javax.jcr.ItemVisitor) TraversingItemVisitor(javax.jcr.util.TraversingItemVisitor) Node(javax.jcr.Node) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) Privilege(javax.jcr.security.Privilege)

Aggregations

AccessControlPolicy (javax.jcr.security.AccessControlPolicy)182 Test (org.junit.Test)67 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)66 AccessControlManager (javax.jcr.security.AccessControlManager)62 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)52 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)52 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)49 AccessControlEntry (javax.jcr.security.AccessControlEntry)40 AccessControlList (javax.jcr.security.AccessControlList)32 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32 NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)28 Privilege (javax.jcr.security.Privilege)28 Principal (java.security.Principal)24 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)23 NodeImpl (org.apache.jackrabbit.core.NodeImpl)18 TestACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)18 Node (javax.jcr.Node)17 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)17 Root (org.apache.jackrabbit.oak.api.Root)14 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)14