Examples with AccessControlPolicy javax.jcr.security.AccessControlPolicy used on opensource projects

Example 66 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.

the class AceCreationTest method afterTest.

@Override
protected void afterTest() throws Exception {
    Session session = createOrGetSystemSession();
    AccessControlManager acm = session.getAccessControlManager();
    for (AccessControlPolicy policy : acm.getPolicies(nodePath)) {
        acm.removePolicy(nodePath, policy);
    }
    save(session, transientWrites);
    super.afterTest();
}

Example 67 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class ACLEditor method getPolicies.

//------------------------------------------------< AccessControlEditor >---
/**
     * @see AccessControlEditor#getPolicies(String)
     */
public AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
    checkProtectsNode(nodePath);
    NodeImpl aclNode = getAclNode(nodePath);
    if (aclNode == null) {
        return new AccessControlPolicy[0];
    } else {
        return new AccessControlPolicy[] { getACL(aclNode, nodePath) };
    }
}

Example 68 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class ACLProvider method getEffectivePolicies.

/**
     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(java.util.Set, CompiledPermissions)
     */
public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals, CompiledPermissions permissions) throws RepositoryException {
    String propName = ISO9075.encode(session.getJCRName(P_PRINCIPAL_NAME));
    StringBuilder stmt = new StringBuilder("/jcr:root");
    stmt.append("//element(*,");
    stmt.append(session.getJCRName(NT_REP_ACE));
    stmt.append(")[");
    int i = 0;
    for (Principal principal : principals) {
        if (i > 0) {
            stmt.append(" or ");
        }
        stmt.append("@");
        stmt.append(propName);
        stmt.append("='");
        stmt.append(principal.getName().replaceAll("'", "''"));
        stmt.append("'");
        i++;
    }
    stmt.append("]");
    QueryResult result;
    try {
        QueryManager qm = session.getWorkspace().getQueryManager();
        Query q = qm.createQuery(stmt.toString(), Query.XPATH);
        result = q.execute();
    } catch (RepositoryException e) {
        log.error("Unexpected error while searching effective policies. {}", e.getMessage());
        throw new UnsupportedOperationException("Retrieve effective policies for set of principals not supported.", e);
    }
    Set<AccessControlPolicy> acls = new LinkedHashSet<AccessControlPolicy>();
    for (NodeIterator it = result.getNodes(); it.hasNext(); ) {
        NodeImpl aclNode = (NodeImpl) it.nextNode().getParent();
        Name aclName = aclNode.getQName();
        NodeImpl accessControlledNode = (NodeImpl) aclNode.getParent();
        if (N_POLICY.equals(aclName) && isAccessControlled(accessControlledNode)) {
            if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
                acls.add(getACL(accessControlledNode, N_POLICY, accessControlledNode.getPath()));
            } else {
                throw new AccessDeniedException("Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
            }
        } else if (N_REPO_POLICY.equals(aclName) && isRepoAccessControlled(accessControlledNode)) {
            if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
                acls.add(getACL(accessControlledNode, N_REPO_POLICY, null));
            } else {
                throw new AccessDeniedException("Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
            }
        }
    // else: not a regular policy node -> ignore.
    }
    return acls.toArray(new AccessControlPolicy[acls.size()]);
}

Example 69 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class ACLProvider method initRootACL.

/**
     * Set-up minimal permissions for the workspace:
     *
     * <ul>
     * <li>'adminstrators' principal -> all privileges</li>
     * <li>'everyone' -> read privilege</li>
     * </ul>
     *
     * @param session to the workspace to set-up initial ACL to
     * @param editor for the specified session.
     * @throws RepositoryException If an error occurs.
     */
private static void initRootACL(SessionImpl session, AccessControlEditor editor) throws RepositoryException {
    try {
        log.debug("Install initial ACL:...");
        String rootPath = session.getRootNode().getPath();
        AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath);
        if (acls.length > 0) {
            ACLTemplate acl = (ACLTemplate) acls[0];
            PrincipalManager pMgr = session.getPrincipalManager();
            AccessControlManager acMgr = session.getAccessControlManager();
            String pName = SecurityConstants.ADMINISTRATORS_NAME;
            if (pMgr.hasPrincipal(pName)) {
                Principal administrators = pMgr.getPrincipal(pName);
                log.debug("... Privilege.ALL for administrators.");
                Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) };
                acl.addAccessControlEntry(administrators, privs);
            } else {
                log.info("Administrators principal group is missing -> omitting initialization of default permissions.");
            }
            Principal everyone = pMgr.getEveryone();
            log.debug("... Privilege.READ for everyone.");
            Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
            acl.addAccessControlEntry(everyone, privs);
            editor.setPolicy(rootPath, acl);
            session.save();
        } else {
            log.info("No applicable ACL available for the root node -> skip initialization of the root node's ACL.");
        }
    } catch (RepositoryException e) {
        log.error("Failed to set-up minimal access control for root node of workspace " + session.getWorkspace().getName());
        session.getRootNode().refresh(false);
    }
}

Example 70 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class UserImporterTest method testAccessControlActionExecutionForUser.

public void testAccessControlActionExecutionForUser() throws Exception {
    AccessControlAction a1 = new AccessControlAction();
    a1.setUserPrivilegeNames(Privilege.JCR_ALL);
    umgr.setAuthorizableActions(new AuthorizableAction[] { a1 });
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>tPrincipal</sv:value></sv:property>" + "</sv:node>";
    NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
    try {
        doImport(target, xml);
        Authorizable a = umgr.getAuthorizable("t");
        assertNotNull(a);
        assertFalse(a.isGroup());
        AccessControlManager acMgr = sImpl.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
        assertNotNull(policies);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof AccessControlList);
        AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, aces.length);
        assertEquals("tPrincipal", aces[0].getPrincipal().getName());
    } finally {
        sImpl.refresh(false);
    }
}