Examples with AccessControlPolicy javax.jcr.security.AccessControlPolicy used on opensource projects
Example 81 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagementTest method testRetrievePrivilegesOnAcNodes.
@Test
public void testRetrievePrivilegesOnAcNodes() throws Exception {
// give 'testUser' jcr:readAccessControl privileges at 'path'
Privilege[] privileges = privilegesFromName(Privilege.JCR_READ_ACCESS_CONTROL);
allow(path, privileges);
/*
testuser must be allowed to read ac-content at target node.
*/
assertTrue(testAcMgr.hasPrivileges(path, privileges));
AccessControlPolicy[] policies = testAcMgr.getPolicies(path);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
String aclNodePath = null;
Node n = superuser.getNode(path);
for (NodeIterator itr = n.getNodes(); itr.hasNext(); ) {
Node child = itr.nextNode();
if (child.isNodeType("rep:Policy")) {
aclNodePath = child.getPath();
}
}
if (aclNodePath == null) {
fail("Expected node at " + path + " to have an ACL child node.");
}
assertTrue(testAcMgr.hasPrivileges(aclNodePath, privileges));
assertTrue(testSession.hasPermission(aclNodePath, Session.ACTION_READ));
for (NodeIterator aceNodes = superuser.getNode(aclNodePath).getNodes(); aceNodes.hasNext(); ) {
String aceNodePath = aceNodes.nextNode().getPath();
assertTrue(testAcMgr.hasPrivileges(aceNodePath, privileges));
assertTrue(testSession.hasPermission(aceNodePath, Session.ACTION_READ));
}
}
Also used :
NodeIterator(javax.jcr.NodeIterator)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Node(javax.jcr.Node)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Test(org.junit.Test)
Example 82 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagementTest method testAccessControlModification.
@Test
public void testAccessControlModification() throws Exception {
// give 'testUser' READ_AC|MODIFY_AC privileges at 'path'
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL });
JackrabbitAccessControlList tmpl = allow(path, privileges);
/*
testuser must
- still have the inherited READ permission.
- must have permission to view AC items at 'path' (and below)
- must have permission to modify AC items at 'path'
testuser must not have
- permission to view AC items outside of the tree defined by path.
*/
// make sure the 'rep:policy' node has been created.
assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
// test: MODIFY_AC granted at 'path'
assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
// test if testuser can READ access control on the path and on the
// entire subtree that gets the policy inherited.
AccessControlPolicy[] policies = testAcMgr.getPolicies(path);
testAcMgr.getPolicies(childNPath);
// test: READ_AC privilege does not apply outside of the tree.
try {
testAcMgr.getPolicies(siblingPath);
fail("READ_AC privilege must not apply outside of the tree it has applied to.");
} catch (AccessDeniedException e) {
// success
}
// test: MODIFY_AC privilege does not apply outside of the tree.
assertFalse(testAcMgr.hasPrivileges(siblingPath, privilegesFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
// test if testuser can modify AC-items
// 1) add an ac-entry
AccessControlList acl = (AccessControlList) policies[0];
acl.addAccessControlEntry(testUser.getPrincipal(), repWritePrivileges);
testAcMgr.setPolicy(path, acl);
testSession.save();
assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES)));
// 2) remove the policy
testAcMgr.removePolicy(path, policies[0]);
testSession.save();
// privileges must be gone again...
try {
testAcMgr.getEffectivePolicies(childNPath);
fail("READ_AC privilege has been revoked -> must throw again.");
} catch (AccessDeniedException e) {
// success
}
// ... and since the ACE is stored with the policy all right except
// READ must be gone.
assertReadOnly(path);
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessDeniedException(javax.jcr.AccessDeniedException)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Test(org.junit.Test)
Example 83 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class ImportIgnoreTest method testImportUnknownPrincipal.
@Test
public void testImportUnknownPrincipal() throws Exception {
try {
runImport();
AccessControlManager acMgr = adminSession.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
assertEquals(1, policies.length);
assertEquals(0, ((AccessControlList) policies[0]).getAccessControlEntries().length);
} finally {
adminSession.refresh(false);
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Test(org.junit.Test)
Example 84 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlImporterTest method testImportEmptyExistingPolicy.
/**
* Imports an empty resource-based ACL for a policy that already exists.
*
* @throws Exception
*/
public void testImportEmptyExistingPolicy() throws Exception {
try {
Node target = createImportTargetWithPolicy(null);
doImport(target.getPath(), XML_POLICY_ONLY);
AccessControlPolicy[] policies = superuser.getAccessControlManager().getPolicies(target.getPath());
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(0, entries.length);
} finally {
superuser.refresh(false);
}
}
Also used :
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Node(javax.jcr.Node)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 85 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlActionTest method assertAcAction.
private void assertAcAction(Authorizable a, String expectedPrivName) throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof AccessControlList);
AccessControlList acl = (AccessControlList) policies[0];
assertEquals(1, acl.getAccessControlEntries().length);
assertArrayEquals(new Privilege[] { getPrivilegeManager(root).getPrivilege(expectedPrivName) }, acl.getAccessControlEntries()[0].getPrivileges());
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Aggregations
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)182
Test (org.junit.Test)67
JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)66
AccessControlManager (javax.jcr.security.AccessControlManager)62
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)52
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)52
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)49
AccessControlEntry (javax.jcr.security.AccessControlEntry)40
AccessControlList (javax.jcr.security.AccessControlList)32
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32
NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)28
Privilege (javax.jcr.security.Privilege)28
Principal (java.security.Principal)24
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)23
NodeImpl (org.apache.jackrabbit.core.NodeImpl)18
TestACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)18
Node (javax.jcr.Node)17
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)17
Root (org.apache.jackrabbit.oak.api.Root)14
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)14
