Examples with AccessControlPolicy javax.jcr.security.AccessControlPolicy used on opensource projects

Search in sources :

Example 31 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class UserImporterTest method testAccessControlActionExecutionForGroup.

public void testAccessControlActionExecutionForGroup() throws Exception {
    AccessControlAction a1 = new AccessControlAction();
    a1.setGroupPrivilegeNames(Privilege.JCR_READ);
    umgr.setAuthorizableActions(new AuthorizableAction[] { a1 });
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"g\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>b2f5ff47-4366-31b6-a533-d8dc3614845d</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>gPrincipal</sv:value></sv:property>" + "</sv:node>";
    NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getGroupsPath());
    try {
        doImport(target, xml);
        Authorizable a = umgr.getAuthorizable("g");
        assertNotNull(a);
        assertTrue(a.isGroup());
        AccessControlManager acMgr = sImpl.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
        assertNotNull(policies);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof AccessControlList);
        AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, aces.length);
        assertEquals("gPrincipal", aces[0].getPrincipal().getName());
    } finally {
        sImpl.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlAction(org.apache.jackrabbit.core.security.user.action.AccessControlAction) NodeImpl(org.apache.jackrabbit.core.NodeImpl) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 32 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class UserImporterTest method testAccessControlActionExecutionForUser2.

public void testAccessControlActionExecutionForUser2() throws Exception {
    AccessControlAction a1 = new AccessControlAction();
    a1.setUserPrivilegeNames(Privilege.JCR_ALL);
    umgr.setAuthorizableActions(new AuthorizableAction[] { a1 });
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>tPrincipal</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "</sv:node>";
    NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
    try {
        doImport(target, xml);
        Authorizable a = umgr.getAuthorizable("t");
        assertNotNull(a);
        assertFalse(a.isGroup());
        AccessControlManager acMgr = sImpl.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
        assertNotNull(policies);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof AccessControlList);
        AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, aces.length);
        assertEquals("tPrincipal", aces[0].getPrincipal().getName());
    } finally {
        sImpl.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlAction(org.apache.jackrabbit.core.security.user.action.AccessControlAction) NodeImpl(org.apache.jackrabbit.core.NodeImpl) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 33 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit-oak by apache.

the class CugAccessControlManager method getEffectivePolicies.

@Override
public AccessControlPolicy[] getEffectivePolicies(String absPath) throws RepositoryException {
    String oakPath = getOakPath(absPath);
    getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);
    boolean enabled = config.getConfigValue(CugConstants.PARAM_CUG_ENABLED, false);
    if (enabled) {
        Root r = getRoot().getContentSession().getLatestRoot();
        List<AccessControlPolicy> effective = new ArrayList<>();
        while (oakPath != null) {
            if (isSupportedPath(oakPath)) {
                CugPolicy cug = getCugPolicy(oakPath, r.getTree(oakPath));
                if (cug != null) {
                    effective.add(cug);
                }
            }
            oakPath = (PathUtils.denotesRoot(oakPath)) ? null : PathUtils.getAncestorPath(oakPath, 1);
        }
        return effective.toArray(new AccessControlPolicy[effective.size()]);
    } else {
        return new AccessControlPolicy[0];
    }
}
Also used : CugPolicy(org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) ArrayList(java.util.ArrayList)

Example 34 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class ACLEditor method removePolicy.

/**
     * @see AccessControlEditor#removePolicy(String,AccessControlPolicy)
     */
public void removePolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, PathNotFoundException, RepositoryException {
    checkProtectsNode(nodePath);
    checkValidPolicy(nodePath, policy);
    NodeImpl acNode = getAcNode(nodePath);
    if (isAccessControlled(acNode)) {
        // build the template in order to have a return value
        AccessControlPolicy tmpl = createTemplate(acNode);
        if (tmpl.equals(policy)) {
            removeItem(acNode.getNode(N_POLICY));
            return;
        }
    }
    // to the node at 'nodePath' -> throw exception. no policy was removed
    throw new AccessControlException("Policy " + policy + " does not apply to " + nodePath);
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) AccessControlException(javax.jcr.security.AccessControlException)

Example 35 with AccessControlPolicy

use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.

the class ACLProvider method getEffectivePolicies.

/**
     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(org.apache.jackrabbit.spi.Path,org.apache.jackrabbit.core.security.authorization.CompiledPermissions)
     */
public AccessControlPolicy[] getEffectivePolicies(Path absPath, CompiledPermissions permissions) throws ItemNotFoundException, RepositoryException {
    if (absPath == null) {
        // TODO: JCR-2774
        log.warn("TODO: JCR-2774 - Repository level permissions.");
        return new AccessControlPolicy[0];
    }
    String jcrPath = session.getJCRPath(absPath);
    String pName = ISO9075.encode(session.getJCRName(ACLTemplate.P_NODE_PATH));
    int ancestorCnt = absPath.getAncestorCount();
    // search all ACEs whose rep:nodePath property equals the specified
    // absPath or any of it's ancestors
    StringBuilder stmt = new StringBuilder("/jcr:root");
    stmt.append(acRoot.getPath());
    stmt.append("//element(*,");
    stmt.append(session.getJCRName(NT_REP_ACE));
    stmt.append(")[");
    for (int i = 0; i <= ancestorCnt; i++) {
        String path = Text.getRelativeParent(jcrPath, i);
        if (i > 0) {
            stmt.append(" or ");
        }
        stmt.append("@");
        stmt.append(pName);
        stmt.append("='");
        stmt.append(path.replaceAll("'", "''"));
        stmt.append("'");
    }
    stmt.append("]");
    QueryResult result;
    try {
        QueryManager qm = session.getWorkspace().getQueryManager();
        Query q = qm.createQuery(stmt.toString(), Query.XPATH);
        result = q.execute();
    } catch (RepositoryException e) {
        log.error("Unexpected error while searching effective policies. {}", e.getMessage());
        throw new UnsupportedOperationException("Retrieve effective policies at absPath '" + jcrPath + "' not supported.", e);
    }
    /**
         * Loop over query results and verify that
         * - the corresponding ACE really takes effect on the specified absPath.
         * - the corresponding ACL can be read by the editing session.
         */
    Set<AccessControlPolicy> acls = new LinkedHashSet<AccessControlPolicy>();
    for (NodeIterator it = result.getNodes(); it.hasNext(); ) {
        Node aceNode = it.nextNode();
        String accessControlledNodePath = Text.getRelativeParent(aceNode.getPath(), 2);
        Path acPath = session.getQPath(accessControlledNodePath);
        AccessControlPolicy[] policies = editor.getPolicies(accessControlledNodePath);
        if (policies.length > 0) {
            ACLTemplate acl = (ACLTemplate) policies[0];
            for (AccessControlEntry ace : acl.getAccessControlEntries()) {
                ACLTemplate.Entry entry = (ACLTemplate.Entry) ace;
                if (entry.matches(jcrPath)) {
                    if (permissions.grants(acPath, Permission.READ_AC)) {
                        acls.add(new UnmodifiableAccessControlList(acl));
                        break;
                    } else {
                        throw new AccessDeniedException("Access denied at " + accessControlledNodePath);
                    }
                }
            }
        }
    }
    return acls.toArray(new AccessControlPolicy[acls.size()]);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) NodeIterator(javax.jcr.NodeIterator) Path(org.apache.jackrabbit.spi.Path) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessDeniedException(javax.jcr.AccessDeniedException) Query(javax.jcr.query.Query) Node(javax.jcr.Node) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) QueryResult(javax.jcr.query.QueryResult) AccessControlEntry(javax.jcr.security.AccessControlEntry) QueryManager(javax.jcr.query.QueryManager) UnmodifiableAccessControlList(org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList)

Aggregations

AccessControlPolicy (javax.jcr.security.AccessControlPolicy)182 Test (org.junit.Test)67 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)66 AccessControlManager (javax.jcr.security.AccessControlManager)62 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)52 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)52 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)49 AccessControlEntry (javax.jcr.security.AccessControlEntry)40 AccessControlList (javax.jcr.security.AccessControlList)32 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32 NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)28 Privilege (javax.jcr.security.Privilege)28 Principal (java.security.Principal)24 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)23 NodeImpl (org.apache.jackrabbit.core.NodeImpl)18 TestACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)18 Node (javax.jcr.Node)17 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)17 Root (org.apache.jackrabbit.oak.api.Root)14 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)14
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial