Examples with AccessControlPolicy javax.jcr.security.AccessControlPolicy used on opensource projects
Example 36 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.
the class AccessControlUtils method getAccessControlList.
/**
* Utility that combines {@link AccessControlManager#getApplicablePolicies(String)}
* and {@link AccessControlManager#getPolicies(String)} to retrieve
* a modifiable {@code JackrabbitAccessControlList} for the given path.<br>
*
* Note that the policy must be {@link AccessControlManager#setPolicy(String,
* javax.jcr.security.AccessControlPolicy) reapplied}
* and the changes must be saved in order to make the AC modifications take
* effect.
*
* @param accessControlManager The {@code AccessControlManager} .
* @param absPath The absolute path of the target node.
* @return A modifiable access control list or null if there is none.
* @throws RepositoryException If an error occurs.
*/
public static JackrabbitAccessControlList getAccessControlList(AccessControlManager accessControlManager, String absPath) throws RepositoryException {
// try applicable (new) ACLs
AccessControlPolicyIterator itr = accessControlManager.getApplicablePolicies(absPath);
while (itr.hasNext()) {
AccessControlPolicy policy = itr.nextAccessControlPolicy();
if (policy instanceof JackrabbitAccessControlList) {
return (JackrabbitAccessControlList) policy;
}
}
// try if there is an acl that has been set before
AccessControlPolicy[] pcls = accessControlManager.getPolicies(absPath);
for (AccessControlPolicy policy : pcls) {
if (policy instanceof JackrabbitAccessControlList) {
return (JackrabbitAccessControlList) policy;
}
}
// no policy found
return null;
}
Also used :
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 37 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.
the class AccessControlPolicyTest method testGetPolicyAfterSave.
public void testGetPolicyAfterSave() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanReadAc(path);
checkCanModifyAc(path);
AccessControlPolicy policy;
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
if (it.hasNext()) {
policy = it.nextAccessControlPolicy();
acMgr.setPolicy(path, policy);
superuser.save();
// remember for tearDown
addedPolicies.put(path, policy);
} else {
throw new NotExecutableException();
}
Session s2 = null;
try {
s2 = getHelper().getSuperuserSession();
List<AccessControlPolicy> plcs = Arrays.asList(getAccessControlManager(s2).getPolicies(path));
// TODO: check again if policies can be compared with equals!
assertTrue("Policy must be visible to another superuser session.", plcs.contains(policy));
} finally {
if (s2 != null) {
s2.logout();
}
}
}
Also used :
NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Session(javax.jcr.Session)
Example 38 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.
the class AccessControlPolicyTest method testApplicablePoliciesAreDistinct.
public void testApplicablePoliciesAreDistinct() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanReadAc(path);
// call must succeed without exception
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
Set<AccessControlPolicy> acps = new HashSet<AccessControlPolicy>();
while (it.hasNext()) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
if (!acps.add(policy)) {
fail("The applicable policies present should be unique among the choices. Policy " + policy + " occured multiple times.");
}
}
}
Also used :
NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
HashSet(java.util.HashSet)
Example 39 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.
the class AccessControlPolicyTest method testSetPolicy.
public void testSetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanModifyAc(path);
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
if (it.hasNext()) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
acMgr.setPolicy(path, policy);
} else {
throw new NotExecutableException();
}
}
Also used :
NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Example 40 with AccessControlPolicy
use of javax.jcr.security.AccessControlPolicy in project jackrabbit by apache.
the class AccessControlPolicyTest method testRemovePolicyIsTransient.
public void testRemovePolicyIsTransient() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanReadAc(path);
checkCanModifyAc(path);
AccessControlPolicy[] currentPolicies = acMgr.getPolicies(path);
int size = currentPolicies.length;
AccessControlPolicy toRemove;
if (size == 0) {
// no policy to remove ->> apply one
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
if (it.hasNext()) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
acMgr.setPolicy(path, policy);
superuser.save();
// remember for teardown
addedPolicies.put(path, policy);
toRemove = policy;
currentPolicies = acMgr.getPolicies(path);
size = currentPolicies.length;
} else {
throw new NotExecutableException();
}
} else {
toRemove = currentPolicies[0];
}
// test transient behaviour of the removal
acMgr.removePolicy(path, toRemove);
assertEquals("After transient remove AccessControlManager.getPolicies must return less policies.", size - 1, acMgr.getPolicies(path).length);
// revert changes
superuser.refresh(false);
assertEquals("Reverting a Policy removal must restore the original state.", Arrays.asList(currentPolicies), Arrays.asList(acMgr.getPolicies(path)));
}
Also used :
NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Aggregations
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)182
Test (org.junit.Test)67
JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)66
AccessControlManager (javax.jcr.security.AccessControlManager)62
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)52
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)52
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)49
AccessControlEntry (javax.jcr.security.AccessControlEntry)40
AccessControlList (javax.jcr.security.AccessControlList)32
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)32
NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)28
Privilege (javax.jcr.security.Privilege)28
Principal (java.security.Principal)24
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)23
NodeImpl (org.apache.jackrabbit.core.NodeImpl)18
TestACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)18
Node (javax.jcr.Node)17
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)17
Root (org.apache.jackrabbit.oak.api.Root)14
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)14
