Examples with AccessControlPolicyIterator javax.jcr.security.AccessControlPolicyIterator used on opensource projects

Search in sources :

Example 6 with AccessControlPolicyIterator

use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit-oak by apache.

the class L2_AccessControlManagerTest method testRetrievePoliciesAtTestRoot.

public void testRetrievePoliciesAtTestRoot() throws RepositoryException {
    AccessControlPolicy[] policies = acMgr.getPolicies(testRoot);
    // EXERCISE
    int expectedLength = -1;
    assertEquals(expectedLength, policies.length);
    AccessControlPolicyIterator policyIterator = acMgr.getApplicablePolicies(testRoot);
    // EXERCISE
    int expectedSize = -1;
    assertEquals(expectedSize, policyIterator.getSize());
    // EXERCISE: look at the utility methods and explain the expected return value
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testRoot);
    JackrabbitAccessControlList acl2 = AccessControlUtils.getAccessControlList(superuser, testRoot);
    // EXERCISE: is this correct?
    assertEquals(acl, acl2);
}
Also used : AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 7 with AccessControlPolicyIterator

use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit-oak by apache.

the class L2_AccessControlManagerTest method testRetrievePoliciesAsReadOnlySession.

public void testRetrievePoliciesAsReadOnlySession() throws RepositoryException {
    testSession = superuser.getRepository().login(ExerciseUtility.getTestCredentials(testID));
    // EXERCISE: Fix the test and explain your fix.
    AccessControlPolicyIterator policyIterator = testSession.getAccessControlManager().getApplicablePolicies(testRoot);
    AccessControlPolicy[] policies = testSession.getAccessControlManager().getPolicies(testRoot);
}
Also used : AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)

Example 8 with AccessControlPolicyIterator

use of javax.jcr.security.AccessControlPolicyIterator in project sling by apache.

the class AccessControlUtil method replaceAccessControlEntry.

/**
     * Replaces existing access control entries in the ACL for the specified
     * <code>principal</code> and <code>resourcePath</code>. Any existing granted
     * or denied privileges which do not conflict with the specified privileges
     * are maintained. Where conflicts exist, existing privileges are dropped.
     * The end result will be at most two ACEs for the principal: one for grants
     * and one for denies. Aggregate privileges are disaggregated before checking
     * for conflicts.
     * @param session
     * @param resourcePath
     * @param principal
     * @param grantedPrivilegeNames
     * @param deniedPrivilegeNames
     * @param removedPrivilegeNames privileges which, if they exist, should be
     * removed for this principal and resource
     * @param order where the access control entry should go in the list.
     *         Value should be one of these:
     *         <table>
     *          <tr><td>null</td><td>If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position.</td></tr>
     * 			<tr><td>first</td><td>Place the target ACE as the first amongst its siblings</td></tr>
	 *			<tr><td>last</td><td>Place the target ACE as the last amongst its siblings</td></tr>
	 * 			<tr><td>before xyz</td><td>Place the target ACE immediately before the sibling whose name is xyz</td></tr>
	 * 			<tr><td>after xyz</td><td>Place the target ACE immediately after the sibling whose name is xyz</td></tr>
	 * 			<tr><td>numeric</td><td>Place the target ACE at the specified numeric index</td></tr>
	 *         </table>
     * @throws RepositoryException
     */
public static void replaceAccessControlEntry(Session session, String resourcePath, Principal principal, String[] grantedPrivilegeNames, String[] deniedPrivilegeNames, String[] removedPrivilegeNames, String order) throws RepositoryException {
    AccessControlManager accessControlManager = getAccessControlManager(session);
    Set<String> specifiedPrivilegeNames = new HashSet<String>();
    Set<String> newGrantedPrivilegeNames = disaggregateToPrivilegeNames(accessControlManager, grantedPrivilegeNames, specifiedPrivilegeNames);
    Set<String> newDeniedPrivilegeNames = disaggregateToPrivilegeNames(accessControlManager, deniedPrivilegeNames, specifiedPrivilegeNames);
    disaggregateToPrivilegeNames(accessControlManager, removedPrivilegeNames, specifiedPrivilegeNames);
    // Get or create the ACL for the node.
    AccessControlList acl = null;
    AccessControlPolicy[] policies = accessControlManager.getPolicies(resourcePath);
    for (AccessControlPolicy policy : policies) {
        if (policy instanceof AccessControlList) {
            acl = (AccessControlList) policy;
            break;
        }
    }
    if (acl == null) {
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(resourcePath);
        while (applicablePolicies.hasNext()) {
            AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
            if (policy instanceof AccessControlList) {
                acl = (AccessControlList) policy;
                break;
            }
        }
    }
    if (acl == null) {
        throw new RepositoryException("Could not obtain ACL for resource " + resourcePath);
    }
    // Used only for logging.
    Set<Privilege> oldGrants = null;
    Set<Privilege> oldDenies = null;
    if (log.isDebugEnabled()) {
        oldGrants = new HashSet<Privilege>();
        oldDenies = new HashSet<Privilege>();
    }
    // Combine all existing ACEs for the target principal.
    AccessControlEntry[] accessControlEntries = acl.getAccessControlEntries();
    for (int i = 0; i < accessControlEntries.length; i++) {
        AccessControlEntry ace = accessControlEntries[i];
        if (principal.equals(ace.getPrincipal())) {
            if (log.isDebugEnabled()) {
                log.debug("Found Existing ACE for principal {} on resource {}", new Object[] { principal.getName(), resourcePath });
            }
            if (order == null || order.length() == 0) {
                //order not specified, so keep track of the original ACE position.
                order = String.valueOf(i);
            }
            boolean isAllow = isAllow(ace);
            Privilege[] privileges = ace.getPrivileges();
            if (log.isDebugEnabled()) {
                if (isAllow) {
                    oldGrants.addAll(Arrays.asList(privileges));
                } else {
                    oldDenies.addAll(Arrays.asList(privileges));
                }
            }
            for (Privilege privilege : privileges) {
                Set<String> maintainedPrivileges = disaggregateToPrivilegeNames(privilege);
                // break the existing privilege down; otherwise, maintain as is.
                if (!maintainedPrivileges.removeAll(specifiedPrivilegeNames)) {
                    // No conflicts, so preserve the original.
                    maintainedPrivileges.clear();
                    maintainedPrivileges.add(privilege.getName());
                }
                if (!maintainedPrivileges.isEmpty()) {
                    if (isAllow) {
                        newGrantedPrivilegeNames.addAll(maintainedPrivileges);
                    } else {
                        newDeniedPrivilegeNames.addAll(maintainedPrivileges);
                    }
                }
            }
            // Remove the old ACE.
            acl.removeAccessControlEntry(ace);
        }
    }
    //add a fresh ACE with the granted privileges
    List<Privilege> grantedPrivilegeList = new ArrayList<Privilege>();
    for (String name : newGrantedPrivilegeNames) {
        Privilege privilege = accessControlManager.privilegeFromName(name);
        grantedPrivilegeList.add(privilege);
    }
    if (grantedPrivilegeList.size() > 0) {
        acl.addAccessControlEntry(principal, grantedPrivilegeList.toArray(new Privilege[grantedPrivilegeList.size()]));
    }
    //add a fresh ACE with the denied privileges
    List<Privilege> deniedPrivilegeList = new ArrayList<Privilege>();
    for (String name : newDeniedPrivilegeNames) {
        Privilege privilege = accessControlManager.privilegeFromName(name);
        deniedPrivilegeList.add(privilege);
    }
    if (deniedPrivilegeList.size() > 0) {
        addEntry(acl, principal, deniedPrivilegeList.toArray(new Privilege[deniedPrivilegeList.size()]), false);
    }
    //order the ACL
    reorderAccessControlEntries(acl, principal, order);
    accessControlManager.setPolicy(resourcePath, acl);
    if (log.isDebugEnabled()) {
        List<String> oldGrantedNames = new ArrayList<String>(oldGrants.size());
        for (Privilege privilege : oldGrants) {
            oldGrantedNames.add(privilege.getName());
        }
        List<String> oldDeniedNames = new ArrayList<String>(oldDenies.size());
        for (Privilege privilege : oldDenies) {
            oldDeniedNames.add(privilege.getName());
        }
        log.debug("Updated ACE for principalName {} for resource {} from grants {}, denies {} to grants {}, denies {}", new Object[] { principal.getName(), resourcePath, oldGrantedNames, oldDeniedNames, newGrantedPrivilegeNames, newDeniedPrivilegeNames });
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) ArrayList(java.util.ArrayList) AccessControlEntry(javax.jcr.security.AccessControlEntry) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) RepositoryException(javax.jcr.RepositoryException) Privilege(javax.jcr.security.Privilege) HashSet(java.util.HashSet)

Example 9 with AccessControlPolicyIterator

use of javax.jcr.security.AccessControlPolicyIterator in project camel by apache.

the class JcrAuthTestBase method createJndiContext.

@Override
protected Context createJndiContext() throws Exception {
    Context context = super.createJndiContext();
    repository = new TransientRepository(new File(REPO_PATH));
    // set up a user to authenticate
    SessionImpl session = (SessionImpl) repository.login(new SimpleCredentials("admin", "admin".toCharArray()));
    UserManager userManager = session.getUserManager();
    User user = (User) userManager.getAuthorizable("test");
    if (user == null) {
        user = userManager.createUser("test", "quatloos");
    }
    // set up permissions
    String path = session.getRootNode().getPath();
    AccessControlManager accessControlManager = session.getAccessControlManager();
    AccessControlPolicyIterator acls = accessControlManager.getApplicablePolicies(path);
    AccessControlList acl = null;
    if (acls.hasNext()) {
        acl = (AccessControlList) acls.nextAccessControlPolicy();
    } else {
        acl = (AccessControlList) accessControlManager.getPolicies(path)[0];
    }
    acl.addAccessControlEntry(user.getPrincipal(), accessControlManager.getSupportedPrivileges(path));
    accessControlManager.setPolicy(path, acl);
    session.save();
    session.logout();
    context.bind("repository", repository);
    return context;
}
Also used : Context(javax.naming.Context) AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) SimpleCredentials(javax.jcr.SimpleCredentials) User(org.apache.jackrabbit.api.security.user.User) TransientRepository(org.apache.jackrabbit.core.TransientRepository) UserManager(org.apache.jackrabbit.api.security.user.UserManager) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) SessionImpl(org.apache.jackrabbit.core.SessionImpl) File(java.io.File)

Example 10 with AccessControlPolicyIterator

use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testGetApplicablePolicies.

// --------------------------------------< getApplicablePolicies(String) >---
@Test
public void testGetApplicablePolicies() throws Exception {
    AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(testPath);
    assertNotNull(itr);
    assertTrue(itr.hasNext());
    AccessControlPolicy policy = itr.nextAccessControlPolicy();
    assertNotNull(policy);
    assertTrue(policy instanceof ACL);
    ACL acl = (ACL) policy;
    assertTrue(acl.isEmpty());
    assertEquals(testPath, acl.getPath());
    assertFalse(itr.hasNext());
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)69 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)54 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)22 Test (org.junit.Test)16 NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)15 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)15 AccessControlList (javax.jcr.security.AccessControlList)14 AccessControlManager (javax.jcr.security.AccessControlManager)13 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)11 Node (javax.jcr.Node)7 Privilege (javax.jcr.security.Privilege)6 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)6 AccessControlEntry (javax.jcr.security.AccessControlEntry)5 Principal (java.security.Principal)3 HashSet (java.util.HashSet)3 Item (javax.jcr.Item)3 RepositoryException (javax.jcr.RepositoryException)3 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)3 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial