Example 16 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class ACLEditorTest method testNodeNotRepAccessControllableAddMixin.
public void testNodeNotRepAccessControllableAddMixin() throws RepositoryException, LockException, ConstraintViolationException, NoSuchNodeTypeException, ItemExistsException, VersionException {
superuser.getNode(testPath).addMixin("rep:AccessControllable");
superuser.save();
AccessControlPolicy[] plcs = acMgr.getPolicies(testPath);
assertNotNull(plcs);
assertEquals(1, plcs.length);
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(testPath);
assertNotNull(it);
assertEquals(0, it.getSize());
}
Also used :
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Example 17 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class AbstractRepositoryOperationTest method testGetEffectivePoliciesByPrincipal.
public void testGetEffectivePoliciesByPrincipal() throws Exception {
if (!(acMgr instanceof JackrabbitAccessControlManager)) {
throw new NotExecutableException();
}
JackrabbitAccessControlManager jAcMgr = (JackrabbitAccessControlManager) acMgr;
Set<Principal> principalSet = Collections.singleton(testUser.getPrincipal());
try {
// initial state: no repo level policy
AccessControlPolicy[] policies = acMgr.getPolicies(null);
assertNotNull(policies);
assertEquals(0, policies.length);
AccessControlPolicy[] effective = jAcMgr.getEffectivePolicies(principalSet);
assertNotNull(effective);
assertEquals(0, effective.length);
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
assertTrue(it.hasNext());
// modify the repo level policy
modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
// verify that the effective policies for the given principal set
// is properly calculated.
AccessControlPolicy[] eff = jAcMgr.getEffectivePolicies(principalSet);
assertNotNull(eff);
assertEquals(1, eff.length);
assertTrue(eff[0] instanceof AccessControlList);
AccessControlList acl = (AccessControlList) eff[0];
AccessControlEntry[] aces = acl.getAccessControlEntries();
assertNotNull(aces);
assertEquals(2, aces.length);
for (AccessControlEntry ace : aces) {
assertEquals(testUser.getPrincipal(), ace.getPrincipal());
}
} catch (UnsupportedRepositoryOperationException e) {
throw new NotExecutableException();
} finally {
// remove it again
for (AccessControlPolicy plc : acMgr.getPolicies(null)) {
acMgr.removePolicy(null, plc);
}
superuser.save();
// back to initial state: no repo level policy
AccessControlPolicy[] policies = acMgr.getPolicies(null);
assertNotNull(policies);
assertEquals(0, policies.length);
}
}
Also used :
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
UnsupportedRepositoryOperationException(javax.jcr.UnsupportedRepositoryOperationException)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Principal(java.security.Principal)
Example 18 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class AbstractRepositoryOperationTest method testRepoPolicyAPI.
public void testRepoPolicyAPI() throws Exception {
try {
// initial state: no repo level policy
AccessControlPolicy[] policies = acMgr.getPolicies(null);
assertNotNull(policies);
assertEquals(0, policies.length);
AccessControlPolicy[] effective = acMgr.getEffectivePolicies(null);
assertNotNull(effective);
assertEquals(0, effective.length);
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
assertNotNull(it);
assertTrue(it.hasNext());
AccessControlPolicy acp = it.nextAccessControlPolicy();
assertNotNull(acp);
assertTrue(acp instanceof JackrabbitAccessControlPolicy);
// modify the repo level policy
modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
AccessControlPolicy[] plcs = acMgr.getPolicies(null);
assertNotNull(plcs);
assertEquals(1, plcs.length);
assertTrue(plcs[0] instanceof AccessControlList);
AccessControlList acl = (AccessControlList) plcs[0];
AccessControlEntry[] aces = acl.getAccessControlEntries();
assertNotNull(aces);
assertEquals(2, aces.length);
assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, true);
assertPermission(Permission.NAMESPACE_MNGMT, true);
assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
effective = acMgr.getEffectivePolicies(null);
assertNotNull(effective);
assertEquals(1, effective.length);
assertTrue(effective[0] instanceof AccessControlList);
acl = (AccessControlList) effective[0];
aces = acl.getAccessControlEntries();
assertNotNull(aces);
assertEquals(2, aces.length);
// change the policy: removing the second entry in the access control list
acl = (AccessControlList) acMgr.getPolicies(null)[0];
AccessControlEntry toRemove = acl.getAccessControlEntries()[1];
acl.removeAccessControlEntry(toRemove);
acMgr.setPolicy(null, acl);
superuser.save();
acl = (AccessControlList) acMgr.getPolicies(null)[0];
aces = acl.getAccessControlEntries();
assertNotNull(aces);
assertEquals(1, aces.length);
assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, false);
assertPermission(Permission.NAMESPACE_MNGMT, false);
assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
} catch (UnsupportedRepositoryOperationException e) {
throw new NotExecutableException();
} finally {
// remove it again
for (AccessControlPolicy plc : acMgr.getPolicies(null)) {
acMgr.removePolicy(null, plc);
}
superuser.save();
// back to initial state: no repo level policy
AccessControlPolicy[] policies = acMgr.getPolicies(null);
assertNotNull(policies);
assertEquals(0, policies.length);
AccessControlPolicy[] effective = acMgr.getEffectivePolicies(null);
assertNotNull(effective);
assertEquals(0, effective.length);
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
assertNotNull(it);
assertTrue(it.hasNext());
AccessControlPolicy acp = it.nextAccessControlPolicy();
assertNotNull(acp);
assertTrue(acp instanceof JackrabbitAccessControlPolicy);
}
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
UnsupportedRepositoryOperationException(javax.jcr.UnsupportedRepositoryOperationException)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
Example 19 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class JackrabbitAccessControlListTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
Node n = testRootNode.addNode(nodeName1, testNodeType);
superuser.save();
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
while (it.hasNext() && templ == null) {
AccessControlPolicy p = it.nextAccessControlPolicy();
if (p instanceof JackrabbitAccessControlList) {
templ = (JackrabbitAccessControlList) p;
}
}
if (templ == null) {
superuser.logout();
throw new NotExecutableException("No JackrabbitAccessControlList to test.");
}
privilegeMgr = (PrivilegeManagerImpl) ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager();
}
Also used :
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
Node(javax.jcr.Node)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
JackrabbitWorkspace(org.apache.jackrabbit.api.JackrabbitWorkspace)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 20 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class AcReadWriteTest method testSetNewPolicy.
/**
* Test if a new applicable policy can be applied within a individual
* subtree where AC-modification is allowed.
*
* @throws RepositoryException
* @throws NotExecutableException
* @see <a href="https://issues.apache.org/jira/browse/JCR-2869">JCR-2869</a>
*/
public void testSetNewPolicy() throws RepositoryException, NotExecutableException {
/* precondition:
testuser must have READ-only permission on test-node and below
*/
checkReadOnly(path);
/* grant 'testUser' rep:write, rep:readAccessControl and
rep:modifyAccessControl privileges at 'path' */
Privilege[] privileges = privilegesFromNames(new String[] { PrivilegeRegistry.REP_WRITE, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL });
JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
AccessControlManager testAcMgr = getTestACManager();
/*
testuser must be allowed to set a new policy at a child node.
*/
AccessControlPolicyIterator it = testAcMgr.getApplicablePolicies(childNPath);
while (it.hasNext()) {
AccessControlPolicy plc = it.nextAccessControlPolicy();
testAcMgr.setPolicy(childNPath, plc);
testAcMgr.removePolicy(childNPath, plc);
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Aggregations
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)69
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)54
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)22
Test (org.junit.Test)16
NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)15
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)15
AccessControlList (javax.jcr.security.AccessControlList)14
AccessControlManager (javax.jcr.security.AccessControlManager)13
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)11
Node (javax.jcr.Node)7
Privilege (javax.jcr.security.Privilege)6
JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)6
AccessControlEntry (javax.jcr.security.AccessControlEntry)5
Principal (java.security.Principal)3
HashSet (java.util.HashSet)3
Item (javax.jcr.Item)3
RepositoryException (javax.jcr.RepositoryException)3
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)3
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
