Example 21 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class AccessControlUtils method getAccessControlList.
/**
* Utility that combines {@link AccessControlManager#getApplicablePolicies(String)}
* and {@link AccessControlManager#getPolicies(String)} to retrieve
* a modifiable {@code JackrabbitAccessControlList} for the given path.<br>
*
* Note that the policy must be {@link AccessControlManager#setPolicy(String,
* javax.jcr.security.AccessControlPolicy) reapplied}
* and the changes must be saved in order to make the AC modifications take
* effect.
*
* @param accessControlManager The {@code AccessControlManager} .
* @param absPath The absolute path of the target node.
* @return A modifiable access control list or null if there is none.
* @throws RepositoryException If an error occurs.
*/
public static JackrabbitAccessControlList getAccessControlList(AccessControlManager accessControlManager, String absPath) throws RepositoryException {
// try applicable (new) ACLs
AccessControlPolicyIterator itr = accessControlManager.getApplicablePolicies(absPath);
while (itr.hasNext()) {
AccessControlPolicy policy = itr.nextAccessControlPolicy();
if (policy instanceof JackrabbitAccessControlList) {
return (JackrabbitAccessControlList) policy;
}
}
// try if there is an acl that has been set before
AccessControlPolicy[] pcls = accessControlManager.getPolicies(absPath);
for (AccessControlPolicy policy : pcls) {
if (policy instanceof JackrabbitAccessControlList) {
return (JackrabbitAccessControlList) policy;
}
}
// no policy found
return null;
}
Also used :
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 22 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class AccessControlPolicyTest method testApplicablePoliciesAreDistintFromSetPolicies.
public void testApplicablePoliciesAreDistintFromSetPolicies() throws RepositoryException, NotExecutableException {
checkCanReadAc(path);
// call must succeed without exception
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
Set<AccessControlPolicy> acps = new HashSet<AccessControlPolicy>();
while (it.hasNext()) {
acps.add(it.nextAccessControlPolicy());
}
AccessControlPolicy[] policies = acMgr.getPolicies(path);
for (int i = 0; i < policies.length; i++) {
assertFalse("The applicable policies obtained should not be present among the policies obtained through AccessControlManager.getPolicies.", acps.contains(policies[i]));
}
}
Also used :
NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
HashSet(java.util.HashSet)
Example 23 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class AccessControlPolicyTest method testGetPolicyAfterSave.
public void testGetPolicyAfterSave() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanReadAc(path);
checkCanModifyAc(path);
AccessControlPolicy policy;
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
if (it.hasNext()) {
policy = it.nextAccessControlPolicy();
acMgr.setPolicy(path, policy);
superuser.save();
// remember for tearDown
addedPolicies.put(path, policy);
} else {
throw new NotExecutableException();
}
Session s2 = null;
try {
s2 = getHelper().getSuperuserSession();
List<AccessControlPolicy> plcs = Arrays.asList(getAccessControlManager(s2).getPolicies(path));
// TODO: check again if policies can be compared with equals!
assertTrue("Policy must be visible to another superuser session.", plcs.contains(policy));
} finally {
if (s2 != null) {
s2.logout();
}
}
}
Also used :
NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Session(javax.jcr.Session)
Example 24 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class AccessControlPolicyTest method testSetPolicyIsTransient.
public void testSetPolicyIsTransient() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanModifyAc(path);
List<AccessControlPolicy> currentPolicies = Arrays.asList(acMgr.getPolicies(path));
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
if (it.hasNext()) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
acMgr.setPolicy(path, policy);
superuser.refresh(false);
String mgs = "Reverting 'setPolicy' must change back the return value of getPolicies.";
if (currentPolicies.isEmpty()) {
assertTrue(mgs, acMgr.getPolicies(path).length == 0);
} else {
assertEquals(mgs, currentPolicies, Arrays.asList(acMgr.getPolicies(path)));
}
} else {
throw new NotExecutableException();
}
}
Also used :
NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Example 25 with AccessControlPolicyIterator
use of javax.jcr.security.AccessControlPolicyIterator in project jackrabbit by apache.
the class AccessControlPolicyTest method testApplicablePoliciesAreDistinct.
public void testApplicablePoliciesAreDistinct() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanReadAc(path);
// call must succeed without exception
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
Set<AccessControlPolicy> acps = new HashSet<AccessControlPolicy>();
while (it.hasNext()) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
if (!acps.add(policy)) {
fail("The applicable policies present should be unique among the choices. Policy " + policy + " occured multiple times.");
}
}
}
Also used :
NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
HashSet(java.util.HashSet)
Aggregations
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)69
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)54
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)22
Test (org.junit.Test)16
NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)15
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)15
AccessControlList (javax.jcr.security.AccessControlList)14
AccessControlManager (javax.jcr.security.AccessControlManager)13
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)11
Node (javax.jcr.Node)7
Privilege (javax.jcr.security.Privilege)6
JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)6
AccessControlEntry (javax.jcr.security.AccessControlEntry)5
Principal (java.security.Principal)3
HashSet (java.util.HashSet)3
Item (javax.jcr.Item)3
RepositoryException (javax.jcr.RepositoryException)3
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)3
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
