Example 51 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class ReadTest method testAllowUserPathDenyGroupChildPath.
public void testAllowUserPathDenyGroupChildPath() throws Exception {
Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
Principal group = getTestGroup().getPrincipal();
/*
allow READ privilege for testUser at 'path'
*/
givePrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
/*
deny READ privilege for group at 'childPath'
*/
withdrawPrivileges(path, group, privileges, getRestrictions(superuser, childNPath));
Session testSession = getTestSession();
assertTrue(testSession.nodeExists(childNPath));
}
Also used :
Privilege(javax.jcr.security.Privilege)
Principal(java.security.Principal)
Session(javax.jcr.Session)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Example 52 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class ReadTest method testAllowEveryonePathDenyGroupChildPath.
public void testAllowEveryonePathDenyGroupChildPath() throws Exception {
Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
Principal group = getTestGroup().getPrincipal();
Principal everyone = ((JackrabbitSession) superuser).getPrincipalManager().getEveryone();
/*
allow READ privilege for everyone at 'path'
*/
givePrivileges(path, everyone, privileges, getRestrictions(superuser, path));
/*
deny READ privilege for group at 'childNPath'
*/
withdrawPrivileges(path, group, privileges, getRestrictions(superuser, childNPath));
Session testSession = getTestSession();
assertFalse(testSession.nodeExists(childNPath));
}
Also used :
Privilege(javax.jcr.security.Privilege)
Principal(java.security.Principal)
Session(javax.jcr.Session)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Example 53 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class ReadTest method testDenyGroupAllowUser.
public void testDenyGroupAllowUser() throws Exception {
Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
Principal group = getTestGroup().getPrincipal();
/*
deny READ privilege for group at 'path'
*/
withdrawPrivileges(path, group, privileges, getRestrictions(superuser, path));
/*
allow READ privilege for testUser at 'path'
*/
givePrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
Session testSession = getTestSession();
assertTrue(testSession.nodeExists(path));
}
Also used :
Privilege(javax.jcr.security.Privilege)
Principal(java.security.Principal)
Session(javax.jcr.Session)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Example 54 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class ReadTest method testRemoveMixin.
public void testRemoveMixin() throws Exception {
Node n = superuser.getNode(path);
Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
withdrawPrivileges(path, privileges, getRestrictions(superuser, path));
assertTrue(n.hasNode("rep:policy"));
assertTrue(n.isNodeType("rep:AccessControllable"));
n.removeMixin("rep:AccessControllable");
superuser.save();
assertFalse(n.hasNode("rep:policy"));
assertFalse(n.isNodeType("rep:AccessControllable"));
}Example 55 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class JackrabbitAccessControlListTest method testAddEntry2.
public void testAddEntry2() throws NotExecutableException, RepositoryException {
Principal princ = getValidPrincipal();
Privilege[] privs = privilegesFromName(PrivilegeRegistry.REP_WRITE);
templ.addEntry(princ, privs, true, Collections.<String, Value>emptyMap());
AccessControlEntry[] entries = templ.getAccessControlEntries();
assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0);
PrivilegeBits allows = PrivilegeBits.getInstance();
for (AccessControlEntry en : entries) {
PrivilegeBits bits = privilegeMgr.getBits(en.getPrivileges());
if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
allows.add(bits);
}
}
assertTrue("After successfully granting WRITE, the entries must reflect this", allows.includes(privilegeMgr.getBits(privs)));
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
Principal(java.security.Principal)
Aggregations
Privilege (javax.jcr.security.Privilege)316
Test (org.junit.Test)95
AccessControlManager (javax.jcr.security.AccessControlManager)82
Session (javax.jcr.Session)76
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)59
Principal (java.security.Principal)57
Node (javax.jcr.Node)53
AccessControlEntry (javax.jcr.security.AccessControlEntry)47
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)37
Value (javax.jcr.Value)30
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)28
HashMap (java.util.HashMap)26
AccessDeniedException (javax.jcr.AccessDeniedException)25
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)25
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)24
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)24
ArrayList (java.util.ArrayList)21
AccessControlException (javax.jcr.security.AccessControlException)21
AccessControlList (javax.jcr.security.AccessControlList)21
Group (org.apache.jackrabbit.api.security.user.Group)20
