Example 61 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testGetSupportedPrivilegesIncludingPathConversion.
@Test
public void testGetSupportedPrivilegesIncludingPathConversion() throws Exception {
List<Privilege> allPrivileges = Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges());
List<String> testPaths = new ArrayList();
testPaths.add('/' + TEST_LOCAL_PREFIX + ":testRoot");
testPaths.add("/{" + TEST_URI + "}testRoot");
NameMapper remapped = new LocalNameMapper(root, singletonMap(TEST_LOCAL_PREFIX, TEST_URI));
AccessControlManager acMgr = createAccessControlManager(root, new NamePathMapperImpl(remapped));
for (String path : testPaths) {
Privilege[] supported = acMgr.getSupportedPrivileges(path);
assertNotNull(supported);
assertEquals(allPrivileges.size(), supported.length);
assertTrue(allPrivileges.containsAll(Arrays.asList(supported)));
}
}
Also used :
AbstractAccessControlManager(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager)
AccessControlManager(javax.jcr.security.AccessControlManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
ArrayList(java.util.ArrayList)
NameMapper(org.apache.jackrabbit.oak.namepath.NameMapper)
GlobalNameMapper(org.apache.jackrabbit.oak.namepath.GlobalNameMapper)
LocalNameMapper(org.apache.jackrabbit.oak.namepath.LocalNameMapper)
Privilege(javax.jcr.security.Privilege)
NamePathMapperImpl(org.apache.jackrabbit.oak.namepath.NamePathMapperImpl)
LocalNameMapper(org.apache.jackrabbit.oak.namepath.LocalNameMapper)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 62 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipal.
@Test
public void testTestSessionGetEffectivePoliciesByPrincipal() throws Exception {
NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
String childPath = child.getTree().getPath();
Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
setupPolicy(testPath, privs);
setupPolicy(childPath, privs);
root.commit();
Root testRoot = getTestRoot();
testRoot.refresh();
JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
assertNotNull(effective);
assertEquals(2, effective.length);
}
Also used :
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Root(org.apache.jackrabbit.oak.api.Root)
Privilege(javax.jcr.security.Privilege)
NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 63 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testModifyExistingPolicy.
@Test
public void testModifyExistingPolicy() throws Exception {
ACL acl = getApplicablePolicy(testPath);
assertTrue(acl.addAccessControlEntry(testPrincipal, testPrivileges));
AccessControlEntry allowTest = acl.getAccessControlEntries()[0];
acMgr.setPolicy(testPath, acl);
root.commit();
acl = (ACL) acMgr.getPolicies(testPath)[0];
assertTrue(acl.addEntry(EveryonePrincipal.getInstance(), testPrivileges, false, getGlobRestriction("*/something")));
AccessControlEntry[] aces = acl.getAccessControlEntries();
assertEquals(2, aces.length);
AccessControlEntry denyEveryone = aces[1];
assertEquals(EveryonePrincipal.getInstance(), denyEveryone.getPrincipal());
acl.orderBefore(denyEveryone, allowTest);
acMgr.setPolicy(testPath, acl);
root.commit();
acl = (ACL) acMgr.getPolicies(testPath)[0];
aces = acl.getAccessControlEntries();
assertEquals(2, aces.length);
assertEquals(denyEveryone, aces[0]);
assertEquals(allowTest, aces[1]);
Privilege[] readAc = new Privilege[] { acMgr.privilegeFromName(PrivilegeConstants.JCR_READ_ACCESS_CONTROL) };
assertTrue(acl.addEntry(testPrincipal, readAc, false, Collections.<String, Value>emptyMap()));
assertEquals(3, acl.size());
AccessControlEntry denyTest = acl.getAccessControlEntries()[2];
acl.orderBefore(denyTest, allowTest);
acMgr.setPolicy(testPath, acl);
acl = (ACL) acMgr.getPolicies(testPath)[0];
aces = acl.getAccessControlEntries();
assertEquals(3, aces.length);
assertEquals(denyEveryone, aces[0]);
assertEquals(denyTest, aces[1]);
assertEquals(allowTest, aces[2]);
}
Also used :
Value(javax.jcr.Value)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)
Privilege(javax.jcr.security.Privilege)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 64 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testPrivilegeFromExpandedName.
@Test
public void testPrivilegeFromExpandedName() throws Exception {
Privilege readPriv = getPrivilegeManager(root).getPrivilege(PrivilegeConstants.JCR_READ);
assertEquals(readPriv, acMgr.privilegeFromName(Privilege.JCR_READ));
}
Also used :
Privilege(javax.jcr.security.Privilege)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 65 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class JcrSupportedPrivilegesProperty method asDavProperty.
/**
* Calculated the supported privileges at {@code absPath} and build a
* {@link org.apache.jackrabbit.webdav.security.SupportedPrivilegeSetProperty}
* from the result.
*
* @return a new {@code SupportedPrivilegeSetProperty} property.
* @throws RepositoryException
*/
public SupportedPrivilegeSetProperty asDavProperty() throws RepositoryException {
if (privileges.isEmpty()) {
AccessControlManager acMgr = session.getAccessControlManager();
privileges.addAll(Arrays.asList(acMgr.getSupportedPrivileges(absPath)));
}
for (Privilege p : privileges) {
if (!aggregated.contains(p.getName())) {
createSupportedPrivilege(p);
}
}
return new SupportedPrivilegeSetProperty(supportedPrivileges.values().toArray(new SupportedPrivilege[supportedPrivileges.size()]));
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
SupportedPrivilegeSetProperty(org.apache.jackrabbit.webdav.security.SupportedPrivilegeSetProperty)
SupportedPrivilege(org.apache.jackrabbit.webdav.security.SupportedPrivilege)
SupportedPrivilege(org.apache.jackrabbit.webdav.security.SupportedPrivilege)
Privilege(javax.jcr.security.Privilege)
Aggregations
Privilege (javax.jcr.security.Privilege)316
Test (org.junit.Test)95
AccessControlManager (javax.jcr.security.AccessControlManager)82
Session (javax.jcr.Session)76
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)59
Principal (java.security.Principal)57
Node (javax.jcr.Node)53
AccessControlEntry (javax.jcr.security.AccessControlEntry)47
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)37
Value (javax.jcr.Value)30
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)28
HashMap (java.util.HashMap)26
AccessDeniedException (javax.jcr.AccessDeniedException)25
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)25
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)24
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)24
ArrayList (java.util.ArrayList)21
AccessControlException (javax.jcr.security.AccessControlException)21
AccessControlList (javax.jcr.security.AccessControlList)21
Group (org.apache.jackrabbit.api.security.user.Group)20
