Example 71 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class WriteTest method testRemoveNodeWithInvisibleNonRemovableChild.
public void testRemoveNodeWithInvisibleNonRemovableChild() throws Exception {
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ, Privilege.JCR_WRITE });
Node invisible = superuser.getNode(childNPath).addNode(nodeName3);
superuser.save();
/* allow READ/WRITE privilege for testUser at 'path' */
givePrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
/* deny READ privilege at invisible node. (removal is still granted) */
withdrawPrivileges(invisible.getPath(), testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
Session testSession = getTestSession();
assertTrue(testSession.nodeExists(childNPath));
assertTrue(testSession.hasPermission(childNPath, Session.ACTION_REMOVE));
Node n = testSession.getNode(childNPath);
// be removed.
try {
n.remove();
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
}
}
Also used :
AccessDeniedException(javax.jcr.AccessDeniedException)
Node(javax.jcr.Node)
Privilege(javax.jcr.security.Privilege)
Session(javax.jcr.Session)
Example 72 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.
public void testGetEffectivePoliciesByPrincipal() throws Exception {
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);
JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));
acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
if (acp.length == 0) {
acp = jacMgr.getPolicies(testUser.getPrincipal());
}
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlList);
// let testuser read the ACL defined for 'testUser' principal.
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
jacMgr.setPolicy(acl.getPath(), acl);
superuser.save();
Session testSession = getTestSession();
AccessControlManager testAcMgr = getTestACManager();
// effective policies for testPrinicpal only on path -> must succeed.
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
// effective policies for a combination of principals -> must fail
try {
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(((SessionImpl) testSession).getSubject().getPrincipals());
fail();
} catch (AccessDeniedException e) {
// success
}
}
Also used :
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlManager(javax.jcr.security.AccessControlManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessDeniedException(javax.jcr.AccessDeniedException)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Principal(java.security.Principal)
Session(javax.jcr.Session)
Example 73 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class AccessControlListImplTest method testMultipleEntryEffect2.
public void testMultipleEntryEffect2() throws Exception {
JackrabbitAccessControlList acl = createAccessControList(testRoot);
// GRANT a read privilege
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ });
assertTrue("New Entry -> grants read privilege", acl.addAccessControlEntry(unknownPrincipal, privileges));
assertTrue("Fail to revoke the read privilege", acl.addEntry(unknownPrincipal, privileges, false, createEmptyRestriction()));
Assert.assertEquals(2, acl.size());
}
Also used :
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 74 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class AbstractEntryTest method testEquals.
public void testEquals() throws RepositoryException, NotExecutableException {
Map<AccessControlEntry, AccessControlEntry> equalAces = new HashMap<AccessControlEntry, AccessControlEntry>();
JackrabbitAccessControlEntry ace = createEntry(new String[] { Privilege.JCR_ALL }, true);
// create same entry again
equalAces.put(ace, createEntry(new String[] { Privilege.JCR_ALL }, true));
// create entry with declared aggregate privileges
Privilege[] declaredAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getDeclaredAggregatePrivileges();
equalAces.put(ace, createEntry(testPrincipal, declaredAllPrivs, true));
// create entry with aggregate privileges
Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getAggregatePrivileges();
equalAces.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true));
// create entry with different privilege order
List<Privilege> reordered = new ArrayList<Privilege>(Arrays.asList(aggregateAllPrivs));
reordered.add(reordered.remove(0));
equalAces.put(createEntry(testPrincipal, reordered.toArray(new Privilege[reordered.size()]), true), createEntry(testPrincipal, aggregateAllPrivs, true));
// even if entries are build with aggregated or declared aggregate privileges
equalAces.put(createEntry(testPrincipal, declaredAllPrivs, true), createEntry(testPrincipal, aggregateAllPrivs, true));
for (AccessControlEntry entry : equalAces.keySet()) {
assertEquals(entry, equalAces.get(entry));
}
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
Example 75 with Privilege
use of javax.jcr.security.Privilege in project jackrabbit by apache.
the class AbstractEntryTest method testHashCode.
public void testHashCode() throws RepositoryException, NotExecutableException {
Map<AccessControlEntry, AccessControlEntry> equivalent = new HashMap<AccessControlEntry, AccessControlEntry>();
JackrabbitAccessControlEntry ace = createEntry(new String[] { Privilege.JCR_ALL }, true);
// create same entry again
equivalent.put(ace, createEntry(new String[] { Privilege.JCR_ALL }, true));
// create entry with declared aggregate privileges
Privilege[] declaredAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getDeclaredAggregatePrivileges();
equivalent.put(ace, createEntry(testPrincipal, declaredAllPrivs, true));
// create entry with aggregate privileges
Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getAggregatePrivileges();
equivalent.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true));
// create entry with different privilege order
List<Privilege> reordered = new ArrayList<Privilege>(Arrays.asList(aggregateAllPrivs));
reordered.add(reordered.remove(0));
equivalent.put(createEntry(testPrincipal, reordered.toArray(new Privilege[reordered.size()]), true), createEntry(testPrincipal, aggregateAllPrivs, true));
// even if entries are build with aggregated or declared aggregate privileges
equivalent.put(createEntry(testPrincipal, declaredAllPrivs, true), createEntry(testPrincipal, aggregateAllPrivs, true));
for (AccessControlEntry entry : equivalent.keySet()) {
assertEquals(entry.hashCode(), equivalent.get(entry).hashCode());
}
// and the opposite:
List<JackrabbitAccessControlEntry> otherAces = new ArrayList<JackrabbitAccessControlEntry>();
try {
// ACE template with different principal
Principal princ = new Principal() {
public String getName() {
return "a name";
}
};
Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) };
otherAces.add(createEntry(princ, privs, true));
} catch (RepositoryException e) {
}
// ACE template with different privileges
try {
otherAces.add(createEntry(new String[] { Privilege.JCR_READ }, true));
} catch (RepositoryException e) {
}
// ACE template with different 'allow' flag
try {
otherAces.add(createEntry(new String[] { Privilege.JCR_ALL }, false));
} catch (RepositoryException e) {
}
// ACE template with different privileges and 'allows
try {
otherAces.add(createEntry(new String[] { PrivilegeRegistry.REP_WRITE }, false));
} catch (RepositoryException e) {
}
// other ace impl
final Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) };
JackrabbitAccessControlEntry pe = new JackrabbitAccessControlEntry() {
public boolean isAllow() {
return true;
}
public String[] getRestrictionNames() {
return new String[0];
}
public Value getRestriction(String restrictionName) {
return null;
}
public Value[] getRestrictions(String restrictionName) throws RepositoryException {
return null;
}
public Principal getPrincipal() {
return testPrincipal;
}
public Privilege[] getPrivileges() {
return privs;
}
};
otherAces.add(pe);
for (JackrabbitAccessControlEntry otherAce : otherAces) {
assertFalse(ace.hashCode() == otherAce.hashCode());
}
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
RepositoryException(javax.jcr.RepositoryException)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
Value(javax.jcr.Value)
Privilege(javax.jcr.security.Privilege)
Principal(java.security.Principal)
Aggregations
Privilege (javax.jcr.security.Privilege)316
Test (org.junit.Test)95
AccessControlManager (javax.jcr.security.AccessControlManager)82
Session (javax.jcr.Session)76
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)59
Principal (java.security.Principal)57
Node (javax.jcr.Node)53
AccessControlEntry (javax.jcr.security.AccessControlEntry)47
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)37
Value (javax.jcr.Value)30
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)28
HashMap (java.util.HashMap)26
AccessDeniedException (javax.jcr.AccessDeniedException)25
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)25
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)24
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)24
ArrayList (java.util.ArrayList)21
AccessControlException (javax.jcr.security.AccessControlException)21
AccessControlList (javax.jcr.security.AccessControlList)21
Group (org.apache.jackrabbit.api.security.user.Group)20
