Examples with Privilege javax.jcr.security.Privilege used on opensource projects

Example 76 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit by apache.

the class AbstractACLTemplateTest method testReorderInvalidElements.

public void testReorderInvalidElements() throws Exception {
    Privilege[] read = privilegesFromName(Privilege.JCR_READ);
    Privilege[] write = privilegesFromName(Privilege.JCR_WRITE);
    Principal p2 = getSecondPrincipal();
    AbstractACLTemplate acl = (AbstractACLTemplate) createEmptyTemplate(getTestPath());
    acl.addAccessControlEntry(testPrincipal, read);
    acl.addAccessControlEntry(p2, write);
    AbstractACLTemplate acl2 = (AbstractACLTemplate) createEmptyTemplate(getTestPath());
    acl2.addEntry(testPrincipal, write, false);
    AccessControlEntry invalid = acl2.getEntries().get(0);
    try {
        acl.orderBefore(invalid, acl.getEntries().get(0));
        fail("src entry not contained in list -> reorder should fail.");
    } catch (AccessControlException e) {
    // success
    }
    try {
        acl.orderBefore(acl.getEntries().get(0), invalid);
        fail("dest entry not contained in list -> reorder should fail.");
    } catch (AccessControlException e) {
    // success
    }
}

Example 77 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit by apache.

the class AbstractACLTemplateTest method testReorder.

public void testReorder() throws Exception {
    Privilege[] read = privilegesFromName(Privilege.JCR_READ);
    Privilege[] write = privilegesFromName(Privilege.JCR_WRITE);
    Principal p2 = getSecondPrincipal();
    AbstractACLTemplate acl = (AbstractACLTemplate) createEmptyTemplate(getTestPath());
    acl.addAccessControlEntry(testPrincipal, read);
    acl.addEntry(testPrincipal, write, false);
    acl.addAccessControlEntry(p2, write);
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    assertEquals(3, entries.length);
    AccessControlEntry aReadTP = entries[0];
    AccessControlEntry dWriteTP = entries[1];
    AccessControlEntry aWriteP2 = entries[2];
    // reorder aWriteP2 to the first position
    acl.orderBefore(aWriteP2, aReadTP);
    assertEquals(0, acl.getEntries().indexOf(aWriteP2));
    assertEquals(1, acl.getEntries().indexOf(aReadTP));
    assertEquals(2, acl.getEntries().indexOf(dWriteTP));
    // reorder aReadTP to the end of the list
    acl.orderBefore(aReadTP, null);
    assertEquals(0, acl.getEntries().indexOf(aWriteP2));
    assertEquals(1, acl.getEntries().indexOf(dWriteTP));
    assertEquals(2, acl.getEntries().indexOf(aReadTP));
}

Example 78 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit by apache.

the class AbstractACLTemplateTest method testEffect.

public void testEffect() throws RepositoryException, NotExecutableException {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    Privilege[] read = privilegesFromName(Privilege.JCR_READ);
    Privilege[] modProp = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
    pt.addAccessControlEntry(testPrincipal, read);
    // add deny entry for mod_props
    assertTrue(pt.addEntry(testPrincipal, modProp, false, null));
    // test net-effect
    PrivilegeBits allows = PrivilegeBits.getInstance();
    PrivilegeBits denies = PrivilegeBits.getInstance();
    AccessControlEntry[] entries = pt.getAccessControlEntries();
    for (AccessControlEntry ace : entries) {
        if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
            PrivilegeBits entryBits = privilegeMgr.getBits(ace.getPrivileges());
            if (((JackrabbitAccessControlEntry) ace).isAllow()) {
                allows.addDifference(entryBits, denies);
            } else {
                denies.addDifference(entryBits, allows);
            }
        }
    }
    assertEquals(privilegeMgr.getBits(read), allows);
    assertEquals(privilegeMgr.getBits(modProp), denies);
}

Example 79 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit by apache.

the class AbstractACLTemplateTest method testRemoveInvalidEntry.

public void testRemoveInvalidEntry() throws RepositoryException {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    try {
        pt.removeAccessControlEntry(new JackrabbitAccessControlEntry() {

            public boolean isAllow() {
                return false;
            }

            public String[] getRestrictionNames() {
                return new String[0];
            }

            public Value getRestriction(String restrictionName) {
                return null;
            }

            public Value[] getRestrictions(String restrictionName) throws RepositoryException {
                return null;
            }

            public Principal getPrincipal() {
                return testPrincipal;
            }

            public Privilege[] getPrivileges() {
                try {
                    return privilegesFromName(Privilege.JCR_READ);
                } catch (Exception e) {
                    return new Privilege[0];
                }
            }
        });
        fail("Passing an unknown ACE should fail");
    } catch (AccessControlException e) {
    // success
    }
}

Example 80 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit by apache.

the class AccessControlImporterTest method testImportPolicyExists.

/**
     * Imports a resource-based ACL containing a single entry for a policy that
     * already exists.
     *
     * @throws Exception
     */
public void testImportPolicyExists() throws Exception {
    // all ACEs for an import. maybe control this behavior via uuid-flag.
    if (true) {
        return;
    }
    NodeImpl target = (NodeImpl) testRootNode;
    target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
    AccessControlManager acMgr = sImpl.getAccessControlManager();
    for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
        AccessControlPolicy policy = it.nextAccessControlPolicy();
        if (policy instanceof AccessControlList) {
            Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT) };
            ((AccessControlList) policy).addAccessControlEntry(sImpl.getPrincipalManager().getEveryone(), privs);
            acMgr.setPolicy(target.getPath(), policy);
        }
    }
    try {
        InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_2.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals("everyone", entry.getPrincipal().getName());
        List<Privilege> privs = Arrays.asList(entry.getPrivileges());
        assertEquals(2, privs.size());
        assertTrue(privs.contains(acMgr.privilegeFromName(Privilege.JCR_WRITE)) && privs.contains(acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT)));
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}