Search in sources :

Example 6 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipal.

@Test
public void testTestSessionGetEffectivePoliciesByPrincipal() throws Exception {
    NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
    String childPath = child.getTree().getPath();
    Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
    setupPolicy(testPath, privs);
    setupPolicy(childPath, privs);
    root.commit();
    Root testRoot = getTestRoot();
    testRoot.refresh();
    JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
    AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
    assertNotNull(effective);
    assertEquals(2, effective.length);
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) Privilege(javax.jcr.security.Privilege) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 7 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testPrivilegeFromExpandedName.

@Test
public void testPrivilegeFromExpandedName() throws Exception {
    Privilege readPriv = getPrivilegeManager(root).getPrivilege(PrivilegeConstants.JCR_READ);
    assertEquals(readPriv, acMgr.privilegeFromName(Privilege.JCR_READ));
}
Also used : Privilege(javax.jcr.security.Privilege) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 8 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class ConcurrentCreateNodesTest method createACLsForEveryone.

private void createACLsForEveryone(Session session, int numACLs) throws RepositoryException {
    AccessControlManager acMgr = session.getAccessControlManager();
    Node listenHere = session.getRootNode().addNode("nodes-with-acl");
    for (int i = 0; i < numACLs; i++) {
        String path = listenHere.addNode("node-" + i).getPath();
        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, path);
        if (acl.isEmpty()) {
            Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
            if (acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges)) {
                acMgr.setPolicy(path, acl);
            }
        }
    }
    session.save();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 9 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class ConcurrentEveryoneACLTest method beforeSuite.

@Override
public void beforeSuite() throws Exception {
    Session session = loginWriter();
    AccessControlManager acMgr = session.getAccessControlManager();
    Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
    final Node root = session.getRootNode().addNode(ROOT_NODE_NAME, "nt:unstructured");
    for (int i = 0; i < NODE_COUNT; i++) {
        Node node = root.addNode("node" + i, "nt:unstructured");
        for (int j = 0; j < NODE_COUNT; j++) {
            Node newNode = node.addNode("node" + j, "nt:unstructured");
            JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, newNode.getPath());
            acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
            acMgr.setPolicy(newNode.getPath(), acl);
        }
        session.save();
    }
    // deny everyone on root node
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, root.getPath());
    acl.addEntry(EveryonePrincipal.getInstance(), privileges, false);
    acMgr.setPolicy(root.getPath(), acl);
    session.save();
    final int[] numACEs = new int[1];
    ItemVisitor v = new TraversingItemVisitor.Default() {

        @Override
        protected void entering(Node node, int i) throws RepositoryException {
            if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
                numACEs[0]++;
            }
            super.entering(node, i);
        }

        @Override
        protected void entering(Property prop, int i) throws RepositoryException {
            super.entering(prop, i);
        }
    };
    v.visit(root);
    System.out.println("Num ACEs: " + numACEs[0]);
    session.logout();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) ItemVisitor(javax.jcr.ItemVisitor) TraversingItemVisitor(javax.jcr.util.TraversingItemVisitor) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Property(javax.jcr.Property) Session(javax.jcr.Session)

Example 10 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class ConcurrentReadAccessControlledTreeTest2 method addPolicy.

private void addPolicy(Node node) throws RepositoryException {
    AccessControlManager acMgr = node.getSession().getAccessControlManager();
    String path = node.getPath();
    int level = 0;
    if (node.isNodeType(AccessControlConstants.NT_REP_POLICY)) {
        level = 1;
    } else if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
        level = 2;
    } else if (node.isNodeType(AccessControlConstants.NT_REP_RESTRICTIONS)) {
        level = 3;
    }
    if (level > 0) {
        path = Text.getRelativeParent(path, level);
    }
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(node.getSession(), path);
    if (acl != null) {
        Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
        for (Principal principal : principals) {
            acl.addAccessControlEntry(principal, privileges);
        }
        acMgr.setPolicy(path, acl);
        adminSession.save();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal)

Aggregations

Privilege (javax.jcr.security.Privilege)336 Test (org.junit.Test)95 AccessControlManager (javax.jcr.security.AccessControlManager)94 Session (javax.jcr.Session)80 Principal (java.security.Principal)63 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)60 Node (javax.jcr.Node)54 AccessControlEntry (javax.jcr.security.AccessControlEntry)52 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)39 Value (javax.jcr.Value)31 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)31 HashMap (java.util.HashMap)28 AccessDeniedException (javax.jcr.AccessDeniedException)26 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)26 AccessControlList (javax.jcr.security.AccessControlList)25 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)25 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)24 ArrayList (java.util.ArrayList)23 HashSet (java.util.HashSet)21 AccessControlException (javax.jcr.security.AccessControlException)21