use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class L5_PrivilegeContentTest method testNext.
@Test
public void testNext() throws RepositoryException, CommitFailedException {
PropertyState next = PrivilegeUtil.getPrivilegesTree(root).getProperty(PrivilegeConstants.REP_NEXT);
PrivilegeManager privilegeManager = getPrivilegeManager(root);
Privilege newPrivilege = privilegeManager.registerPrivilege("myPrivilege", true, null);
root.commit();
// EXERCISE: compare the 'next' property state with rep:bits property of the newly created privilege.
PropertyState nextAgain = PrivilegeUtil.getPrivilegesTree(root).getProperty(PrivilegeConstants.REP_NEXT);
// EXERCISE: look at the new value of rep:next and explain it. Q: where did it get modified?
// EXERCISE: try to modify rep:next manually and explain what happens.
}
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class L7_PrivilegeDiscoveryTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
SimpleCredentials creds = new SimpleCredentials("u", "u".toCharArray());
UserManager uMgr = ((JackrabbitSession) superuser).getUserManager();
User u = uMgr.createUser(creds.getUserID(), creds.getUserID());
Group g = uMgr.createGroup("g");
g.addMember(u);
uPrincipal = u.getPrincipal();
gPrincipal = g.getPrincipal();
Node n = superuser.getNode(testRoot).addNode(nodeName1);
testPath = n.getPath();
Property p = n.setProperty(propertyName1, "value");
propPath = p.getPath();
Privilege[] privs = AccessControlUtils.privilegesFromNames(superuser, Privilege.JCR_VERSION_MANAGEMENT, Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_MODIFY_PROPERTIES);
AccessControlUtils.addAccessControlEntry(superuser, n.getPath(), gPrincipal, privs, true);
AccessControlUtils.addAccessControlEntry(superuser, n.getPath(), uPrincipal, new String[] { Privilege.JCR_VERSION_MANAGEMENT }, false);
Node child = n.addNode(nodeName2);
childPath = child.getPath();
superuser.save();
userSession = getHelper().getRepository().login(creds);
// NOTE the following precondition defined by the test-setup!
assertTrue(userSession.nodeExists(testPath));
assertTrue(userSession.nodeExists(childPath));
}
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlImporterTest method testImportPolicyExists.
/**
* Imports a resource-based ACL containing a single entry for a policy that
* already exists: expected outcome its that the existing ACE is replaced.
*/
public void testImportPolicyExists() throws Exception {
try {
Node target = createImportTargetWithPolicy(EveryonePrincipal.getInstance());
doImport(target.getPath(), XML_POLICY_TREE_2);
AccessControlManager acMgr = superuser.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(1, entries.length);
AccessControlEntry entry = entries[0];
assertEquals(EveryonePrincipal.getInstance(), entry.getPrincipal());
List<Privilege> privs = Arrays.asList(entry.getPrivileges());
assertEquals(1, privs.size());
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
} finally {
superuser.refresh(false);
}
}
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlImporterTest method createImportTargetWithPolicy.
private Node createImportTargetWithPolicy(@Nullable Principal principal) throws RepositoryException {
Node target = testRootNode.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
AccessControlManager acMgr = superuser.getAccessControlManager();
for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
if (policy instanceof AccessControlList) {
if (principal != null) {
Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT) };
((AccessControlList) policy).addAccessControlEntry(principal, privs);
}
acMgr.setPolicy(target.getPath(), policy);
}
}
if (!isSessionImport()) {
superuser.save();
}
return target;
}
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class AccessControlManagementTest method testReadAccessControlWithoutPrivilege.
@Test
public void testReadAccessControlWithoutPrivilege() throws Exception {
// re-grant READ in order to have an ACL-node
Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
JackrabbitAccessControlList tmpl = allow(path, privileges);
String policyPath = tmpl.getPath() + "/rep:policy";
// make sure the 'rep:policy' node has been created.
assertTrue(superuser.itemExists(policyPath));
/*
Testuser must still have READ-only access only and must not be
allowed to view the acl-node nor any item in the subtree that
has been created.
*/
assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_READ_ACCESS_CONTROL)));
assertFalse(testSession.itemExists(policyPath));
assertFalse(testSession.nodeExists(policyPath));
try {
testSession.getNode(policyPath);
fail("Accessing the rep:policy node must throw PathNotFoundException.");
} catch (PathNotFoundException e) {
// ok.
}
try {
testAcMgr.getPolicies(tmpl.getPath());
fail("test user must not have READ_AC privilege.");
} catch (AccessDeniedException e) {
// success
}
try {
testAcMgr.getEffectivePolicies(tmpl.getPath());
fail("test user must not have READ_AC privilege.");
} catch (AccessDeniedException e) {
// success
}
for (NodeIterator aceNodes = superuser.getNode(policyPath).getNodes(); aceNodes.hasNext(); ) {
Node aceNode = aceNodes.nextNode();
String aceNodePath = aceNode.getPath();
assertFalse(testSession.nodeExists(aceNodePath));
for (PropertyIterator it = aceNode.getProperties(); it.hasNext(); ) {
assertFalse(testSession.propertyExists(it.nextProperty().getPath()));
}
}
}
Aggregations