Search in sources :

Example 16 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class PrivilegeManagerTest method testGetPrivilege.

@Test
public void testGetPrivilege() throws RepositoryException {
    Set<String> aggregatedPrivilegeNames = ImmutableSet.of("jcr:read", "jcr:modifyProperties", "jcr:write", "rep:write", "jcr:all");
    for (Privilege priv : privilegeManager.getRegisteredPrivileges()) {
        String privName = priv.getName();
        boolean isAggregate = aggregatedPrivilegeNames.contains(privName);
        assertPrivilege(priv, privName, isAggregate, false);
    }
}
Also used : Privilege(javax.jcr.security.Privilege) Test(org.junit.Test)

Example 17 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class L3_PrecedenceRulesTest method testAceOrder.

public void testAceOrder() throws RepositoryException {
    assertFalse(testSession.nodeExists(testRoot));
    Privilege[] readPrivs = AccessControlUtils.privilegesFromNames(superuser, Privilege.JCR_READ);
    // EXERCISE: fix the permission setup such that the test success without dropping either ACE
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(superuser, testRoot);
    acl.addEntry(testGroupPrincipal, readPrivs, true);
    acl.addEntry(EveryonePrincipal.getInstance(), readPrivs, false);
    superuser.getAccessControlManager().setPolicy(acl.getPath(), acl);
    superuser.save();
    testSession.refresh(false);
    assertTrue(testSession.nodeExists(testRoot));
    assertTrue(testSession.propertyExists(propertyPath));
}
Also used : Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 18 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class L4_PrivilegesAndPermissionsTest method testAddNodes.

public void testAddNodes() throws Exception {
    // grant the test principal jcr:addChildNode privilege at 'childPath'
    AccessControlUtils.addAccessControlEntry(superuser, childPath, testPrincipal, new String[] { Privilege.JCR_ADD_CHILD_NODES }, true);
    superuser.save();
    Session userSession = createTestSession();
    // EXERCISE: fill in the expected return values for Session.hasPermission as performed below
    // EXERCISE: verify that the test passes and explain the individual results
    Map<String, Boolean> pathHasPermissionMap = ImmutableMap.of(testRootNode.getPath(), null, childPath, null, childPath + "/toCreate", null, grandChildPath + "/nextGeneration", null, propertyPath, null);
    for (String path : pathHasPermissionMap.keySet()) {
        boolean expectedHasPermission = pathHasPermissionMap.get(path);
        assertEquals(expectedHasPermission, userSession.hasPermission(path, Session.ACTION_ADD_NODE));
    }
    // EXERCISE: fill in the expected return values for AccessControlManager#getPrivileges as performed below
    // EXERCISE: verify that the test passes and compare the results with your findings from the permission-discovery
    Map<String, Privilege[]> pathPrivilegesMap = ImmutableMap.of(testRootNode.getPath(), null, childPath, null, childPath + "/toCreate", null, grandChildPath + "/nextGeneration", null);
    for (String path : pathPrivilegesMap.keySet()) {
        Privilege[] expectedPrivileges = pathPrivilegesMap.get(path);
        assertEquals(ImmutableSet.of(expectedPrivileges), ImmutableSet.of(userSession.getAccessControlManager().getPrivileges(path)));
    }
// EXERCISE: optionally add nodes at the expected allowed path(s)
// EXERCISE: using 'userSession' to verify that it actually works and
// EXERCISE: save the changes to trigger the evaluation
}
Also used : Privilege(javax.jcr.security.Privilege) Session(javax.jcr.Session) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)

Example 19 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class L4_PrivilegesAndPermissionsTest method testRemoveNodes.

public void testRemoveNodes() throws Exception {
    // EXERCISE: setup the correct set of privileges such that the test passes
    superuser.save();
    Map<String, Boolean> pathHasPermissionMap = ImmutableMap.of(testRootNode.getPath(), false, childPath, false, grandChildPath, true);
    Session userSession = createTestSession();
    for (String path : pathHasPermissionMap.keySet()) {
        boolean expectedHasPermission = pathHasPermissionMap.get(path);
        assertEquals(expectedHasPermission, userSession.hasPermission(path, Session.ACTION_REMOVE));
    }
    AccessControlManager acMgr = userSession.getAccessControlManager();
    assertFalse(acMgr.hasPrivileges(childPath, new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_REMOVE_NODE) }));
    userSession.getNode(grandChildPath).remove();
    userSession.save();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Privilege(javax.jcr.security.Privilege) Session(javax.jcr.Session) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)

Example 20 with Privilege

use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.

the class L7_PrivilegeDiscoveryTest method testGetPrivilegesForPrincipalsUserSession.

public void testGetPrivilegesForPrincipalsUserSession() throws Exception {
    JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) userSession.getAccessControlManager();
    // EXERCISE: complete the test case and explain the behaviour
    Privilege[] privs = acMgr.getPrivileges(testPath, ImmutableSet.of(gPrincipal));
    Set<Privilege> expectedPrivs = null;
    assertEquals(expectedPrivs, ImmutableSet.copyOf(privs));
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) Privilege(javax.jcr.security.Privilege)

Aggregations

Privilege (javax.jcr.security.Privilege)336 Test (org.junit.Test)95 AccessControlManager (javax.jcr.security.AccessControlManager)94 Session (javax.jcr.Session)80 Principal (java.security.Principal)63 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)60 Node (javax.jcr.Node)54 AccessControlEntry (javax.jcr.security.AccessControlEntry)52 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)39 Value (javax.jcr.Value)31 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)31 HashMap (java.util.HashMap)28 AccessDeniedException (javax.jcr.AccessDeniedException)26 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)26 AccessControlList (javax.jcr.security.AccessControlList)25 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)25 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)24 ArrayList (java.util.ArrayList)23 HashSet (java.util.HashSet)21 AccessControlException (javax.jcr.security.AccessControlException)21