Search in sources :

Example 71 with JsonObject

use of javax.json.JsonObject in project sling by apache.

the class PostServletPrivilegesUpdateTest method testUpdatePropertyPrivilegesAndEvents.

/**
     * Test for SLING-897 fix: 
     * 1. Updating a property requires jcr:modifyProperties privilege on node.
     * 2. When changing an existing property observers should receive a PROPERTY_CHANGED event instead 
     *     of a PROPERTY_REMOVED event and a PROPERTY_ADDED event
     */
@Test
// TODO fails on jackrabbit 2.6.5 and on Oak
@Ignore
public void testUpdatePropertyPrivilegesAndEvents() throws IOException, JsonException, RepositoryException, InterruptedException {
    //1. Create user as admin (OK)
    // curl -F:name=myuser -Fpwd=password -FpwdConfirm=password http://admin:admin@localhost:8080/system/userManager/user.create.html
    testUserId = H.createTestUser();
    //2. Create node as admin (OK)
    // curl -F:nameHint=node -FpropOne=propOneValue1 -FpropOne=propOneValue2 -FpropTwo=propTwoValue http://admin:admin@localhost:8080/test/
    final String createTestNodeUrl = postUrl + SlingPostConstants.DEFAULT_CREATE_SUFFIX;
    NameValuePairList clientNodeProperties = new NameValuePairList();
    clientNodeProperties.add(SlingPostConstants.RP_NODE_NAME_HINT, testName.getMethodName());
    clientNodeProperties.add("propOne", "propOneValue1");
    clientNodeProperties.add("propOne", "propOneValue2");
    clientNodeProperties.add("propTwo", "propTwoValue");
    String testNodeUrl = H.getTestClient().createNode(createTestNodeUrl, clientNodeProperties, null, false);
    String content = H.getContent(testNodeUrl + ".json", HttpTest.CONTENT_TYPE_JSON);
    JsonObject json = JsonUtil.parseObject(content);
    Object propOneObj = json.get("propOne");
    assertTrue(propOneObj instanceof JsonArray);
    assertEquals(2, ((JsonArray) propOneObj).size());
    assertEquals("propOneValue1", ((JsonArray) propOneObj).getString(0));
    assertEquals("propOneValue2", ((JsonArray) propOneObj).getString(1));
    Object propTwoObj = json.get("propTwo");
    assertTrue(propTwoObj instanceof JsonString);
    assertEquals("propTwoValue", ((JsonString) propTwoObj).getString());
    //3. Attempt to update property of node as testUser (500: javax.jcr.AccessDeniedException: /test/node/propOne: not allowed to add or modify item)
    // curl -FpropOne=propOneValueChanged -FpropTwo=propTwoValueChanged1 -FpropTwo=propTwoValueChanged2 http://myuser:password@localhost:8080/test/node
    List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("propOne", "propOneValueChanged"));
    postParams.add(new NameValuePair("propTwo", "propTwoValueChanged1"));
    postParams.add(new NameValuePair("propTwo", "propTwoValueChanged2"));
    Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
    String expectedMessage = "Expected javax.jcr.AccessDeniedException";
    H.assertAuthenticatedPostStatus(testUserCreds, testNodeUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, expectedMessage);
    //4. Grant jcr:modifyProperties rights to testUser as admin (OK)
    // curl -FprincipalId=myuser -Fprivilege@jcr:modifyProperties=granted http://admin:admin@localhost:8080/test/node.modifyAce.html
    Map<String, String> nodeAceProperties = new HashMap<String, String>();
    nodeAceProperties.put("principalId", testUserId);
    nodeAceProperties.put("privilege@jcr:modifyProperties", "granted");
    H.getTestClient().createNode(testNodeUrl + ".modifyAce.html", nodeAceProperties);
    //use a davex session to verify the correct JCR events are delivered
    Repository repository = JcrUtils.getRepository(HttpTest.HTTP_BASE_URL + "/server/");
    Session jcrSession = null;
    TestEventListener listener = new TestEventListener();
    ObservationManager observationManager = null;
    try {
        jcrSession = repository.login(new SimpleCredentials("admin", "admin".toCharArray()));
        observationManager = jcrSession.getWorkspace().getObservationManager();
        String testNodePath = testNodeUrl.substring(HttpTest.HTTP_BASE_URL.length());
        observationManager.addEventListener(listener, //event types
        Event.PROPERTY_ADDED | Event.PROPERTY_CHANGED | Event.PROPERTY_REMOVED, //absPath
        testNodePath, //isDeep 
        true, //uuid
        null, //nodeTypeName
        null, //noLocal
        false);
        //5. Attempt to update properties of node (OK)
        // curl -FpropOne=propOneValueChanged -FpropTwo=propTwoValueChanged1 -FpropTwo=propTwoValueChanged2 http://myuser:password@localhost:8080/test/node
        H.assertAuthenticatedPostStatus(testUserCreds, testNodeUrl, HttpServletResponse.SC_OK, postParams, expectedMessage);
        //verify the change happened
        String afterUpdateContent = H.getContent(testNodeUrl + ".json", HttpTest.CONTENT_TYPE_JSON);
        JsonObject afterUpdateJson = JsonUtil.parseObject(afterUpdateContent);
        Object afterUpdatePropOneObj = afterUpdateJson.get("propOne");
        assertTrue(afterUpdatePropOneObj instanceof JsonArray);
        assertEquals(1, ((JsonArray) afterUpdatePropOneObj).size());
        assertEquals("propOneValueChanged", ((JsonArray) afterUpdatePropOneObj).getString(0));
        Object afterUpdatePropTwoObj = afterUpdateJson.get("propTwo");
        assertTrue(afterUpdatePropTwoObj instanceof JsonArray);
        assertEquals(2, ((JsonArray) afterUpdatePropTwoObj).size());
        assertEquals("propTwoValueChanged1", ((JsonArray) afterUpdatePropTwoObj).getString(0));
        assertEquals("propTwoValueChanged2", ((JsonArray) afterUpdatePropTwoObj).getString(1));
        //wait for the expected JCR events to be delivered
        for (int second = 0; second < 15; second++) {
            if (listener.getEventBundlesProcessed() > 0) {
                break;
            }
            Thread.sleep(1000);
        }
        assertEquals("One property added event was expected: " + listener.toString(), 1, listener.addedProperties.size());
        assertEquals(testNodePath + "/propTwo", listener.addedProperties.get(0));
        assertEquals("One property removed event was expected: " + listener.toString(), 1, listener.removedProperties.size());
        assertEquals(testNodePath + "/propTwo", listener.removedProperties.get(0));
        assertEquals("One property changed event was expected: " + listener.toString(), 1, listener.changedProperties.size());
        assertEquals(testNodePath + "/propOne", listener.changedProperties.get(0));
    } finally {
        //cleanup
        if (observationManager != null) {
            observationManager.removeEventListener(listener);
        }
        jcrSession.logout();
        repository = null;
    }
}
Also used : NameValuePair(org.apache.commons.httpclient.NameValuePair) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) JsonObject(javax.json.JsonObject) ObservationManager(javax.jcr.observation.ObservationManager) JsonString(javax.json.JsonString) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) JsonArray(javax.json.JsonArray) SimpleCredentials(javax.jcr.SimpleCredentials) Repository(javax.jcr.Repository) JsonObject(javax.json.JsonObject) NameValuePairList(org.apache.sling.commons.testing.integration.NameValuePairList) JsonString(javax.json.JsonString) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) Credentials(org.apache.commons.httpclient.Credentials) SimpleCredentials(javax.jcr.SimpleCredentials) Session(javax.jcr.Session) Ignore(org.junit.Ignore) HttpTest(org.apache.sling.commons.testing.integration.HttpTest) Test(org.junit.Test)

Example 72 with JsonObject

use of javax.json.JsonObject in project sling by apache.

the class UserPrivilegesInfoTest method testCanAddUser.

/**
	 * Checks whether the current user has been granted privileges
	 * to add a new user.
	 */
@Test
public void testCanAddUser() throws JsonException, IOException {
    testUserId = H.createTestUser();
    String getUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".privileges-info.json";
    //fetch the JSON for the test page to verify the settings.
    Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
    String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
    JsonObject jsonObj = JsonUtil.parseObject(json);
    assertEquals(false, jsonObj.getBoolean("canAddUser"));
}
Also used : JsonObject(javax.json.JsonObject) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) Credentials(org.apache.commons.httpclient.Credentials) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) HttpTest(org.apache.sling.commons.testing.integration.HttpTest) Test(org.junit.Test)

Example 73 with JsonObject

use of javax.json.JsonObject in project sling by apache.

the class UserPrivilegesInfoTest method testCanUpdateGroupProperties.

/**
	 * Checks whether the current user has been granted privileges
	 * to update the properties of the specified group.
	 */
@Test
public void testCanUpdateGroupProperties() throws IOException, JsonException {
    testGroupId = H.createTestGroup();
    testUserId = H.createTestUser();
    //1. Verify non admin user can not update group properties
    String getUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".privileges-info.json";
    //fetch the JSON for the test page to verify the settings.
    Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
    String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
    JsonObject jsonObj = JsonUtil.parseObject(json);
    //normal user can not update group properties
    assertEquals(false, jsonObj.getBoolean("canUpdateProperties"));
}
Also used : JsonObject(javax.json.JsonObject) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) Credentials(org.apache.commons.httpclient.Credentials) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) HttpTest(org.apache.sling.commons.testing.integration.HttpTest) Test(org.junit.Test)

Example 74 with JsonObject

use of javax.json.JsonObject in project sling by apache.

the class UserPrivilegesInfoTest method testCanRemoveGroup.

/**
	 * Checks whether the current user has been granted privileges
	 * to remove the specified group.
	 */
@Test
public void testCanRemoveGroup() throws IOException, JsonException {
    testGroupId = H.createTestGroup();
    testUserId = H.createTestUser();
    //1. Verify non admin user can not remove group
    String getUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".privileges-info.json";
    //fetch the JSON for the test page to verify the settings.
    Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
    String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
    JsonObject jsonObj = JsonUtil.parseObject(json);
    //normal user can not remove group
    assertEquals(false, jsonObj.getBoolean("canRemove"));
}
Also used : JsonObject(javax.json.JsonObject) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) Credentials(org.apache.commons.httpclient.Credentials) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) HttpTest(org.apache.sling.commons.testing.integration.HttpTest) Test(org.junit.Test)

Example 75 with JsonObject

use of javax.json.JsonObject in project sling by apache.

the class UserPrivilegesInfoTest method testCanUpdateGroupMembers.

/**
	 * Checks whether the current user has been granted privileges
	 * to update the membership of the specified group.
	 */
@Test
public void testCanUpdateGroupMembers() throws IOException, JsonException {
    testGroupId = H.createTestGroup();
    testUserId = H.createTestUser();
    //1. Verify non admin user can not update group membership
    String getUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".privileges-info.json";
    //fetch the JSON for the test page to verify the settings.
    Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
    String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
    JsonObject jsonObj = JsonUtil.parseObject(json);
    //normal user can not remove group
    assertEquals(false, jsonObj.getBoolean("canUpdateGroupMembers"));
}
Also used : JsonObject(javax.json.JsonObject) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) Credentials(org.apache.commons.httpclient.Credentials) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials) HttpTest(org.apache.sling.commons.testing.integration.HttpTest) Test(org.junit.Test)

Aggregations

JsonObject (javax.json.JsonObject)302 Test (org.junit.Test)110 JsonArray (javax.json.JsonArray)97 HashMap (java.util.HashMap)68 StringReader (java.io.StringReader)66 ArrayList (java.util.ArrayList)58 Credentials (org.apache.commons.httpclient.Credentials)52 UsernamePasswordCredentials (org.apache.commons.httpclient.UsernamePasswordCredentials)52 JsonString (javax.json.JsonString)50 JsonReader (javax.json.JsonReader)49 NameValuePair (org.apache.commons.httpclient.NameValuePair)43 HttpTest (org.apache.sling.commons.testing.integration.HttpTest)41 HashSet (java.util.HashSet)20 Map (java.util.Map)20 JsonException (javax.json.JsonException)20 JsonObjectBuilder (javax.json.JsonObjectBuilder)20 Response (javax.ws.rs.core.Response)19 LinkedHashMap (java.util.LinkedHashMap)17 JsonValue (javax.json.JsonValue)14 StringWriter (java.io.StringWriter)13