use of org.apache.commons.httpclient.UsernamePasswordCredentials in project sling by apache.
the class GetNodeContentCommand method execute.
@Override
public Result<ResourceProxy> execute() {
GetMethod get = new GetMethod(getPath());
try {
httpClient.getParams().setAuthenticationPreemptive(true);
Credentials defaultcreds = new UsernamePasswordCredentials(repositoryInfo.getUsername(), repositoryInfo.getPassword());
httpClient.getState().setCredentials(new AuthScope(repositoryInfo.getHost(), repositoryInfo.getPort(), AuthScope.ANY_REALM), defaultcreds);
int responseStatus = httpClient.executeMethod(get);
// return EncodingUtil.getString(rawdata, m.getResponseCharSet());
if (!isSuccessStatus(responseStatus))
return failureResultForStatusCode(responseStatus);
ResourceProxy resource = new ResourceProxy(path);
try (JsonReader jsonReader = new JsonReader(new InputStreamReader(get.getResponseBodyAsStream(), get.getResponseCharSet()))) {
jsonReader.beginObject();
while (jsonReader.hasNext()) {
String name = jsonReader.nextName();
JsonToken token = jsonReader.peek();
if (token == JsonToken.STRING) {
resource.addProperty(name, jsonReader.nextString());
} else {
jsonReader.skipValue();
}
}
jsonReader.endObject();
}
return AbstractResult.success(resource);
} catch (Exception e) {
return AbstractResult.failure(new RepositoryException(e));
} finally {
get.releaseConnection();
}
}
use of org.apache.commons.httpclient.UsernamePasswordCredentials in project sling by apache.
the class UpdateContentCommand method execute.
@Override
public Result<Void> execute() {
PostMethod post = new PostMethod(getPath());
try {
List<Part> parts = new ArrayList<>();
for (Map.Entry<String, Object> property : properties.entrySet()) {
if (ProtectedNodes.exists(property.getKey())) {
continue;
}
Object propValue = property.getValue();
if (propValue instanceof String) {
parts.add(new StringPart(property.getKey(), (String) propValue));
} else if (property != null) {
// TODO handle multi-valued properties
System.err.println("Unable to handle property " + property.getKey() + " of type " + property.getValue().getClass());
}
}
File f = new File(fileInfo.getLocation());
if (f.isFile()) {
parts.add(new FilePart(fileInfo.getName(), f));
}
post.setRequestEntity(new MultipartRequestEntity(parts.toArray(new Part[parts.size()]), post.getParams()));
httpClient.getState().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(repositoryInfo.getUsername(), repositoryInfo.getPassword()));
httpClient.getParams().setAuthenticationPreemptive(true);
int responseStatus = httpClient.executeMethod(post);
return resultForResponseStatus(responseStatus);
} catch (Exception e) {
return AbstractResult.failure(new RepositoryException(e));
} finally {
post.releaseConnection();
}
}
use of org.apache.commons.httpclient.UsernamePasswordCredentials in project sling by apache.
the class AccessPrivilegesInfoTest method testDeniedWriteForGroup.
/*
* group testuser granted read / denied write
*/
@Test
public void testDeniedWriteForGroup() throws IOException, JsonException {
testGroupId = H.createTestGroup();
testUserId = H.createTestUser();
testFolderUrl = H.createTestFolder();
Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin");
//add testUserId to testGroup
String groupPostUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".update.html";
List<NameValuePair> groupPostParams = new ArrayList<NameValuePair>();
groupPostParams.add(new NameValuePair(":member", testUserId));
H.assertAuthenticatedPostStatus(adminCreds, groupPostUrl, HttpServletResponse.SC_OK, groupPostParams, null);
//assign some privileges
String postUrl = testFolderUrl + ".modifyAce.html";
List<NameValuePair> postParams = new ArrayList<NameValuePair>();
postParams.add(new NameValuePair("principalId", testGroupId));
postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
postParams.add(new NameValuePair("privilege@jcr:readAccessControl", "granted"));
postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
H.assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null);
String getUrl = testFolderUrl + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JsonObject jsonObj = JsonUtil.parseObject(json);
assertEquals(false, jsonObj.getBoolean("canAddChildren"));
assertEquals(false, jsonObj.getBoolean("canDeleteChildren"));
assertEquals(false, jsonObj.getBoolean("canDelete"));
assertEquals(false, jsonObj.getBoolean("canModifyProperties"));
assertEquals(true, jsonObj.getBoolean("canReadAccessControl"));
assertEquals(false, jsonObj.getBoolean("canModifyAccessControl"));
}
use of org.apache.commons.httpclient.UsernamePasswordCredentials in project sling by apache.
the class AccessPrivilegesInfoTest method testDeniedWriteForUser.
/*
* testuser granted read / denied write
*/
@Test
public void testDeniedWriteForUser() throws IOException, JsonException {
testUserId = H.createTestUser();
testFolderUrl = H.createTestFolder();
//assign some privileges
String postUrl = testFolderUrl + ".modifyAce.html";
List<NameValuePair> postParams = new ArrayList<NameValuePair>();
postParams.add(new NameValuePair("principalId", testUserId));
postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
postParams.add(new NameValuePair("privilege@jcr:readAccessControl", "granted"));
postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin");
H.assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null);
String getUrl = testFolderUrl + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JsonObject jsonObj = JsonUtil.parseObject(json);
assertEquals(false, jsonObj.getBoolean("canAddChildren"));
assertEquals(false, jsonObj.getBoolean("canDeleteChildren"));
assertEquals(false, jsonObj.getBoolean("canDelete"));
assertEquals(false, jsonObj.getBoolean("canModifyProperties"));
assertEquals(true, jsonObj.getBoolean("canReadAccessControl"));
assertEquals(false, jsonObj.getBoolean("canModifyAccessControl"));
}
use of org.apache.commons.httpclient.UsernamePasswordCredentials in project sling by apache.
the class AccessPrivilegesInfoTest method testGrantedWriteForUser.
/*
* testuser granted read / granted write
*/
@Test
public void testGrantedWriteForUser() throws IOException, JsonException {
testUserId = H.createTestUser();
testFolderUrl = H.createTestFolder();
//assign some privileges
String postUrl = testFolderUrl + ".modifyAce.html";
List<NameValuePair> postParams = new ArrayList<NameValuePair>();
postParams.add(new NameValuePair("principalId", testUserId));
postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
postParams.add(new NameValuePair("privilege@jcr:readAccessControl", "granted"));
postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "granted"));
Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin");
H.assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null);
String getUrl = testFolderUrl + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JsonObject jsonObj = JsonUtil.parseObject(json);
assertEquals(true, jsonObj.getBoolean("canAddChildren"));
assertEquals(true, jsonObj.getBoolean("canDeleteChildren"));
//the parent node must also have jcr:removeChildren granted for 'canDelete' to be true
assertEquals(false, jsonObj.getBoolean("canDelete"));
assertEquals(true, jsonObj.getBoolean("canModifyProperties"));
assertEquals(true, jsonObj.getBoolean("canReadAccessControl"));
assertEquals(true, jsonObj.getBoolean("canModifyAccessControl"));
//add a child node to verify the 'canDelete' use case
String childFolderUrl = H.getTestClient().createNode(testFolderUrl + "/testFolder" + random.nextInt() + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null);
String childPostUrl = childFolderUrl + ".modifyAce.html";
postParams = new ArrayList<NameValuePair>();
postParams.add(new NameValuePair("principalId", testUserId));
postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
postParams.add(new NameValuePair("privilege@jcr:removeNode", "granted"));
H.assertAuthenticatedPostStatus(adminCreds, childPostUrl, HttpServletResponse.SC_OK, postParams, null);
String childGetUrl = childFolderUrl + ".privileges-info.json";
String childJson = H.getAuthenticatedContent(testUserCreds, childGetUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(childJson);
JsonObject childJsonObj = JsonUtil.parseObject(childJson);
assertEquals(true, childJsonObj.getBoolean("canDelete"));
}
Aggregations