Search in sources :

Example 11 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.

the class ACLTemplateTest method testUpdateEntry.

public void testUpdateEntry() throws RepositoryException, NotExecutableException {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ);
    Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
    Principal principal2 = principalMgr.getEveryone();
    pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions);
    pt.addEntry(principal2, readPriv, true, emptyRestrictions);
    pt.addEntry(testPrincipal, writePriv, false, emptyRestrictions);
    // adding an entry that should update the existing allow-entry for everyone.
    pt.addEntry(principal2, writePriv, true, emptyRestrictions);
    AccessControlEntry[] entries = pt.getAccessControlEntries();
    assertEquals(3, entries.length);
    JackrabbitAccessControlEntry princ2AllowEntry = (JackrabbitAccessControlEntry) entries[1];
    assertEquals(principal2, princ2AllowEntry.getPrincipal());
    assertTrue(princ2AllowEntry.isAllow());
    assertSamePrivileges(new Privilege[] { readPriv[0], writePriv[0] }, princ2AllowEntry.getPrivileges());
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal)

Example 12 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.

the class JackrabbitAccessControlListTest method testAddEntry2.

public void testAddEntry2() throws NotExecutableException, RepositoryException {
    Principal princ = getValidPrincipal();
    Privilege[] privs = privilegesFromName(PrivilegeRegistry.REP_WRITE);
    templ.addEntry(princ, privs, true, Collections.<String, Value>emptyMap());
    AccessControlEntry[] entries = templ.getAccessControlEntries();
    assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0);
    PrivilegeBits allows = PrivilegeBits.getInstance();
    for (AccessControlEntry en : entries) {
        PrivilegeBits bits = privilegeMgr.getBits(en.getPrivileges());
        if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
            allows.add(bits);
        }
    }
    assertTrue("After successfully granting WRITE, the entries must reflect this", allows.includes(privilegeMgr.getBits(privs)));
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal)

Example 13 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class ACLTest method testNewEntriesAppendedAtEnd.

@Test
public void testNewEntriesAppendedAtEnd() throws Exception {
    Privilege[] readPriv = privilegesFromNames(JCR_READ);
    Privilege[] writePriv = privilegesFromNames(JCR_WRITE);
    acl.addEntry(testPrincipal, readPriv, true);
    acl.addEntry(principalManager.getEveryone(), readPriv, true);
    acl.addEntry(testPrincipal, writePriv, false);
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    assertEquals(3, entries.length);
    JackrabbitAccessControlEntry last = (JackrabbitAccessControlEntry) entries[2];
    assertEquals(testPrincipal, last.getPrincipal());
    assertACE(last, false, writePriv);
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) Test(org.junit.Test)

Example 14 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class ACLTest method testComplementaryGroupEntry.

@Test
public void testComplementaryGroupEntry() throws Exception {
    Privilege[] readPriv = privilegesFromNames(JCR_READ);
    Privilege[] writePriv = privilegesFromNames(JCR_WRITE);
    Principal everyone = principalManager.getEveryone();
    acl.addEntry(testPrincipal, readPriv, true);
    acl.addEntry(everyone, readPriv, true);
    acl.addEntry(testPrincipal, writePriv, false);
    acl.addEntry(everyone, writePriv, true);
    // entry complementary to the first entry
    // -> must remove the allow-READ entry and update the deny-WRITE entry.
    acl.addEntry(testPrincipal, readPriv, false);
    AccessControlEntry[] entries = acl.getAccessControlEntries();
    assertEquals(2, entries.length);
    JackrabbitAccessControlEntry first = (JackrabbitAccessControlEntry) entries[0];
    assertEquals(everyone, first.getPrincipal());
    JackrabbitAccessControlEntry second = (JackrabbitAccessControlEntry) entries[1];
    assertEquals(testPrincipal, second.getPrincipal());
    assertACE(second, false, privilegesFromNames(JCR_READ, JCR_WRITE));
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Test(org.junit.Test)

Example 15 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class ACLTest method testReorderToTheEnd.

@Test
public void testReorderToTheEnd() throws Exception {
    Privilege[] read = privilegesFromNames(JCR_READ, JCR_READ_ACCESS_CONTROL);
    Privilege[] write = privilegesFromNames(JCR_WRITE);
    AbstractAccessControlList acl = createEmptyACL();
    acl.addAccessControlEntry(testPrincipal, read);
    acl.addEntry(testPrincipal, write, false);
    acl.addAccessControlEntry(EveryonePrincipal.getInstance(), write);
    List<? extends JackrabbitAccessControlEntry> entries = acl.getEntries();
    assertEquals(3, entries.size());
    AccessControlEntry first = entries.get(0);
    acl.orderBefore(first, null);
    List<? extends JackrabbitAccessControlEntry> entriesAfter = acl.getEntries();
    assertEquals(first, entriesAfter.get(2));
}
Also used : AbstractAccessControlList(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlList) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) Test(org.junit.Test)

Aggregations

JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)48 AccessControlEntry (javax.jcr.security.AccessControlEntry)30 Privilege (javax.jcr.security.Privilege)25 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)19 Principal (java.security.Principal)16 Value (javax.jcr.Value)14 Test (org.junit.Test)12 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)11 AccessControlManager (javax.jcr.security.AccessControlManager)10 ArrayList (java.util.ArrayList)6 HashMap (java.util.HashMap)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 InputStream (java.io.InputStream)5 RepositoryException (javax.jcr.RepositoryException)5 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)5 ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)5 NodeImpl (org.apache.jackrabbit.core.NodeImpl)5 Node (javax.jcr.Node)4 AccessControlException (javax.jcr.security.AccessControlException)4 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)4