Search in sources :

Example 21 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.

the class JsonDiffHandlerImportTest method testUpdatePolicyNode.

/**
     * Test adding 'rep:policy' policy node as a child node of /testroot without
     * intermediate node.
     */
public void testUpdatePolicyNode() throws Exception {
    try {
        AccessControlUtils.addAccessControlEntry(superuser, testRoot, EveryonePrincipal.getInstance(), new String[] { Privilege.JCR_READ }, false);
        JsonDiffHandler handler = new JsonDiffHandler(superuser, testRoot, null);
        new DiffParser(handler).parse(JSOP_POLICY_TREE);
        assertTrue(testRootNode.hasNode("rep:policy"));
        assertTrue(testRootNode.getNode("rep:policy").getDefinition().isProtected());
        assertTrue(testRootNode.getNode("rep:policy").getPrimaryNodeType().getName().equals("rep:ACL"));
        assertPolicy(acMgr, testRootNode, 1);
        AccessControlEntry entry = ((AccessControlList) acMgr.getPolicies(testRoot)[0]).getAccessControlEntries()[0];
        assertEquals(EveryonePrincipal.NAME, entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 22 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class ImportBesteffortTest method testImportUnknownPrincipal.

@Test
public void testImportUnknownPrincipal() throws Exception {
    runImport();
    AccessControlManager acMgr = adminSession.getAccessControlManager();
    AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
    assertEquals(1, policies.length);
    assertTrue(policies[0] instanceof JackrabbitAccessControlList);
    AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
    assertEquals(1, entries.length);
    AccessControlEntry entry = entries[0];
    assertEquals("unknownprincipal", entry.getPrincipal().getName());
    assertEquals(1, entry.getPrivileges().length);
    assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
    if (entry instanceof JackrabbitAccessControlEntry) {
        assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Test(org.junit.Test)

Example 23 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class AccessControlImporterTest method testImportPolicyExists.

/**
     * Imports a resource-based ACL containing a single entry for a policy that
     * already exists: expected outcome its that the existing ACE is replaced.
     */
public void testImportPolicyExists() throws Exception {
    try {
        Node target = createImportTargetWithPolicy(EveryonePrincipal.getInstance());
        doImport(target.getPath(), XML_POLICY_TREE_2);
        AccessControlManager acMgr = superuser.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals(EveryonePrincipal.getInstance(), entry.getPrincipal());
        List<Privilege> privs = Arrays.asList(entry.getPrivileges());
        assertEquals(1, privs.size());
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Node(javax.jcr.Node) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 24 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class ImmutableACLTest method testImmutable.

@Test
public void testImmutable() throws Exception {
    List<JackrabbitAccessControlEntry> entries = new ArrayList();
    entries.add(createEntry(true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES));
    entries.add(createEntry(false, PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT));
    JackrabbitAccessControlList acl = createACL(entries);
    assertFalse(acl.isEmpty());
    assertEquals(2, acl.size());
    assertEquals(getTestPath(), acl.getPath());
    assertImmutable(acl);
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) ArrayList(java.util.ArrayList) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Test(org.junit.Test)

Example 25 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class L2_AccessControlManagerTest method testSetPolicy.

public void testSetPolicy() throws RepositoryException {
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testRoot);
    assertTrue(acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ), false));
    // EXERCISE: fix the test.
    assertFalse(acMgr.getApplicablePolicies(testRoot).hasNext());
    AccessControlPolicy[] policies = acMgr.getPolicies(testRoot);
    assertEquals(1, policies.length);
    assertTrue(policies[0] instanceof JackrabbitAccessControlList);
    JackrabbitAccessControlList acl2 = (JackrabbitAccessControlList) policies[0];
    assertFalse(acl2.isEmpty());
    assertEquals(1, acl2.size());
    AccessControlEntry ace = acl2.getAccessControlEntries()[0];
    assertTrue(ace instanceof JackrabbitAccessControlEntry);
    assertEquals(testPrincipal, ace.getPrincipal());
    assertFalse(((JackrabbitAccessControlEntry) ace).isAllow());
}
Also used : AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Aggregations

JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)48 AccessControlEntry (javax.jcr.security.AccessControlEntry)30 Privilege (javax.jcr.security.Privilege)25 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)19 Principal (java.security.Principal)16 Value (javax.jcr.Value)14 Test (org.junit.Test)12 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)11 AccessControlManager (javax.jcr.security.AccessControlManager)10 ArrayList (java.util.ArrayList)6 HashMap (java.util.HashMap)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 InputStream (java.io.InputStream)5 RepositoryException (javax.jcr.RepositoryException)5 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)5 ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)5 NodeImpl (org.apache.jackrabbit.core.NodeImpl)5 Node (javax.jcr.Node)4 AccessControlException (javax.jcr.security.AccessControlException)4 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)4