Example 31 with JackrabbitAccessControlEntry
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.
the class AccessControlImporterTest method testImportACLOnly.
/**
* Imports a resource-based ACL containing a single entry.
*
* @throws Exception
*/
public void testImportACLOnly() throws Exception {
try {
NodeImpl target = (NodeImpl) testRootNode.addNode(nodeName1);
target.addMixin("rep:AccessControllable");
InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_3.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
String path = target.getPath();
AccessControlManager acMgr = sImpl.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(path);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(2, entries.length);
AccessControlEntry entry = entries[0];
assertEquals("everyone", entry.getPrincipal().getName());
assertEquals(1, entry.getPrivileges().length);
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
entry = entries[1];
assertEquals("admin", entry.getPrincipal().getName());
assertEquals(1, entry.getPrivileges().length);
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
} finally {
superuser.refresh(false);
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Example 32 with JackrabbitAccessControlEntry
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.
the class AbstractACLTemplateTest method testEffect2.
public void testEffect2() throws RepositoryException, NotExecutableException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
pt.addEntry(testPrincipal, privilegesFromName(Privilege.JCR_READ), true, Collections.<String, Value>emptyMap());
// same entry but with revers 'isAllow' flag
assertTrue(pt.addEntry(testPrincipal, privilegesFromName(Privilege.JCR_READ), false, Collections.<String, Value>emptyMap()));
// test net-effect
PrivilegeBits allows = PrivilegeBits.getInstance();
PrivilegeBits denies = PrivilegeBits.getInstance();
AccessControlEntry[] entries = pt.getAccessControlEntries();
for (AccessControlEntry ace : entries) {
if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
PrivilegeBits entryBits = privilegeMgr.getBits(ace.getPrivileges());
if (((JackrabbitAccessControlEntry) ace).isAllow()) {
allows.addDifference(entryBits, denies);
} else {
denies.addDifference(entryBits, allows);
}
}
}
assertTrue(allows.isEmpty());
assertEquals(privilegeMgr.getBits(privilegesFromName(Privilege.JCR_READ)), denies);
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
Value(javax.jcr.Value)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 33 with JackrabbitAccessControlEntry
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.
the class AbstractACLTemplateTest method testRemoveInvalidEntry2.
public void testRemoveInvalidEntry2() throws RepositoryException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
try {
pt.removeAccessControlEntry(new JackrabbitAccessControlEntry() {
public boolean isAllow() {
return false;
}
public int getPrivilegeBits() {
return 0;
}
public String[] getRestrictionNames() {
return new String[0];
}
public Value getRestriction(String restrictionName) {
return null;
}
public Value[] getRestrictions(String restrictionName) throws RepositoryException {
return null;
}
public Principal getPrincipal() {
return testPrincipal;
}
public Privilege[] getPrivileges() {
return new Privilege[0];
}
});
fail("Passing a ACE with invalid privileges should fail");
} catch (AccessControlException e) {
// success
}
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
Value(javax.jcr.Value)
AccessControlException(javax.jcr.security.AccessControlException)
RepositoryException(javax.jcr.RepositoryException)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
Example 34 with JackrabbitAccessControlEntry
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.
the class AbstractEntryTest method testNotEquals.
public void testNotEquals() throws RepositoryException, NotExecutableException {
JackrabbitAccessControlEntry ace = createEntry(new String[] { Privilege.JCR_ALL }, true);
List<JackrabbitAccessControlEntry> otherAces = new ArrayList<JackrabbitAccessControlEntry>();
try {
// ACE template with different principal
Principal princ = new Principal() {
public String getName() {
return "a name";
}
};
Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) };
otherAces.add(createEntry(princ, privs, true));
} catch (RepositoryException e) {
}
// ACE template with different privileges
try {
otherAces.add(createEntry(new String[] { Privilege.JCR_READ }, true));
} catch (RepositoryException e) {
}
// ACE template with different 'allow' flag
try {
otherAces.add(createEntry(new String[] { Privilege.JCR_ALL }, false));
} catch (RepositoryException e) {
}
// ACE template with different privileges and 'allows
try {
otherAces.add(createEntry(new String[] { PrivilegeRegistry.REP_WRITE }, false));
} catch (RepositoryException e) {
}
// other ace impl
final Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) };
JackrabbitAccessControlEntry pe = new JackrabbitAccessControlEntry() {
public boolean isAllow() {
return true;
}
public String[] getRestrictionNames() {
return new String[0];
}
public Value getRestriction(String restrictionName) {
return null;
}
public Value[] getRestrictions(String restrictionName) throws RepositoryException {
return null;
}
public Principal getPrincipal() {
return testPrincipal;
}
public Privilege[] getPrivileges() {
return privs;
}
};
otherAces.add(pe);
for (JackrabbitAccessControlEntry otherAce : otherAces) {
assertFalse(ace.equals(otherAce));
}
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
ArrayList(java.util.ArrayList)
Value(javax.jcr.Value)
RepositoryException(javax.jcr.RepositoryException)
Privilege(javax.jcr.security.Privilege)
Principal(java.security.Principal)
Example 35 with JackrabbitAccessControlEntry
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.
the class AbstractEntryTest method testGetPrivilegeBits.
public void testGetPrivilegeBits() throws RepositoryException, NotExecutableException {
JackrabbitAccessControlEntry tmpl = createEntry(new String[] { Privilege.JCR_READ }, true);
assertEquals(1, tmpl.getPrivileges().length);
assertEquals(getAccessControlManager(superuser).privilegeFromName(Privilege.JCR_READ), tmpl.getPrivileges()[0]);
tmpl = createEntry(new String[] { PrivilegeRegistry.REP_WRITE }, true);
assertEquals(getAccessControlManager(superuser).privilegeFromName(PrivilegeRegistry.REP_WRITE), tmpl.getPrivileges()[0]);
}
Also used :
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
Aggregations
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)48
AccessControlEntry (javax.jcr.security.AccessControlEntry)30
Privilege (javax.jcr.security.Privilege)25
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)19
Principal (java.security.Principal)16
Value (javax.jcr.Value)14
Test (org.junit.Test)12
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)11
AccessControlManager (javax.jcr.security.AccessControlManager)10
ArrayList (java.util.ArrayList)6
HashMap (java.util.HashMap)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
InputStream (java.io.InputStream)5
RepositoryException (javax.jcr.RepositoryException)5
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)5
ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)5
NodeImpl (org.apache.jackrabbit.core.NodeImpl)5
Node (javax.jcr.Node)4
AccessControlException (javax.jcr.security.AccessControlException)4
EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)4
