Search in sources :

Example 31 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.

the class AccessControlImporterTest method testImportACLOnly.

/**
     * Imports a resource-based ACL containing a single entry.
     *
     * @throws Exception
     */
public void testImportACLOnly() throws Exception {
    try {
        NodeImpl target = (NodeImpl) testRootNode.addNode(nodeName1);
        target.addMixin("rep:AccessControllable");
        InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_3.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        String path = target.getPath();
        AccessControlManager acMgr = sImpl.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(path);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(2, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals("everyone", entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        entry = entries[1];
        assertEquals("admin", entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 32 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.

the class AbstractACLTemplateTest method testEffect2.

public void testEffect2() throws RepositoryException, NotExecutableException {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    pt.addEntry(testPrincipal, privilegesFromName(Privilege.JCR_READ), true, Collections.<String, Value>emptyMap());
    // same entry but with revers 'isAllow' flag
    assertTrue(pt.addEntry(testPrincipal, privilegesFromName(Privilege.JCR_READ), false, Collections.<String, Value>emptyMap()));
    // test net-effect
    PrivilegeBits allows = PrivilegeBits.getInstance();
    PrivilegeBits denies = PrivilegeBits.getInstance();
    AccessControlEntry[] entries = pt.getAccessControlEntries();
    for (AccessControlEntry ace : entries) {
        if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
            PrivilegeBits entryBits = privilegeMgr.getBits(ace.getPrivileges());
            if (((JackrabbitAccessControlEntry) ace).isAllow()) {
                allows.addDifference(entryBits, denies);
            } else {
                denies.addDifference(entryBits, allows);
            }
        }
    }
    assertTrue(allows.isEmpty());
    assertEquals(privilegeMgr.getBits(privilegesFromName(Privilege.JCR_READ)), denies);
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Value(javax.jcr.Value) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 33 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.

the class AbstractACLTemplateTest method testRemoveInvalidEntry2.

public void testRemoveInvalidEntry2() throws RepositoryException {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    try {
        pt.removeAccessControlEntry(new JackrabbitAccessControlEntry() {

            public boolean isAllow() {
                return false;
            }

            public int getPrivilegeBits() {
                return 0;
            }

            public String[] getRestrictionNames() {
                return new String[0];
            }

            public Value getRestriction(String restrictionName) {
                return null;
            }

            public Value[] getRestrictions(String restrictionName) throws RepositoryException {
                return null;
            }

            public Principal getPrincipal() {
                return testPrincipal;
            }

            public Privilege[] getPrivileges() {
                return new Privilege[0];
            }
        });
        fail("Passing a ACE with invalid privileges should fail");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Value(javax.jcr.Value) AccessControlException(javax.jcr.security.AccessControlException) RepositoryException(javax.jcr.RepositoryException) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 34 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.

the class AbstractEntryTest method testNotEquals.

public void testNotEquals() throws RepositoryException, NotExecutableException {
    JackrabbitAccessControlEntry ace = createEntry(new String[] { Privilege.JCR_ALL }, true);
    List<JackrabbitAccessControlEntry> otherAces = new ArrayList<JackrabbitAccessControlEntry>();
    try {
        // ACE template with different principal
        Principal princ = new Principal() {

            public String getName() {
                return "a name";
            }
        };
        Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) };
        otherAces.add(createEntry(princ, privs, true));
    } catch (RepositoryException e) {
    }
    // ACE template with different privileges
    try {
        otherAces.add(createEntry(new String[] { Privilege.JCR_READ }, true));
    } catch (RepositoryException e) {
    }
    // ACE template with different 'allow' flag
    try {
        otherAces.add(createEntry(new String[] { Privilege.JCR_ALL }, false));
    } catch (RepositoryException e) {
    }
    // ACE template with different privileges and 'allows
    try {
        otherAces.add(createEntry(new String[] { PrivilegeRegistry.REP_WRITE }, false));
    } catch (RepositoryException e) {
    }
    // other ace impl
    final Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) };
    JackrabbitAccessControlEntry pe = new JackrabbitAccessControlEntry() {

        public boolean isAllow() {
            return true;
        }

        public String[] getRestrictionNames() {
            return new String[0];
        }

        public Value getRestriction(String restrictionName) {
            return null;
        }

        public Value[] getRestrictions(String restrictionName) throws RepositoryException {
            return null;
        }

        public Principal getPrincipal() {
            return testPrincipal;
        }

        public Privilege[] getPrivileges() {
            return privs;
        }
    };
    otherAces.add(pe);
    for (JackrabbitAccessControlEntry otherAce : otherAces) {
        assertFalse(ace.equals(otherAce));
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) ArrayList(java.util.ArrayList) Value(javax.jcr.Value) RepositoryException(javax.jcr.RepositoryException) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal)

Example 35 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.

the class AbstractEntryTest method testGetPrivilegeBits.

public void testGetPrivilegeBits() throws RepositoryException, NotExecutableException {
    JackrabbitAccessControlEntry tmpl = createEntry(new String[] { Privilege.JCR_READ }, true);
    assertEquals(1, tmpl.getPrivileges().length);
    assertEquals(getAccessControlManager(superuser).privilegeFromName(Privilege.JCR_READ), tmpl.getPrivileges()[0]);
    tmpl = createEntry(new String[] { PrivilegeRegistry.REP_WRITE }, true);
    assertEquals(getAccessControlManager(superuser).privilegeFromName(PrivilegeRegistry.REP_WRITE), tmpl.getPrivileges()[0]);
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)

Aggregations

JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)48 AccessControlEntry (javax.jcr.security.AccessControlEntry)30 Privilege (javax.jcr.security.Privilege)25 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)19 Principal (java.security.Principal)16 Value (javax.jcr.Value)14 Test (org.junit.Test)12 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)11 AccessControlManager (javax.jcr.security.AccessControlManager)10 ArrayList (java.util.ArrayList)6 HashMap (java.util.HashMap)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 InputStream (java.io.InputStream)5 RepositoryException (javax.jcr.RepositoryException)5 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)5 ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)5 NodeImpl (org.apache.jackrabbit.core.NodeImpl)5 Node (javax.jcr.Node)4 AccessControlException (javax.jcr.security.AccessControlException)4 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)4