Search in sources :

Example 41 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class L7_RestrictionsTest method testRetrieveRestrictionsFromACE.

public void testRetrieveRestrictionsFromACE() throws RepositoryException {
    ValueFactory vf = superuser.getValueFactory();
    acl.addEntry(testPrincipal, testPrivileges, false, ImmutableMap.of(AccessControlConstants.REP_GLOB, vf.createValue("/*")), ImmutableMap.of(AccessControlConstants.REP_PREFIXES, new Value[] { vf.createValue("jcr"), vf.createValue("rep") }));
    for (AccessControlEntry ace : acl.getAccessControlEntries()) {
        if (ace instanceof JackrabbitAccessControlEntry) {
            JackrabbitAccessControlEntry jace = (JackrabbitAccessControlEntry) ace;
        // EXERCISE retrieve the restriction names present on the ace and verify your expectations.
        // EXERCISE retrieve the restriction values for each restriction and verify your expectations.
        }
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Value(javax.jcr.Value) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) ValueFactory(javax.jcr.ValueFactory)

Example 42 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class L5_AccessControlListImplTest method testRemoveInvalidEntry.

public void testRemoveInvalidEntry() throws RepositoryException {
    assertTrue(AccessControlUtils.addAccessControlEntry(superuser, testRoot, testPrincipal, testPrivileges, true));
    // EXERCISE : walk through the removal and explain the expected behaviour.
    try {
        acl.removeAccessControlEntry(new JackrabbitAccessControlEntry() {

            public boolean isAllow() {
                return false;
            }

            public String[] getRestrictionNames() {
                return new String[0];
            }

            public Value getRestriction(String restrictionName) {
                return null;
            }

            public Value[] getRestrictions(String restrictionName) {
                return null;
            }

            public Principal getPrincipal() {
                return testPrincipal;
            }

            public Privilege[] getPrivileges() {
                return testPrivileges;
            }
        });
        fail("Passing an unknown ACE should fail");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Value(javax.jcr.Value) AccessControlException(javax.jcr.security.AccessControlException) InvalidTestPrincipal(org.apache.jackrabbit.oak.security.authorization.accesscontrol.InvalidTestPrincipal) Principal(java.security.Principal)

Example 43 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class AccessControlImporterTest method testImportACL.

/**
     * Imports a resource-based ACL containing a single entry.
     *
     * @throws Exception
     */
public void testImportACL() throws Exception {
    try {
        Node target = testRootNode;
        doImport(target.getPath(), XML_POLICY_TREE);
        assertTrue(target.hasNode("test"));
        String path = target.getNode("test").getPath();
        AccessControlManager acMgr = superuser.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(path);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals(EveryonePrincipal.NAME, entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Node(javax.jcr.Node) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 44 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class AccessControlImporterTest method testImportACLRemoveACE.

public void testImportACLRemoveACE() throws Exception {
    try {
        Node target = createImportTarget();
        doImport(target.getPath(), XML_POLICY_TREE_3);
        doImport(target.getPath(), XML_POLICY_TREE_5);
        String path = target.getPath();
        AccessControlManager acMgr = superuser.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(path);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals(VALID_PRINCIPAL_NAME, entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Node(javax.jcr.Node) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 45 with JackrabbitAccessControlEntry

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.

the class AccessControlImporterTest method testImportACLOnly.

public void testImportACLOnly() throws Exception {
    try {
        Node target = createImportTarget();
        doImport(target.getPath(), XML_POLICY_TREE_3);
        String path = target.getPath();
        AccessControlManager acMgr = superuser.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(path);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(2, entries.length);
        AccessControlEntry entry = entries[0];
        assertEquals(EveryonePrincipal.NAME, entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        entry = entries[1];
        assertEquals(VALID_PRINCIPAL_NAME, entry.getPrincipal().getName());
        assertEquals(1, entry.getPrivileges().length);
        assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
        if (entry instanceof JackrabbitAccessControlEntry) {
            assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
        }
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Node(javax.jcr.Node) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Aggregations

JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)48 AccessControlEntry (javax.jcr.security.AccessControlEntry)30 Privilege (javax.jcr.security.Privilege)25 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)19 Principal (java.security.Principal)16 Value (javax.jcr.Value)14 Test (org.junit.Test)12 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)11 AccessControlManager (javax.jcr.security.AccessControlManager)10 ArrayList (java.util.ArrayList)6 HashMap (java.util.HashMap)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 InputStream (java.io.InputStream)5 RepositoryException (javax.jcr.RepositoryException)5 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)5 ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)5 NodeImpl (org.apache.jackrabbit.core.NodeImpl)5 Node (javax.jcr.Node)4 AccessControlException (javax.jcr.security.AccessControlException)4 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)4