Search in sources :

Example 46 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class PermissionHookTest method testReorderAddAndRemoveAces2.

/**
     * ACE    :  0   1   2   3   4   5   6   7
     * Before :  tp  ev  p0  p1  p2  p3
     * After  :      ev      p2  p1  p3  p4  p5
     */
@Test
public void testReorderAddAndRemoveAces2() throws Exception {
    createPrincipals();
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
    for (int i = 0; i < 4; i++) {
        acl.addAccessControlEntry(principals.get(i), privilegesFromNames(JCR_READ));
    }
    acMgr.setPolicy(testPath, acl);
    root.commit();
    AccessControlEntry[] aces = acl.getAccessControlEntries();
    acl.removeAccessControlEntry(aces[0]);
    acl.removeAccessControlEntry(aces[2]);
    acl.orderBefore(aces[4], aces[3]);
    acl.addAccessControlEntry(principals.get(4), privilegesFromNames(JCR_READ));
    acl.addAccessControlEntry(principals.get(5), privilegesFromNames(JCR_READ));
    acMgr.setPolicy(testPath, acl);
    root.commit();
    Tree entry = getEntry(principals.get(2), testPath, 1);
    assertIndex(1, entry);
    entry = getEntry(principals.get(1), testPath, 2);
    assertIndex(2, entry);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlEntry(javax.jcr.security.AccessControlEntry) Tree(org.apache.jackrabbit.oak.api.Tree) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 47 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.

the class AbstractACLTemplateTest method testEffect.

public void testEffect() throws RepositoryException, NotExecutableException {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    Privilege[] read = privilegesFromName(Privilege.JCR_READ);
    Privilege[] modProp = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
    pt.addAccessControlEntry(testPrincipal, read);
    // add deny entry for mod_props
    assertTrue(pt.addEntry(testPrincipal, modProp, false, null));
    // test net-effect
    PrivilegeBits allows = PrivilegeBits.getInstance();
    PrivilegeBits denies = PrivilegeBits.getInstance();
    AccessControlEntry[] entries = pt.getAccessControlEntries();
    for (AccessControlEntry ace : entries) {
        if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
            PrivilegeBits entryBits = privilegeMgr.getBits(ace.getPrivileges());
            if (((JackrabbitAccessControlEntry) ace).isAllow()) {
                allows.addDifference(entryBits, denies);
            } else {
                denies.addDifference(entryBits, allows);
            }
        }
    }
    assertEquals(privilegeMgr.getBits(read), allows);
    assertEquals(privilegeMgr.getBits(modProp), denies);
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 48 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.

the class AbstractACLTemplateTest method testAddInvalidEntry2.

public void testAddInvalidEntry2() throws RepositoryException {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    try {
        pt.addAccessControlEntry(testPrincipal, new Privilege[0]);
        fail("Adding an ACE with invalid privileges should fail");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : AccessControlException(javax.jcr.security.AccessControlException) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 49 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.

the class AbstractACLTemplateTest method testRemoveInvalidEntry.

public void testRemoveInvalidEntry() throws RepositoryException {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    try {
        pt.removeAccessControlEntry(new JackrabbitAccessControlEntry() {

            public boolean isAllow() {
                return false;
            }

            public String[] getRestrictionNames() {
                return new String[0];
            }

            public Value getRestriction(String restrictionName) {
                return null;
            }

            public Value[] getRestrictions(String restrictionName) throws RepositoryException {
                return null;
            }

            public Principal getPrincipal() {
                return testPrincipal;
            }

            public Privilege[] getPrivileges() {
                try {
                    return privilegesFromName(Privilege.JCR_READ);
                } catch (Exception e) {
                    return new Privilege[0];
                }
            }
        });
        fail("Passing an unknown ACE should fail");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) Value(javax.jcr.Value) AccessControlException(javax.jcr.security.AccessControlException) RepositoryException(javax.jcr.RepositoryException) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal) AccessControlException(javax.jcr.security.AccessControlException) RepositoryException(javax.jcr.RepositoryException) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)

Example 50 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.

the class AccessControlImporterTest method testImportEmptyExistingPolicy.

/**
     * Imports an empty resource-based ACL for a policy that already exists.
     *
     * @throws Exception
     */
public void testImportEmptyExistingPolicy() throws Exception {
    NodeImpl target = (NodeImpl) testRootNode;
    target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
    AccessControlManager acMgr = sImpl.getAccessControlManager();
    for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
        AccessControlPolicy policy = it.nextAccessControlPolicy();
        if (policy instanceof AccessControlList) {
            acMgr.setPolicy(target.getPath(), policy);
        }
    }
    try {
        InputStream in = new ByteArrayInputStream(XML_POLICY_ONLY.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(0, entries.length);
    } finally {
        superuser.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler) JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) ByteArrayInputStream(java.io.ByteArrayInputStream)

Aggregations

JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)165 AccessControlManager (javax.jcr.security.AccessControlManager)75 Privilege (javax.jcr.security.Privilege)56 AccessControlEntry (javax.jcr.security.AccessControlEntry)46 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)46 Test (org.junit.Test)40 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)32 Principal (java.security.Principal)29 Node (javax.jcr.Node)23 Session (javax.jcr.Session)17 Value (javax.jcr.Value)17 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)15 Tree (org.apache.jackrabbit.oak.api.Tree)15 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)13 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)12 AccessControlException (javax.jcr.security.AccessControlException)10 NodeImpl (org.apache.jackrabbit.core.NodeImpl)9 ByteArrayInputStream (java.io.ByteArrayInputStream)8 InputStream (java.io.InputStream)8 Group (org.apache.jackrabbit.api.security.user.Group)8