Search in sources :

Example 56 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class ConcurrentCreateNodesTest method createACLsForEveryone.

private void createACLsForEveryone(Session session, int numACLs) throws RepositoryException {
    AccessControlManager acMgr = session.getAccessControlManager();
    Node listenHere = session.getRootNode().addNode("nodes-with-acl");
    for (int i = 0; i < numACLs; i++) {
        String path = listenHere.addNode("node-" + i).getPath();
        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, path);
        if (acl.isEmpty()) {
            Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
            if (acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges)) {
                acMgr.setPolicy(path, acl);
            }
        }
    }
    session.save();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 57 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class ConcurrentEveryoneACLTest method beforeSuite.

@Override
public void beforeSuite() throws Exception {
    Session session = loginWriter();
    AccessControlManager acMgr = session.getAccessControlManager();
    Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
    final Node root = session.getRootNode().addNode(ROOT_NODE_NAME, "nt:unstructured");
    for (int i = 0; i < NODE_COUNT; i++) {
        Node node = root.addNode("node" + i, "nt:unstructured");
        for (int j = 0; j < NODE_COUNT; j++) {
            Node newNode = node.addNode("node" + j, "nt:unstructured");
            JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, newNode.getPath());
            acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
            acMgr.setPolicy(newNode.getPath(), acl);
        }
        session.save();
    }
    // deny everyone on root node
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, root.getPath());
    acl.addEntry(EveryonePrincipal.getInstance(), privileges, false);
    acMgr.setPolicy(root.getPath(), acl);
    session.save();
    final int[] numACEs = new int[1];
    ItemVisitor v = new TraversingItemVisitor.Default() {

        @Override
        protected void entering(Node node, int i) throws RepositoryException {
            if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
                numACEs[0]++;
            }
            super.entering(node, i);
        }

        @Override
        protected void entering(Property prop, int i) throws RepositoryException {
            super.entering(prop, i);
        }
    };
    v.visit(root);
    System.out.println("Num ACEs: " + numACEs[0]);
    session.logout();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) ItemVisitor(javax.jcr.ItemVisitor) TraversingItemVisitor(javax.jcr.util.TraversingItemVisitor) Node(javax.jcr.Node) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Property(javax.jcr.Property) Session(javax.jcr.Session)

Example 58 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class ConcurrentReadAccessControlledTreeTest2 method addPolicy.

private void addPolicy(Node node) throws RepositoryException {
    AccessControlManager acMgr = node.getSession().getAccessControlManager();
    String path = node.getPath();
    int level = 0;
    if (node.isNodeType(AccessControlConstants.NT_REP_POLICY)) {
        level = 1;
    } else if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
        level = 2;
    } else if (node.isNodeType(AccessControlConstants.NT_REP_RESTRICTIONS)) {
        level = 3;
    }
    if (level > 0) {
        path = Text.getRelativeParent(path, level);
    }
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(node.getSession(), path);
    if (acl != null) {
        Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
        for (Principal principal : principals) {
            acl.addAccessControlEntry(principal, privileges);
        }
        acMgr.setPolicy(path, acl);
        adminSession.save();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal)

Example 59 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class ConcurrentReadSinglePolicyTreeTest method visitingNode.

@Override
protected void visitingNode(Node node, int i) throws RepositoryException {
    super.visitingNode(node, i);
    String path = node.getPath();
    AccessControlManager acMgr = node.getSession().getAccessControlManager();
    if (testRoot.getPath().equals(path)) {
        JackrabbitAccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, path);
        if (policy != null) {
            policy.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ), true);
        }
        acMgr.setPolicy(path, policy);
    } else if (!path.contains("rep:policy")) {
        for (AccessControlPolicy policy : acMgr.getPolicies(path)) {
            if (policy instanceof JackrabbitAccessControlList) {
                acMgr.removePolicy(path, policy);
            }
        }
    }
    node.getSession().save();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 60 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class AbstractRemoveMembersByIdTest method removeExistingMemberWithoutAccess.

Set<String> removeExistingMemberWithoutAccess() throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testGroup.getPath());
    if (acl != null) {
        if (acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_USER_MANAGEMENT), true)) {
            acMgr.setPolicy(testGroup.getPath(), acl);
            root.commit();
        }
    }
    String userId = getTestUser().getID();
    ContentSession testSession = null;
    try {
        testSession = login(new SimpleCredentials(userId, userId.toCharArray()));
        Root testRoot = testSession.getLatestRoot();
        assertFalse(testRoot.getTree(memberGroup.getPath()).exists());
        Group gr = getUserManager(testRoot).getAuthorizable(testGroup.getID(), Group.class);
        Set<String> failed = gr.removeMembers(memberGroup.getID());
        testRoot.commit();
        return failed;
    } finally {
        if (testSession != null) {
            testSession.close();
        }
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) Root(org.apache.jackrabbit.oak.api.Root) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Aggregations

JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)165 AccessControlManager (javax.jcr.security.AccessControlManager)75 Privilege (javax.jcr.security.Privilege)56 AccessControlEntry (javax.jcr.security.AccessControlEntry)46 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)46 Test (org.junit.Test)40 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)32 Principal (java.security.Principal)29 Node (javax.jcr.Node)23 Session (javax.jcr.Session)17 Value (javax.jcr.Value)17 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)15 Tree (org.apache.jackrabbit.oak.api.Tree)15 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)13 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)12 AccessControlException (javax.jcr.security.AccessControlException)10 NodeImpl (org.apache.jackrabbit.core.NodeImpl)9 ByteArrayInputStream (java.io.ByteArrayInputStream)8 InputStream (java.io.InputStream)8 Group (org.apache.jackrabbit.api.security.user.Group)8