Example 26 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AccessControlImporterTest method testImportWithDefaultImporter.
/**
* With the default importer that isn't able to deal with ACEs the
* policy will be created but any ACEs will be ignored.
*
* @throws Exception
*/
public void testImportWithDefaultImporter() throws Exception {
NodeImpl target = (NodeImpl) testRootNode;
try {
InputStream in = new ByteArrayInputStream(XML_POLICY_TREE.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, null);
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
assertTrue(target.hasNode("test"));
String path = target.getNode("test").getPath();
AccessControlManager acMgr = sImpl.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(path);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(0, entries.length);
} finally {
superuser.refresh(false);
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler)
JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Example 27 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ConcurrentCreateNodesTest method createACLsForEveryone.
private void createACLsForEveryone(Session session, int numACLs) throws RepositoryException {
AccessControlManager acMgr = session.getAccessControlManager();
Node listenHere = session.getRootNode().addNode("nodes-with-acl");
for (int i = 0; i < numACLs; i++) {
String path = listenHere.addNode("node-" + i).getPath();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, path);
if (acl.isEmpty()) {
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
if (acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges)) {
acMgr.setPolicy(path, acl);
}
}
}
session.save();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Node(javax.jcr.Node)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Example 28 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ConcurrentEveryoneACLTest method beforeSuite.
@Override
public void beforeSuite() throws Exception {
Session session = loginWriter();
AccessControlManager acMgr = session.getAccessControlManager();
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
final Node root = session.getRootNode().addNode(ROOT_NODE_NAME, "nt:unstructured");
for (int i = 0; i < NODE_COUNT; i++) {
Node node = root.addNode("node" + i, "nt:unstructured");
for (int j = 0; j < NODE_COUNT; j++) {
Node newNode = node.addNode("node" + j, "nt:unstructured");
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, newNode.getPath());
acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
acMgr.setPolicy(newNode.getPath(), acl);
}
session.save();
}
// deny everyone on root node
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, root.getPath());
acl.addEntry(EveryonePrincipal.getInstance(), privileges, false);
acMgr.setPolicy(root.getPath(), acl);
session.save();
final int[] numACEs = new int[1];
ItemVisitor v = new TraversingItemVisitor.Default() {
@Override
protected void entering(Node node, int i) throws RepositoryException {
if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
numACEs[0]++;
}
super.entering(node, i);
}
@Override
protected void entering(Property prop, int i) throws RepositoryException {
super.entering(prop, i);
}
};
v.visit(root);
System.out.println("Num ACEs: " + numACEs[0]);
session.logout();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
ItemVisitor(javax.jcr.ItemVisitor)
TraversingItemVisitor(javax.jcr.util.TraversingItemVisitor)
Node(javax.jcr.Node)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Property(javax.jcr.Property)
Session(javax.jcr.Session)
Example 29 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ConcurrentReadAccessControlledTreeTest2 method addPolicy.
private void addPolicy(Node node) throws RepositoryException {
AccessControlManager acMgr = node.getSession().getAccessControlManager();
String path = node.getPath();
int level = 0;
if (node.isNodeType(AccessControlConstants.NT_REP_POLICY)) {
level = 1;
} else if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
level = 2;
} else if (node.isNodeType(AccessControlConstants.NT_REP_RESTRICTIONS)) {
level = 3;
}
if (level > 0) {
path = Text.getRelativeParent(path, level);
}
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(node.getSession(), path);
if (acl != null) {
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
for (Principal principal : principals) {
acl.addAccessControlEntry(principal, privileges);
}
acMgr.setPolicy(path, acl);
adminSession.save();
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
Privilege(javax.jcr.security.Privilege)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Principal(java.security.Principal)
Example 30 with JackrabbitAccessControlList
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ConcurrentReadSinglePolicyTreeTest method visitingNode.
@Override
protected void visitingNode(Node node, int i) throws RepositoryException {
super.visitingNode(node, i);
String path = node.getPath();
AccessControlManager acMgr = node.getSession().getAccessControlManager();
if (testRoot.getPath().equals(path)) {
JackrabbitAccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, path);
if (policy != null) {
policy.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ), true);
}
acMgr.setPolicy(path, policy);
} else if (!path.contains("rep:policy")) {
for (AccessControlPolicy policy : acMgr.getPolicies(path)) {
if (policy instanceof JackrabbitAccessControlList) {
acMgr.removePolicy(path, policy);
}
}
}
node.getSession().save();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Aggregations
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)165
AccessControlManager (javax.jcr.security.AccessControlManager)75
Privilege (javax.jcr.security.Privilege)56
AccessControlEntry (javax.jcr.security.AccessControlEntry)46
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)46
Test (org.junit.Test)40
JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)32
Principal (java.security.Principal)29
Node (javax.jcr.Node)23
Session (javax.jcr.Session)17
Value (javax.jcr.Value)17
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)15
Tree (org.apache.jackrabbit.oak.api.Tree)15
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)13
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)12
AccessControlException (javax.jcr.security.AccessControlException)10
NodeImpl (org.apache.jackrabbit.core.NodeImpl)9
ByteArrayInputStream (java.io.ByteArrayInputStream)8
InputStream (java.io.InputStream)8
Group (org.apache.jackrabbit.api.security.user.Group)8
