use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AccessControlListImplTest method testMultipleEntryEffect2.
public void testMultipleEntryEffect2() throws Exception {
JackrabbitAccessControlList acl = createAccessControList(testRoot);
// GRANT a read privilege
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ });
assertTrue("New Entry -> grants read privilege", acl.addAccessControlEntry(unknownPrincipal, privileges));
assertTrue("Fail to revoke the read privilege", acl.addEntry(unknownPrincipal, privileges, false, createEmptyRestriction()));
Assert.assertEquals(2, acl.size());
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class FlatTreeWithAceForSamePrincipalTest method beforeSuite.
@Override
protected void beforeSuite() throws Exception {
long start = System.currentTimeMillis();
admin = loginWriter();
userManager = ((JackrabbitSession) admin).getUserManager();
Principal userPrincipal = userManager.createUser(TEST_USER_ID, TEST_USER_ID).getPrincipal();
AccessControlManager acm = admin.getAccessControlManager();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acm, "/");
acl.addEntry(userPrincipal, AccessControlUtils.privilegesFromNames(acm, PrivilegeConstants.JCR_READ), true);
acm.setPolicy("/", acl);
Node a = admin.getRootNode().addNode(ROOT_NODE_NAME, "nt:folder");
for (int i = 1; i < 10000; i++) {
a.addNode("node" + i, "nt:folder");
acl = AccessControlUtils.getAccessControlList(acm, ROOT_PATH + "/node" + i);
acl.addEntry(userPrincipal, AccessControlUtils.privilegesFromNames(acm, PrivilegeConstants.JCR_READ), true);
acm.setPolicy(ROOT_PATH + "/node" + i, acl);
}
admin.save();
reader = login(new SimpleCredentials(TEST_USER_ID, TEST_USER_ID.toCharArray()));
long end = System.currentTimeMillis();
System.out.println("setup time " + (end - start));
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ClusterPermissionsTest method testAclPropagation.
@Test
public void testAclPropagation() throws Exception {
Tree node = root1.getTree("/").addChild("testNode");
node.setProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED, Type.NAME);
User user1 = userManager1.createUser("testUser", "testUser");
JackrabbitAccessControlList acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
acl1.addEntry(user1.getPrincipal(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:all"), true);
aclMgr1.setPolicy("/testNode", acl1);
root1.commit();
syncClusterNodes();
root2.refresh();
JackrabbitAccessControlList acl2 = AccessControlUtils.getAccessControlList(aclMgr2, "/testNode");
AccessControlEntry[] aces = acl2.getAccessControlEntries();
assertEquals(1, aces.length);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ClusterPermissionsTest method testPermissionPropagation.
@Test
public void testPermissionPropagation() throws Exception {
// create a "/testNode"
Tree node = root1.getTree("/").addChild("testNode");
node.setProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED, Type.NAME);
// create 2 users
User user1 = userManager1.createUser("testUser1", "testUser1");
User user2 = userManager1.createUser("testUser2", "testUser2");
JackrabbitAccessControlList acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
// deny jcr:all for everyone on /testNode
acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:all"), false);
// allow jcr:read for testUser1 on /testNode
acl1.addEntry(user1.getPrincipal(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
aclMgr1.setPolicy("/testNode", acl1);
root1.commit();
syncClusterNodes();
root2.refresh();
// login with testUser1 and testUser2 (on cluster node 2)
ContentSession session1 = contentRepository2.login(new SimpleCredentials("testUser1", "testUser1".toCharArray()), null);
ContentSession session2 = contentRepository2.login(new SimpleCredentials("testUser2", "testUser2".toCharArray()), null);
// testUser1 can read /testNode
assertTrue(session1.getLatestRoot().getTree("/testNode").exists());
// testUser2 cannot read /testNode
assertFalse(session2.getLatestRoot().getTree("/testNode").exists());
// now, allow jcr:read also for 'everyone' (on cluster node 1)
acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
aclMgr1.setPolicy("/testNode", acl1);
root1.commit();
syncClusterNodes();
root2.refresh();
// testUser1 can read /testNode
assertTrue(session1.getLatestRoot().getTree("/testNode").exists());
// testUser2 can also read /testNode
assertTrue(session2.getLatestRoot().getTree("/testNode").exists());
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class PermissionHookTest method before.
@Override
@Before
public void before() throws Exception {
super.before();
testPrincipal = getTestUser().getPrincipal();
NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper);
NodeUtil testNode = rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED);
testNode.addChild("childNode", JcrConstants.NT_UNSTRUCTURED);
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
acl.addAccessControlEntry(testPrincipal, privilegesFromNames(JCR_ADD_CHILD_NODES));
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(JCR_READ));
acMgr.setPolicy(testPath, acl);
root.commit();
bitsProvider = new PrivilegeBitsProvider(root);
}
Aggregations