Search in sources :

Example 41 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class TreePermissionImplTest method testCanReadProperties2.

@Test
public void testCanReadProperties2() throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
    acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ), true);
    acMgr.setPolicy("/test", acl);
    root.commit();
    Tree policyTree = root.getTree("/test/rep:policy");
    NodeUtil ace = new NodeUtil(policyTree).addChild("ace2", NT_REP_DENY_ACE);
    ace.setNames(REP_PRIVILEGES, PrivilegeConstants.REP_READ_PROPERTIES);
    ace.setString(REP_PRINCIPAL_NAME, getTestUser().getPrincipal().getName());
    root.commit();
    TreePermission tp = getTreePermission("/test");
    assertFalse(tp.canReadProperties());
    assertTrue(tp.canRead());
    assertFalse(tp.canReadProperties());
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Tree(org.apache.jackrabbit.oak.api.Tree) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 42 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class TreePermissionImplTest method testCanReadProperties.

@Test
public void testCanReadProperties() throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
    acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ), true);
    acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.REP_READ_PROPERTIES), false);
    acMgr.setPolicy("/test", acl);
    root.commit();
    TreePermission tp = getTreePermission("/test");
    assertFalse(tp.canReadProperties());
    assertTrue(tp.canRead());
    assertFalse(tp.canReadProperties());
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 43 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class PermissionStoreTest method before.

@Override
public void before() throws Exception {
    super.before();
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
    if (acl != null) {
        acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_ALL), true);
    }
    acMgr.setPolicy("/", acl);
    root.commit();
    testSession = createTestSession();
    testRoot = testSession.getLatestRoot();
    acConfig = getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 44 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class RepoPolicyTreePermissionTest method after.

@Override
public void after() throws Exception {
    try {
        AccessControlManager acMgr = getAccessControlManager(root);
        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, null);
        if (acl != null) {
            acMgr.removePolicy(null, acl);
            root.commit();
        }
        accessSession.close();
        noAccessSession.close();
    } finally {
        super.after();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Example 45 with JackrabbitAccessControlList

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.

the class VersionStorageTest method after.

@Override
public void after() throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
    for (AccessControlEntry ace : acl.getAccessControlEntries()) {
        if (testPrincipal.equals(ace.getPrincipal())) {
            acl.removeAccessControlEntry(ace);
        }
    }
    acMgr.setPolicy("/", acl);
    root.commit();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlEntry(javax.jcr.security.AccessControlEntry) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)

Aggregations

JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)165 AccessControlManager (javax.jcr.security.AccessControlManager)75 Privilege (javax.jcr.security.Privilege)56 AccessControlEntry (javax.jcr.security.AccessControlEntry)46 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)46 Test (org.junit.Test)40 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)32 Principal (java.security.Principal)29 Node (javax.jcr.Node)23 Session (javax.jcr.Session)17 Value (javax.jcr.Value)17 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)15 Tree (org.apache.jackrabbit.oak.api.Tree)15 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)13 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)12 AccessControlException (javax.jcr.security.AccessControlException)10 NodeImpl (org.apache.jackrabbit.core.NodeImpl)9 ByteArrayInputStream (java.io.ByteArrayInputStream)8 InputStream (java.io.InputStream)8 Group (org.apache.jackrabbit.api.security.user.Group)8