use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.
the class WriteTest method testEditor2.
public void testEditor2() throws NotExecutableException, RepositoryException {
UserManager uMgr = getUserManager(superuser);
User u = null;
User u2 = null;
try {
u = uMgr.createUser("t", "t");
u2 = uMgr.createUser("tt", "tt", new TestPrincipal("tt"), "t/tt");
if (!uMgr.isAutoSave()) {
superuser.save();
}
Principal p = u.getPrincipal();
Principal p2 = u2.getPrincipal();
if (p instanceof ItemBasedPrincipal && p2 instanceof ItemBasedPrincipal && Text.isDescendant(((ItemBasedPrincipal) p).getPath(), ((ItemBasedPrincipal) p2).getPath())) {
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p2);
acMgr.setPolicy(acls[0].getPath(), acls[0]);
acls = acMgr.getApplicablePolicies(p);
String path = acls[0].getPath();
Node n = superuser.getNode(path);
assertEquals("rep:PrincipalAccessControl", n.getPrimaryNodeType().getName());
} else {
throw new NotExecutableException();
}
} finally {
superuser.refresh(false);
if (u2 != null)
u2.remove();
if (u != null)
u.remove();
if (!uMgr.isAutoSave()) {
superuser.save();
}
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.
the class WriteTest method testEditor.
public void testEditor() throws NotExecutableException, RepositoryException {
UserManager uMgr = getUserManager(superuser);
User u = null;
try {
u = uMgr.createUser("t", "t");
if (!uMgr.isAutoSave()) {
superuser.save();
}
Principal p = u.getPrincipal();
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p);
assertEquals(1, acls.length);
assertTrue(acls[0] instanceof ACLTemplate);
// access again
acls = acMgr.getApplicablePolicies(p);
assertEquals(1, acls.length);
assertEquals(1, acMgr.getApplicablePolicies(acls[0].getPath()).getSize());
assertEquals(0, acMgr.getPolicies(p).length);
assertEquals(0, acMgr.getPolicies(acls[0].getPath()).length);
acMgr.setPolicy(acls[0].getPath(), acls[0]);
assertEquals(0, acMgr.getApplicablePolicies(p).length);
assertEquals(1, acMgr.getPolicies(p).length);
assertEquals(1, acMgr.getPolicies(acls[0].getPath()).length);
} finally {
superuser.refresh(false);
if (u != null) {
u.remove();
if (!uMgr.isAutoSave()) {
superuser.save();
}
}
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.
the class WriteTest method testInvalidPrincipal.
public void testInvalidPrincipal() throws Exception {
PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
String unknown = "unknown";
while (pMgr.hasPrincipal(unknown)) {
unknown = unknown + "_";
}
Principal principal = new PrincipalImpl(unknown);
if (acMgr instanceof JackrabbitAccessControlManager) {
// first try applicable policies
try {
AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acMgr).getApplicablePolicies(principal);
assertNotNull(policies);
assertEquals(0, policies.length);
} catch (AccessControlException e) {
// success
}
// second existing policies
try {
AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acMgr).getPolicies(principal);
assertNotNull(policies);
assertEquals(0, policies.length);
} catch (AccessControlException e) {
// success
}
} else {
throw new NotExecutableException();
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.
the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.
public void testGetEffectivePoliciesByPrincipal() throws Exception {
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);
JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));
acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
if (acp.length == 0) {
acp = jacMgr.getPolicies(testUser.getPrincipal());
}
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlList);
// let testuser read the ACL defined for 'testUser' principal.
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
jacMgr.setPolicy(acl.getPath(), acl);
superuser.save();
Session testSession = getTestSession();
AccessControlManager testAcMgr = getTestACManager();
// effective policies for testPrinicpal only on path -> must succeed.
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
// effective policies for a combination of principals -> must fail
try {
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(((SessionImpl) testSession).getSubject().getPrincipals());
fail();
} catch (AccessDeniedException e) {
// success
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.
the class AccessControlImporterTest method testImportPrincipalBasedACL.
/**
* Imports a principal-based ACL containing a single entry mist fail with
* the default configuration.
*
* @throws Exception
*/
public void testImportPrincipalBasedACL() throws Exception {
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) sImpl.getAccessControlManager();
if (acMgr.getApplicablePolicies(EveryonePrincipal.getInstance()).length > 0 || acMgr.getPolicies(EveryonePrincipal.getInstance()).length > 0) {
// test expects that only resource-based acl is supported
throw new NotExecutableException();
}
PrincipalManager pmgr = sImpl.getPrincipalManager();
if (!pmgr.hasPrincipal(SecurityConstants.ADMINISTRATORS_NAME)) {
UserManager umgr = sImpl.getUserManager();
umgr.createGroup(new PrincipalImpl(SecurityConstants.ADMINISTRATORS_NAME));
if (!umgr.isAutoSave()) {
sImpl.save();
}
if (pmgr.hasPrincipal(SecurityConstants.ADMINISTRATORS_NAME)) {
throw new NotExecutableException();
}
}
NodeImpl target;
NodeImpl root = (NodeImpl) sImpl.getRootNode();
if (!root.hasNode(AccessControlConstants.N_ACCESSCONTROL)) {
target = root.addNode(AccessControlConstants.N_ACCESSCONTROL, AccessControlConstants.NT_REP_ACCESS_CONTROL, null);
} else {
target = root.getNode(AccessControlConstants.N_ACCESSCONTROL);
if (!target.isNodeType(AccessControlConstants.NT_REP_ACCESS_CONTROL)) {
target.setPrimaryType(sImpl.getJCRName(AccessControlConstants.NT_REP_ACCESS_CONTROL));
}
}
try {
InputStream in = new ByteArrayInputStream(XML_AC_TREE.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
fail("Default config only allows resource-based ACL -> protected import must fail");
} catch (SAXException e) {
if (e.getException() instanceof ConstraintViolationException) {
// success
} else {
throw e;
}
} finally {
superuser.refresh(false);
}
}
Aggregations