Examples with JackrabbitAccessControlManager org.apache.jackrabbit.api.security.JackrabbitAccessControlManager used on opensource projects

Search in sources :

Example 6 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class PrincipalACLTest method before.

@Override
@Before
public void before() throws Exception {
    super.before();
    JackrabbitAccessControlManager acMgr = getAccessControlManager(root);
    AccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, TEST_PATH);
    policy.addAccessControlEntry(testPrincipal, testPrivileges);
    policy.addAccessControlEntry(EveryonePrincipal.getInstance(), testPrivileges);
    acMgr.setPolicy(TEST_PATH, policy);
    root.commit();
    principalAcl = getPrincipalAcl(acMgr, testPrincipal);
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) Before(org.junit.Before)

Example 7 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.

the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.

public void testGetEffectivePoliciesByPrincipal() throws Exception {
    /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    // give 'testUser' READ_AC privileges at 'path'
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    givePrivileges(path, privileges, getRestrictions(superuser, path));
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    // effective policies for testPrinicpal only on path -> must succeed.
    ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
    // effective policies for a combination of principals -> must fail since
    // policy for 'everyone' at root node cannot be read by testuser
    Set<Principal> principals = ((SessionImpl) testSession).getSubject().getPrincipals();
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(principals);
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
    withdrawPrivileges(childNPath, privileges, getRestrictions(superuser, childNPath));
    // the denied acl at 'childNPath' -> must fail
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessDeniedException(javax.jcr.AccessDeniedException) Privilege(javax.jcr.security.Privilege) Principal(java.security.Principal) Session(javax.jcr.Session)

Example 8 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.

the class EntryCollectorTest method testPermissions.

public void testPermissions() throws Exception {
    Session superuser2 = getHelper().getSuperuserSession();
    try {
        JackrabbitAccessControlManager acM = (JackrabbitAccessControlManager) acMgr;
        JackrabbitAccessControlManager acM2 = (JackrabbitAccessControlManager) superuser2.getAccessControlManager();
        Set<Principal> principals = Collections.singleton(testGroup.getPrincipal());
        // --- test1 : add an ACE at path ----------------------------------
        Privilege[] privs = privilegesFromName(Privilege.JCR_LOCK_MANAGEMENT);
        modifyPrivileges(path, testGroup.getPrincipal(), privs, true);
        assertTrue(acM.hasPrivileges(path, principals, privs));
        assertTrue(acM2.hasPrivileges(path, principals, privs));
        assertTrue(acM.hasPrivileges(childNPath, principals, privs));
        assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
        // --- test2: modify the policy at 'path' ------------------------------
        modifyPrivileges(path, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_WRITE), true);
        privs = privilegesFromNames(new String[] { Privilege.JCR_LOCK_MANAGEMENT, Privilege.JCR_WRITE });
        assertTrue(acM.hasPrivileges(path, principals, privs));
        assertTrue(acM2.hasPrivileges(path, principals, privs));
        assertTrue(acM.hasPrivileges(childNPath, principals, privs));
        assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
        // --- test3: add an policy at childNPath ------------------------------
        modifyPrivileges(childNPath, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_ADD_CHILD_NODES), false);
        privs = privilegesFromNames(new String[] { Privilege.JCR_LOCK_MANAGEMENT, Privilege.JCR_WRITE });
        assertTrue(acM.hasPrivileges(path, principals, privs));
        assertTrue(acM2.hasPrivileges(path, principals, privs));
        privs = privilegesFromNames(new String[] { Privilege.JCR_LOCK_MANAGEMENT, Privilege.JCR_MODIFY_PROPERTIES, Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE });
        assertTrue(acM.hasPrivileges(childNPath, principals, privs));
        assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
        // --- test4: modify policy at childNPath --------------------------
        modifyPrivileges(childNPath, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES), false);
        privs = privilegesFromNames(new String[] { Privilege.JCR_LOCK_MANAGEMENT, Privilege.JCR_WRITE });
        assertTrue(acM.hasPrivileges(path, principals, privs));
        assertTrue(acM2.hasPrivileges(path, principals, privs));
        privs = privilegesFromNames(new String[] { Privilege.JCR_LOCK_MANAGEMENT, Privilege.JCR_MODIFY_PROPERTIES, Privilege.JCR_REMOVE_NODE });
        assertTrue(acM.hasPrivileges(childNPath, principals, privs));
        assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
        // --- test4: remove policy at childNPath --------------------------
        acMgr.removePolicy(childNPath, acMgr.getPolicies(childNPath)[0]);
        superuser.save();
        privs = privilegesFromNames(new String[] { Privilege.JCR_LOCK_MANAGEMENT, Privilege.JCR_WRITE });
        assertTrue(acM.hasPrivileges(path, principals, privs));
        assertTrue(acM2.hasPrivileges(path, principals, privs));
        assertTrue(acM.hasPrivileges(childNPath, principals, privs));
        assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
    } finally {
        superuser2.logout();
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) Privilege(javax.jcr.security.Privilege) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal) Session(javax.jcr.Session) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)

Example 9 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipal.

@Test
public void testTestSessionGetEffectivePoliciesByPrincipal() throws Exception {
    NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
    String childPath = child.getTree().getPath();
    Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
    setupPolicy(testPath, privs);
    setupPolicy(childPath, privs);
    root.commit();
    Root testRoot = getTestRoot();
    testRoot.refresh();
    JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
    AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
    assertNotNull(effective);
    assertEquals(2, effective.length);
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) Privilege(javax.jcr.security.Privilege) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 10 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testTestSessionGetPolicies.

@Test
public void testTestSessionGetPolicies() throws Exception {
    setupPolicy(testPath);
    root.commit();
    Root testRoot = getTestRoot();
    testRoot.refresh();
    JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
    PrincipalManager testPrincipalMgr = getPrincipalManager(testRoot);
    List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
    for (Principal principal : principals) {
        if (testPrincipalMgr.hasPrincipal(principal.getName())) {
            // testRoot can't read access control content -> doesn't see
            // the existing policies and creates a new applicable policy.
            AccessControlPolicy[] policies = testAcMgr.getPolicies(principal);
            assertNotNull(policies);
            assertEquals(0, policies.length);
        } else {
            // testRoot can't read principal -> no policies for that principal
            assertEquals(0, testAcMgr.getPolicies(principal).length);
        }
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)29 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)16 Principal (java.security.Principal)15 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)15 Privilege (javax.jcr.security.Privilege)11 Test (org.junit.Test)8 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)7 Root (org.apache.jackrabbit.oak.api.Root)7 AccessControlManager (javax.jcr.security.AccessControlManager)6 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)5 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)5 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)4 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)4 ImmutableList (com.google.common.collect.ImmutableList)3 Session (javax.jcr.Session)3 ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)3 PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)3 UserManager (org.apache.jackrabbit.api.security.user.UserManager)3 PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial