Examples with JackrabbitAccessControlManager org.apache.jackrabbit.api.security.JackrabbitAccessControlManager used on opensource projects

Example 11 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.

the class AccessControlImporterTest method testImportPrincipalBasedACL.

/**
     * Imports a principal-based ACL containing a single entry mist fail with
     * the default configuration.
     *
     * @throws Exception
     */
public void testImportPrincipalBasedACL() throws Exception {
    JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) sImpl.getAccessControlManager();
    if (acMgr.getApplicablePolicies(EveryonePrincipal.getInstance()).length > 0 || acMgr.getPolicies(EveryonePrincipal.getInstance()).length > 0) {
        // test expects that only resource-based acl is supported
        throw new NotExecutableException();
    }
    PrincipalManager pmgr = sImpl.getPrincipalManager();
    if (!pmgr.hasPrincipal(SecurityConstants.ADMINISTRATORS_NAME)) {
        UserManager umgr = sImpl.getUserManager();
        umgr.createGroup(new PrincipalImpl(SecurityConstants.ADMINISTRATORS_NAME));
        if (!umgr.isAutoSave()) {
            sImpl.save();
        }
        if (pmgr.hasPrincipal(SecurityConstants.ADMINISTRATORS_NAME)) {
            throw new NotExecutableException();
        }
    }
    NodeImpl target;
    NodeImpl root = (NodeImpl) sImpl.getRootNode();
    if (!root.hasNode(AccessControlConstants.N_ACCESSCONTROL)) {
        target = root.addNode(AccessControlConstants.N_ACCESSCONTROL, AccessControlConstants.NT_REP_ACCESS_CONTROL, null);
    } else {
        target = root.getNode(AccessControlConstants.N_ACCESSCONTROL);
        if (!target.isNodeType(AccessControlConstants.NT_REP_ACCESS_CONTROL)) {
            target.setPrimaryType(sImpl.getJCRName(AccessControlConstants.NT_REP_ACCESS_CONTROL));
        }
    }
    try {
        InputStream in = new ByteArrayInputStream(XML_AC_TREE.getBytes("UTF-8"));
        SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new PseudoConfig());
        ImportHandler ih = new ImportHandler(importer, sImpl);
        new ParsingContentHandler(ih).parse(in);
        fail("Default config only allows resource-based ACL -> protected import must fail");
    } catch (SAXException e) {
        if (e.getException() instanceof ConstraintViolationException) {
        // success
        } else {
            throw e;
        }
    } finally {
        superuser.refresh(false);
    }
}

Example 12 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class PrivilegeRegistrationTest method testJcrAllWithCustomPrivileges.

/**
     * @see <a href="https://issues.apache.org/jira/browse/OAK-2015">OAK-2015</a>
     */
@Test
public void testJcrAllWithCustomPrivileges() throws Exception {
    Node testNode = session.getRootNode().addNode("test");
    String testPath = testNode.getPath();
    AccessControlUtils.grantAllToEveryone(session, testPath);
    session.save();
    JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) session.getAccessControlManager();
    Privilege[] allPrivileges = AccessControlUtils.privilegesFromNames(session, Privilege.JCR_ALL);
    Set<Principal> principalSet = ImmutableSet.<Principal>of(EveryonePrincipal.getInstance());
    assertTrue(acMgr.hasPrivileges(testPath, principalSet, allPrivileges));
    privilegeManager.registerPrivilege("customPriv", false, null);
    assertTrue(acMgr.hasPrivileges(testPath, principalSet, allPrivileges));
}

Example 13 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class L7_PrivilegeDiscoveryTest method testGetPrivilegesForPrincipalsUserSession.

public void testGetPrivilegesForPrincipalsUserSession() throws Exception {
    JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) userSession.getAccessControlManager();
    // EXERCISE: complete the test case and explain the behaviour
    Privilege[] privs = acMgr.getPrivileges(testPath, ImmutableSet.of(gPrincipal));
    Set<Privilege> expectedPrivs = null;
    assertEquals(expectedPrivs, ImmutableSet.copyOf(privs));
}

Example 14 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class CompositeAccessControlManager method getPolicies.

@Override
public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws RepositoryException {
    ImmutableList.Builder<JackrabbitAccessControlPolicy> privs = ImmutableList.builder();
    for (AccessControlManager acMgr : acMgrs) {
        if (acMgr instanceof JackrabbitAccessControlManager) {
            privs.add(((JackrabbitAccessControlManager) acMgr).getPolicies(principal));
        }
    }
    List<JackrabbitAccessControlPolicy> l = privs.build();
    return l.toArray(new JackrabbitAccessControlPolicy[l.size()]);
}

Example 15 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class CompositeAccessControlManager method getApplicablePolicies.

//-------------------------------------< JackrabbitAccessControlManager >---
@Override
public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws RepositoryException {
    ImmutableList.Builder<JackrabbitAccessControlPolicy> policies = ImmutableList.builder();
    for (AccessControlManager acMgr : acMgrs) {
        if (acMgr instanceof JackrabbitAccessControlManager && acMgr instanceof PolicyOwner) {
            policies.add(((JackrabbitAccessControlManager) acMgr).getApplicablePolicies(principal));
        }
    }
    List<JackrabbitAccessControlPolicy> l = policies.build();
    return l.toArray(new JackrabbitAccessControlPolicy[l.size()]);
}