use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.
the class L4_EffectivePoliciesTest method testSessionGetEffectivePoliciesByPrincipal.
public void testSessionGetEffectivePoliciesByPrincipal() throws Exception {
Privilege[] privileges = AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ, Privilege.JCR_READ_ACCESS_CONTROL);
setupPolicy(testRoot, privileges, testPrincipal);
setupPolicy(childPath, testPrivileges, EveryonePrincipal.getInstance());
superuser.save();
testSession = getTestSession();
JackrabbitAccessControlManager testAcMgr = (JackrabbitAccessControlManager) testSession.getAccessControlManager();
AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
// EXERCISE
int expectedLength = -1;
assertEquals(expectedLength, effective.length);
// EXERCISE : explain the result
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.
the class AccessControlImporter method addACE.
private void addACE(NodeInfo childInfo, List<PropInfo> propInfos) throws RepositoryException, UnsupportedRepositoryOperationException {
// node type may only be rep:GrantACE or rep:DenyACE
Name ntName = childInfo.getNodeTypeName();
if (!ACE_NODETYPES.contains(ntName)) {
throw new ConstraintViolationException("Cannot handle childInfo " + childInfo + "; expected a valid, applicable rep:ACE node definition.");
}
checkIdMixins(childInfo);
boolean isAllow = AccessControlConstants.NT_REP_GRANT_ACE.equals(ntName);
Principal principal = null;
Privilege[] privileges = null;
Map<String, TextValue> restrictions = new HashMap<String, TextValue>();
for (PropInfo pInfo : propInfos) {
Name name = pInfo.getName();
if (AccessControlConstants.P_PRINCIPAL_NAME.equals(name)) {
Value[] values = pInfo.getValues(PropertyType.STRING, resolver);
if (values == null || values.length != 1) {
throw new ConstraintViolationException("");
}
String pName = values[0].getString();
principal = session.getPrincipalManager().getPrincipal(pName);
if (principal == null) {
if (importBehavior == ImportBehavior.BEST_EFFORT) {
// create "fake" principal that is always accepted in ACLTemplate.checkValidEntry()
principal = new UnknownPrincipal(pName);
} else {
// create "fake" principal. this is checked again in ACLTemplate.checkValidEntry()
principal = new PrincipalImpl(pName);
}
}
} else if (AccessControlConstants.P_PRIVILEGES.equals(name)) {
Value[] values = pInfo.getValues(PropertyType.NAME, resolver);
privileges = new Privilege[values.length];
for (int i = 0; i < values.length; i++) {
privileges[i] = acMgr.privilegeFromName(values[i].getString());
}
} else {
TextValue[] txtVls = pInfo.getTextValues();
for (TextValue txtV : txtVls) {
restrictions.put(resolver.getJCRName(name), txtV);
}
}
}
if (principalbased) {
// try to access policies
List<AccessControlPolicy> policies = new ArrayList<AccessControlPolicy>();
if (acMgr instanceof JackrabbitAccessControlManager) {
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
policies.addAll(Arrays.asList(jacMgr.getPolicies(principal)));
policies.addAll(Arrays.asList(jacMgr.getApplicablePolicies(principal)));
}
for (AccessControlPolicy policy : policies) {
if (policy instanceof JackrabbitAccessControlList) {
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) policy;
Map<String, Value> restr = new HashMap<String, Value>();
for (String restName : acl.getRestrictionNames()) {
TextValue txtVal = restrictions.remove(restName);
if (txtVal != null) {
restr.put(restName, txtVal.getValue(acl.getRestrictionType(restName), resolver));
}
}
if (!restrictions.isEmpty()) {
throw new ConstraintViolationException("ACE childInfo contained restrictions that could not be applied.");
}
acl.addEntry(principal, privileges, isAllow, restr);
acMgr.setPolicy(acl.getPath(), acl);
return;
}
}
} else {
Map<String, Value> restr = new HashMap<String, Value>();
for (String restName : acl.getRestrictionNames()) {
TextValue txtVal = restrictions.remove(restName);
if (txtVal != null) {
restr.put(restName, txtVal.getValue(acl.getRestrictionType(restName), resolver));
}
}
if (!restrictions.isEmpty()) {
throw new ConstraintViolationException("ACE childInfo contained restrictions that could not be applied.");
}
acl.addEntry(principal, privileges, isAllow, restr);
return;
}
// could not apply the ACE. No suitable ACL found.
throw new ConstraintViolationException("Cannot handle childInfo " + childInfo + "; No policy found to apply the ACE.");
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.
the class EvaluationUtil method isExecutable.
static boolean isExecutable(SessionImpl s, AccessControlManager acMgr) {
if (acMgr instanceof JackrabbitAccessControlManager) {
for (Principal princ : s.getSubject().getPrincipals()) {
try {
AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acMgr).getApplicablePolicies(princ);
for (AccessControlPolicy policy : policies) {
if (policy instanceof ACLTemplate) {
return true;
}
}
policies = ((JackrabbitAccessControlManager) acMgr).getPolicies(princ);
for (AccessControlPolicy policy : policies) {
if (policy instanceof ACLTemplate) {
return true;
}
}
} catch (RepositoryException e) {
// ignore
}
}
}
return false;
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit by apache.
the class EvaluationUtil method getPolicy.
static JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
if (acM instanceof JackrabbitAccessControlManager && path != null) {
// first try applicable policies
AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
for (AccessControlPolicy policy : policies) {
if (policy instanceof ACLTemplate) {
return (ACLTemplate) policy;
}
}
// second existing policies
policies = ((JackrabbitAccessControlManager) acM).getPolicies(principal);
for (AccessControlPolicy policy : policies) {
if (policy instanceof ACLTemplate) {
return (ACLTemplate) policy;
}
}
}
throw new NotExecutableException();
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.
the class CompositeAccessControlManager method getEffectivePolicies.
@Override
public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws RepositoryException {
ImmutableList.Builder<AccessControlPolicy> privs = ImmutableList.builder();
for (AccessControlManager acMgr : acMgrs) {
if (acMgr instanceof JackrabbitAccessControlManager) {
privs.add(((JackrabbitAccessControlManager) acMgr).getEffectivePolicies(principals));
}
}
List<AccessControlPolicy> l = privs.build();
return l.toArray(new AccessControlPolicy[l.size()]);
}
Aggregations