Search in sources :

Example 21 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipals.

@Test
public void testTestSessionGetEffectivePoliciesByPrincipals() throws Exception {
    NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
    String childPath = child.getTree().getPath();
    Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
    setupPolicy(testPath, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    JackrabbitAccessControlList acl = getApplicablePolicy(childPath);
    acl.addEntry(EveryonePrincipal.getInstance(), privs, true);
    acMgr.setPolicy(childPath, acl);
    root.commit();
    Root testRoot = getTestRoot();
    testRoot.refresh();
    JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
    Set<Principal> principals = ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance());
    AccessControlPolicy[] policies = testAcMgr.getEffectivePolicies(principals);
    assertNotNull(policies);
    assertEquals(2, policies.length);
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 22 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipals2.

/**
     * @since OAK 1.0 : only accessible policies are returned but not exception
     * is raised.
     */
@Test
public void testTestSessionGetEffectivePoliciesByPrincipals2() throws Exception {
    NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
    String childPath = child.getTree().getPath();
    Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
    // create policy on testPath -> but deny access to test session
    JackrabbitAccessControlList acl = getApplicablePolicy(testPath);
    acl.addEntry(testPrincipal, privs, false);
    acMgr.setPolicy(testPath, acl);
    // grant access at childpath
    setupPolicy(childPath, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    root.commit();
    Root testRoot = getTestRoot();
    testRoot.refresh();
    JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
    Set<Principal> principals = ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance());
    AccessControlPolicy[] policies = testAcMgr.getEffectivePolicies(principals);
    assertNotNull(policies);
    assertEquals(1, policies.length);
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 23 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testTestSessionGetApplicablePolicies.

@Test
public void testTestSessionGetApplicablePolicies() throws Exception {
    setupPolicy(testPath);
    root.commit();
    Root testRoot = getTestRoot();
    testRoot.refresh();
    JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
    List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
    for (Principal principal : principals) {
        // testRoot can't read access control content -> doesn't see
        // the existing policies and creates a new applicable policy.
        AccessControlPolicy[] applicable = testAcMgr.getApplicablePolicies(principal);
        assertNotNull(applicable);
        assertEquals(1, applicable.length);
        assertTrue(applicable[0] instanceof ACL);
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 24 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipal3.

/**
     * @since OAK 1.0 Policy at testPath not accessible -> getEffectivePolicies
     * only returns the readable policy but doesn't fail.
     */
@Test
public void testTestSessionGetEffectivePoliciesByPrincipal3() throws Exception {
    NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
    String childPath = child.getTree().getPath();
    setupPolicy(testPath, privilegesFromNames(PrivilegeConstants.JCR_READ));
    setupPolicy(childPath, privilegesFromNames(PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    root.commit();
    Root testRoot = getTestRoot();
    testRoot.refresh();
    JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
    AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
    assertNotNull(effective);
    assertEquals(1, effective.length);
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 25 with JackrabbitAccessControlManager

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipal2.

/**
     * @since OAK 1.0 Policy at testPath not accessible -> getEffectivePolicies
     * only returns the readable policy but doesn't fail.
     */
@Test
public void testTestSessionGetEffectivePoliciesByPrincipal2() throws Exception {
    NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
    String childPath = child.getTree().getPath();
    // policy at testPath: ac content was visible but the policy can't be
    // retrieved from AcMgr as the accesscontrolled node is not visible.
    setupPolicy(testPath, privilegesFromNames(PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    // policy at childPath: will be found by the getEffectivePolicies
    setupPolicy(childPath, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    root.commit();
    Root testRoot = getTestRoot();
    testRoot.refresh();
    JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
    AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
    assertNotNull(effective);
    assertEquals(1, effective.length);
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)29 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)16 Principal (java.security.Principal)15 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)15 Privilege (javax.jcr.security.Privilege)11 Test (org.junit.Test)8 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)7 Root (org.apache.jackrabbit.oak.api.Root)7 AccessControlManager (javax.jcr.security.AccessControlManager)6 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)5 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)5 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)4 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)4 ImmutableList (com.google.common.collect.ImmutableList)3 Session (javax.jcr.Session)3 ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)3 PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)3 UserManager (org.apache.jackrabbit.api.security.user.UserManager)3 PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)3