use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipals.
@Test
public void testTestSessionGetEffectivePoliciesByPrincipals() throws Exception {
NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
String childPath = child.getTree().getPath();
Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
setupPolicy(testPath, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
JackrabbitAccessControlList acl = getApplicablePolicy(childPath);
acl.addEntry(EveryonePrincipal.getInstance(), privs, true);
acMgr.setPolicy(childPath, acl);
root.commit();
Root testRoot = getTestRoot();
testRoot.refresh();
JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
Set<Principal> principals = ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance());
AccessControlPolicy[] policies = testAcMgr.getEffectivePolicies(principals);
assertNotNull(policies);
assertEquals(2, policies.length);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipals2.
/**
* @since OAK 1.0 : only accessible policies are returned but not exception
* is raised.
*/
@Test
public void testTestSessionGetEffectivePoliciesByPrincipals2() throws Exception {
NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
String childPath = child.getTree().getPath();
Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
// create policy on testPath -> but deny access to test session
JackrabbitAccessControlList acl = getApplicablePolicy(testPath);
acl.addEntry(testPrincipal, privs, false);
acMgr.setPolicy(testPath, acl);
// grant access at childpath
setupPolicy(childPath, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
root.commit();
Root testRoot = getTestRoot();
testRoot.refresh();
JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
Set<Principal> principals = ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance());
AccessControlPolicy[] policies = testAcMgr.getEffectivePolicies(principals);
assertNotNull(policies);
assertEquals(1, policies.length);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testTestSessionGetApplicablePolicies.
@Test
public void testTestSessionGetApplicablePolicies() throws Exception {
setupPolicy(testPath);
root.commit();
Root testRoot = getTestRoot();
testRoot.refresh();
JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
for (Principal principal : principals) {
// testRoot can't read access control content -> doesn't see
// the existing policies and creates a new applicable policy.
AccessControlPolicy[] applicable = testAcMgr.getApplicablePolicies(principal);
assertNotNull(applicable);
assertEquals(1, applicable.length);
assertTrue(applicable[0] instanceof ACL);
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipal3.
/**
* @since OAK 1.0 Policy at testPath not accessible -> getEffectivePolicies
* only returns the readable policy but doesn't fail.
*/
@Test
public void testTestSessionGetEffectivePoliciesByPrincipal3() throws Exception {
NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
String childPath = child.getTree().getPath();
setupPolicy(testPath, privilegesFromNames(PrivilegeConstants.JCR_READ));
setupPolicy(childPath, privilegesFromNames(PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
root.commit();
Root testRoot = getTestRoot();
testRoot.refresh();
JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
assertNotNull(effective);
assertEquals(1, effective.length);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipal2.
/**
* @since OAK 1.0 Policy at testPath not accessible -> getEffectivePolicies
* only returns the readable policy but doesn't fail.
*/
@Test
public void testTestSessionGetEffectivePoliciesByPrincipal2() throws Exception {
NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
String childPath = child.getTree().getPath();
// policy at testPath: ac content was visible but the policy can't be
// retrieved from AcMgr as the accesscontrolled node is not visible.
setupPolicy(testPath, privilegesFromNames(PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
// policy at childPath: will be found by the getEffectivePolicies
setupPolicy(childPath, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
root.commit();
Root testRoot = getTestRoot();
testRoot.refresh();
JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
assertNotNull(effective);
assertEquals(1, effective.length);
}
Aggregations