Search in sources :

Example 1 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit by apache.

the class WriteTest method testEditor2.

public void testEditor2() throws NotExecutableException, RepositoryException {
    UserManager uMgr = getUserManager(superuser);
    User u = null;
    User u2 = null;
    try {
        u = uMgr.createUser("t", "t");
        u2 = uMgr.createUser("tt", "tt", new TestPrincipal("tt"), "t/tt");
        if (!uMgr.isAutoSave()) {
            superuser.save();
        }
        Principal p = u.getPrincipal();
        Principal p2 = u2.getPrincipal();
        if (p instanceof ItemBasedPrincipal && p2 instanceof ItemBasedPrincipal && Text.isDescendant(((ItemBasedPrincipal) p).getPath(), ((ItemBasedPrincipal) p2).getPath())) {
            JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
            JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p2);
            acMgr.setPolicy(acls[0].getPath(), acls[0]);
            acls = acMgr.getApplicablePolicies(p);
            String path = acls[0].getPath();
            Node n = superuser.getNode(path);
            assertEquals("rep:PrincipalAccessControl", n.getPrimaryNodeType().getName());
        } else {
            throw new NotExecutableException();
        }
    } finally {
        superuser.refresh(false);
        if (u2 != null)
            u2.remove();
        if (u != null)
            u.remove();
        if (!uMgr.isAutoSave()) {
            superuser.save();
        }
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) User(org.apache.jackrabbit.api.security.user.User) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Node(javax.jcr.Node) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 2 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit by apache.

the class WriteTest method testEditor.

public void testEditor() throws NotExecutableException, RepositoryException {
    UserManager uMgr = getUserManager(superuser);
    User u = null;
    try {
        u = uMgr.createUser("t", "t");
        if (!uMgr.isAutoSave()) {
            superuser.save();
        }
        Principal p = u.getPrincipal();
        JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
        JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p);
        assertEquals(1, acls.length);
        assertTrue(acls[0] instanceof ACLTemplate);
        // access again
        acls = acMgr.getApplicablePolicies(p);
        assertEquals(1, acls.length);
        assertEquals(1, acMgr.getApplicablePolicies(acls[0].getPath()).getSize());
        assertEquals(0, acMgr.getPolicies(p).length);
        assertEquals(0, acMgr.getPolicies(acls[0].getPath()).length);
        acMgr.setPolicy(acls[0].getPath(), acls[0]);
        assertEquals(0, acMgr.getApplicablePolicies(p).length);
        assertEquals(1, acMgr.getPolicies(p).length);
        assertEquals(1, acMgr.getPolicies(acls[0].getPath()).length);
    } finally {
        superuser.refresh(false);
        if (u != null) {
            u.remove();
            if (!uMgr.isAutoSave()) {
                superuser.save();
            }
        }
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 3 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit by apache.

the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.

public void testGetEffectivePoliciesByPrincipal() throws Exception {
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
    Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
    AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
    assertNotNull(acp);
    assertEquals(1, acp.length);
    assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);
    JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];
    assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
    assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));
    acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
    if (acp.length == 0) {
        acp = jacMgr.getPolicies(testUser.getPrincipal());
    }
    assertNotNull(acp);
    assertEquals(1, acp.length);
    assertTrue(acp[0] instanceof JackrabbitAccessControlList);
    // let testuser read the ACL defined for 'testUser' principal.
    JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
    acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
    jacMgr.setPolicy(acl.getPath(), acl);
    superuser.save();
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    // effective policies for testPrinicpal only on path -> must succeed.
    ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
    // effective policies for a combination of principals -> must fail
    try {
        ((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(((SessionImpl) testSession).getSubject().getPrincipals());
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessDeniedException(javax.jcr.AccessDeniedException) SessionImpl(org.apache.jackrabbit.core.SessionImpl) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal) Session(javax.jcr.Session)

Example 4 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testSetPrincipalPolicy.

//-----------------------------------------------< setPrincipalPolicy() >---
@Test
public void testSetPrincipalPolicy() throws Exception {
    JackrabbitAccessControlPolicy[] applicable = acMgr.getApplicablePolicies(testPrincipal);
    assertNotNull(applicable);
    assertEquals(1, applicable.length);
    assertTrue(applicable[0] instanceof ACL);
    ACL acl = (ACL) applicable[0];
    Value pathValue = getValueFactory().createValue(testPath, PropertyType.PATH);
    assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, Collections.singletonMap(REP_NODE_PATH, pathValue)));
    acMgr.setPolicy(acl.getPath(), acl);
    root.commit();
    Root root2 = adminSession.getLatestRoot();
    AccessControlPolicy[] policies = getAccessControlManager(root2).getPolicies(testPath);
    assertEquals(1, policies.length);
    assertEquals(1, ((ACL) policies[0]).getAccessControlEntries().length);
    policies = getAccessControlManager(root2).getPolicies(testPrincipal);
    assertEquals(1, policies.length);
    assertArrayEquals(acl.getAccessControlEntries(), ((ACL) policies[0]).getAccessControlEntries());
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) Value(javax.jcr.Value) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 5 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testSetPrincipalPolicyWithNewMvRestriction.

@Test
public void testSetPrincipalPolicyWithNewMvRestriction() throws Exception {
    setupPolicy(testPath);
    root.commit();
    JackrabbitAccessControlPolicy[] policies = acMgr.getPolicies(testPrincipal);
    ACL acl = (ACL) policies[0];
    Map<String, Value> restrictions = new HashMap();
    restrictions.put(REP_NODE_PATH, getValueFactory().createValue(testPath, PropertyType.PATH));
    Map<String, Value[]> mvRestrictions = new HashMap();
    ValueFactory vf = getValueFactory(root);
    Value[] restrValues = new Value[] { vf.createValue("itemname", PropertyType.NAME), vf.createValue("propName", PropertyType.NAME) };
    mvRestrictions.put(REP_ITEM_NAMES, restrValues);
    assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, restrictions, mvRestrictions));
    acMgr.setPolicy(acl.getPath(), acl);
    AccessControlEntry[] entries = ((ACL) acMgr.getPolicies(testPath)[0]).getAccessControlEntries();
    assertEquals(2, entries.length);
    ACE newEntry = (ACE) entries[1];
    assertEquals(1, newEntry.getRestrictions().size());
    assertArrayEquals(restrValues, newEntry.getRestrictions(REP_ITEM_NAMES));
}
Also used : ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) HashMap(java.util.HashMap) AccessControlEntry(javax.jcr.security.AccessControlEntry) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) ValueFactory(javax.jcr.ValueFactory) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) Value(javax.jcr.Value) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)14 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)5 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)5 TestACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)5 Test (org.junit.Test)5 Principal (java.security.Principal)4 Value (javax.jcr.Value)4 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)4 ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)4 AccessControlManager (javax.jcr.security.AccessControlManager)3 ImmutableList (com.google.common.collect.ImmutableList)2 HashMap (java.util.HashMap)2 Nonnull (javax.annotation.Nonnull)2 AccessControlEntry (javax.jcr.security.AccessControlEntry)2 User (org.apache.jackrabbit.api.security.user.User)2 UserManager (org.apache.jackrabbit.api.security.user.UserManager)2 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)2 AbstractAccessControlManager (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager)2 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)2 AccessDeniedException (javax.jcr.AccessDeniedException)1