Search in sources :

Example 6 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testRemovePrincipalPolicy.

//--------------------------------------------< removePrincipalPolicy() >---
@Test
public void testRemovePrincipalPolicy() throws Exception {
    JackrabbitAccessControlPolicy[] applicable = acMgr.getApplicablePolicies(testPrincipal);
    assertNotNull(applicable);
    assertEquals(1, applicable.length);
    assertTrue(applicable[0] instanceof ACL);
    ACL acl = (ACL) applicable[0];
    Value pathValue = getValueFactory().createValue(testPath, PropertyType.PATH);
    assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, Collections.singletonMap(REP_NODE_PATH, pathValue)));
    acMgr.setPolicy(acl.getPath(), acl);
    root.commit();
    acMgr.removePolicy(acl.getPath(), acl);
    root.commit();
    assertEquals(0, acMgr.getPolicies(testPrincipal).length);
    assertEquals(0, acMgr.getPolicies(testPath).length);
}
Also used : Value(javax.jcr.Value) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 7 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testEffectiveSorting.

@Test
public void testEffectiveSorting() throws Exception {
    Set<Principal> principalSet = ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance());
    ACL nullPathPolicy = null;
    try {
        // 1. policy at 'testPath'
        ACL policy = getApplicablePolicy(testPath);
        policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
        policy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false);
        policy.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT), false);
        acMgr.setPolicy(testPath, policy);
        // 2. policy at child node
        NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
        String childPath = child.getTree().getPath();
        setupPolicy(childPath);
        // 3. policy for null-path
        nullPathPolicy = getApplicablePolicy(null);
        assertNotNull(nullPathPolicy);
        nullPathPolicy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT), true);
        acMgr.setPolicy(null, nullPathPolicy);
        root.commit();
        AccessControlPolicy[] effectivePolicies = acMgr.getEffectivePolicies(principalSet);
        assertEquals(3, effectivePolicies.length);
        assertNull(((JackrabbitAccessControlPolicy) effectivePolicies[0]).getPath());
        assertEquals(testPath, ((JackrabbitAccessControlPolicy) effectivePolicies[1]).getPath());
        assertEquals(childPath, ((JackrabbitAccessControlPolicy) effectivePolicies[2]).getPath());
    } finally {
        if (nullPathPolicy != null) {
            acMgr.removePolicy(null, nullPathPolicy);
            root.commit();
        }
    }
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 8 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit by apache.

the class ACLEditor method editAccessControlPolicies.

/**
     * @see AccessControlEditor#editAccessControlPolicies(Principal)
     */
public JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws RepositoryException {
    if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
        throw new AccessControlException("Cannot edit access control: " + principal.getName() + " isn't a known principal.");
    }
    String nPath = getPathToAcNode(principal);
    NodeImpl acNode;
    if (!session.nodeExists(nPath)) {
        acNode = createAcNode(nPath);
    } else {
        acNode = (NodeImpl) session.getNode(nPath);
    }
    if (!isAccessControlled(acNode)) {
        return new JackrabbitAccessControlPolicy[] { createTemplate(acNode) };
    } else {
        // no additional applicable policies present.
        return new JackrabbitAccessControlPolicy[0];
    }
}
Also used : NodeImpl(org.apache.jackrabbit.core.NodeImpl) AccessControlException(javax.jcr.security.AccessControlException) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)

Example 9 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.

the class AccessControlManagerImpl method getPolicies.

@Nonnull
@Override
public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws RepositoryException {
    Util.checkValidPrincipal(principal, principalManager);
    String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal) principal).getPath() : null;
    JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
    if (policy != null) {
        return new JackrabbitAccessControlPolicy[] { policy };
    } else {
        return new JackrabbitAccessControlPolicy[0];
    }
}
Also used : ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) Nonnull(javax.annotation.Nonnull)

Example 10 with JackrabbitAccessControlPolicy

use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.

the class CompositeAccessControlManager method getPolicies.

@Override
public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws RepositoryException {
    ImmutableList.Builder<JackrabbitAccessControlPolicy> privs = ImmutableList.builder();
    for (AccessControlManager acMgr : acMgrs) {
        if (acMgr instanceof JackrabbitAccessControlManager) {
            privs.add(((JackrabbitAccessControlManager) acMgr).getPolicies(principal));
        }
    }
    List<JackrabbitAccessControlPolicy> l = privs.build();
    return l.toArray(new JackrabbitAccessControlPolicy[l.size()]);
}
Also used : AbstractAccessControlManager(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager) AccessControlManager(javax.jcr.security.AccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) ImmutableList(com.google.common.collect.ImmutableList) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)

Aggregations

JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)14 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)5 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)5 TestACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)5 Test (org.junit.Test)5 Principal (java.security.Principal)4 Value (javax.jcr.Value)4 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)4 ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)4 AccessControlManager (javax.jcr.security.AccessControlManager)3 ImmutableList (com.google.common.collect.ImmutableList)2 HashMap (java.util.HashMap)2 Nonnull (javax.annotation.Nonnull)2 AccessControlEntry (javax.jcr.security.AccessControlEntry)2 User (org.apache.jackrabbit.api.security.user.User)2 UserManager (org.apache.jackrabbit.api.security.user.UserManager)2 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)2 AbstractAccessControlManager (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager)2 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)2 AccessDeniedException (javax.jcr.AccessDeniedException)1