Example 11 with JackrabbitAccessControlPolicy
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.
the class CompositeAccessControlManager method getApplicablePolicies.
//-------------------------------------< JackrabbitAccessControlManager >---
@Override
public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws RepositoryException {
ImmutableList.Builder<JackrabbitAccessControlPolicy> policies = ImmutableList.builder();
for (AccessControlManager acMgr : acMgrs) {
if (acMgr instanceof JackrabbitAccessControlManager && acMgr instanceof PolicyOwner) {
policies.add(((JackrabbitAccessControlManager) acMgr).getApplicablePolicies(principal));
}
}
List<JackrabbitAccessControlPolicy> l = policies.build();
return l.toArray(new JackrabbitAccessControlPolicy[l.size()]);
}
Also used :
AbstractAccessControlManager(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager)
AccessControlManager(javax.jcr.security.AccessControlManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
ImmutableList(com.google.common.collect.ImmutableList)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
PolicyOwner(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.PolicyOwner)
Example 12 with JackrabbitAccessControlPolicy
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit by apache.
the class AbstractRepositoryOperationTest method testRepoPolicyAPI.
public void testRepoPolicyAPI() throws Exception {
try {
// initial state: no repo level policy
AccessControlPolicy[] policies = acMgr.getPolicies(null);
assertNotNull(policies);
assertEquals(0, policies.length);
AccessControlPolicy[] effective = acMgr.getEffectivePolicies(null);
assertNotNull(effective);
assertEquals(0, effective.length);
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
assertNotNull(it);
assertTrue(it.hasNext());
AccessControlPolicy acp = it.nextAccessControlPolicy();
assertNotNull(acp);
assertTrue(acp instanceof JackrabbitAccessControlPolicy);
// modify the repo level policy
modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
AccessControlPolicy[] plcs = acMgr.getPolicies(null);
assertNotNull(plcs);
assertEquals(1, plcs.length);
assertTrue(plcs[0] instanceof AccessControlList);
AccessControlList acl = (AccessControlList) plcs[0];
AccessControlEntry[] aces = acl.getAccessControlEntries();
assertNotNull(aces);
assertEquals(2, aces.length);
assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, true);
assertPermission(Permission.NAMESPACE_MNGMT, true);
assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
effective = acMgr.getEffectivePolicies(null);
assertNotNull(effective);
assertEquals(1, effective.length);
assertTrue(effective[0] instanceof AccessControlList);
acl = (AccessControlList) effective[0];
aces = acl.getAccessControlEntries();
assertNotNull(aces);
assertEquals(2, aces.length);
// change the policy: removing the second entry in the access control list
acl = (AccessControlList) acMgr.getPolicies(null)[0];
AccessControlEntry toRemove = acl.getAccessControlEntries()[1];
acl.removeAccessControlEntry(toRemove);
acMgr.setPolicy(null, acl);
superuser.save();
acl = (AccessControlList) acMgr.getPolicies(null)[0];
aces = acl.getAccessControlEntries();
assertNotNull(aces);
assertEquals(1, aces.length);
assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, false);
assertPermission(Permission.NAMESPACE_MNGMT, false);
assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
} catch (UnsupportedRepositoryOperationException e) {
throw new NotExecutableException();
} finally {
// remove it again
for (AccessControlPolicy plc : acMgr.getPolicies(null)) {
acMgr.removePolicy(null, plc);
}
superuser.save();
// back to initial state: no repo level policy
AccessControlPolicy[] policies = acMgr.getPolicies(null);
assertNotNull(policies);
assertEquals(0, policies.length);
AccessControlPolicy[] effective = acMgr.getEffectivePolicies(null);
assertNotNull(effective);
assertEquals(0, effective.length);
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
assertNotNull(it);
assertTrue(it.hasNext());
AccessControlPolicy acp = it.nextAccessControlPolicy();
assertNotNull(acp);
assertTrue(acp instanceof JackrabbitAccessControlPolicy);
}
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
UnsupportedRepositoryOperationException(javax.jcr.UnsupportedRepositoryOperationException)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
Example 13 with JackrabbitAccessControlPolicy
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImpl method getApplicablePolicies.
//-------------------------------------< JackrabbitAccessControlManager >---
@Nonnull
@Override
public JackrabbitAccessControlPolicy[] getApplicablePolicies(@Nonnull Principal principal) throws RepositoryException {
Util.checkValidPrincipal(principal, principalManager);
String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal) principal).getPath() : null;
JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
if (policy != null) {
return new JackrabbitAccessControlPolicy[0];
} else {
return new JackrabbitAccessControlPolicy[] { new PrincipalACL(oakPath, principal) };
}
}
Also used :
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
Nonnull(javax.annotation.Nonnull)
Example 14 with JackrabbitAccessControlPolicy
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testSetPrincipalPolicy2.
@Test
public void testSetPrincipalPolicy2() throws Exception {
setupPolicy(testPath);
root.commit();
JackrabbitAccessControlPolicy[] policies = acMgr.getPolicies(testPrincipal);
ACL acl = (ACL) policies[0];
Map<String, Value> restrictions = new HashMap<String, Value>();
restrictions.put(REP_NODE_PATH, getValueFactory().createValue(testPath, PropertyType.PATH));
assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, restrictions));
restrictions.putAll(getGlobRestriction("*"));
assertFalse(acl.addEntry(testPrincipal, testPrivileges, true, restrictions));
acMgr.setPolicy(acl.getPath(), acl);
assertEquals(2, ((ACL) acMgr.getPolicies(testPath)[0]).getAccessControlEntries().length);
}
Also used :
HashMap(java.util.HashMap)
Value(javax.jcr.Value)
TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Aggregations
JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)14
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)5
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)5
TestACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)5
Test (org.junit.Test)5
Principal (java.security.Principal)4
Value (javax.jcr.Value)4
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)4
ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)4
AccessControlManager (javax.jcr.security.AccessControlManager)3
ImmutableList (com.google.common.collect.ImmutableList)2
HashMap (java.util.HashMap)2
Nonnull (javax.annotation.Nonnull)2
AccessControlEntry (javax.jcr.security.AccessControlEntry)2
User (org.apache.jackrabbit.api.security.user.User)2
UserManager (org.apache.jackrabbit.api.security.user.UserManager)2
TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)2
AbstractAccessControlManager (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager)2
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)2
AccessDeniedException (javax.jcr.AccessDeniedException)1
