Example 1 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit by apache.
the class ACLTemplateEntryTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
SessionImpl s = (SessionImpl) superuser;
PrivilegeManager privMgr = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager();
acl = new ACLTemplate(testPath, s.getPrincipalManager(), privMgr, s.getValueFactory(), s, false);
}
Also used :
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
JackrabbitWorkspace(org.apache.jackrabbit.api.JackrabbitWorkspace)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
Example 2 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class AccessControlValidatorTest method testAbstractPrivilege.
@Test
public void testAbstractPrivilege() throws Exception {
PrivilegeManager pMgr = getPrivilegeManager(root);
pMgr.registerPrivilege("abstractPrivilege", true, new String[0]);
NodeUtil acl = createAcl();
createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), "abstractPrivilege");
try {
root.commit();
fail("Creating an ACE with an abstract privilege should fail.");
} catch (CommitFailedException e) {
// success
assertTrue(e.isAccessControlViolation());
assertThat(e.getMessage(), containsString("/testRoot/rep:policy"));
}
}
Also used :
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)
NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 3 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method createPolicy.
private ACL createPolicy(@Nullable String path) {
final PrincipalManager pm = getPrincipalManager(root);
final PrivilegeManager pvMgr = getPrivilegeManager(root);
final RestrictionProvider rp = getRestrictionProvider();
return new ACL(path, null, getNamePathMapper()) {
@Override
ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions) {
throw new UnsupportedOperationException();
}
@Override
boolean checkValidPrincipal(Principal principal) throws AccessControlException {
Util.checkValidPrincipal(principal, pm);
return true;
}
@Override
PrivilegeManager getPrivilegeManager() {
return pvMgr;
}
@Override
PrivilegeBits getPrivilegeBits(Privilege[] privileges) {
return getBitsProvider().getBits(privileges, getNamePathMapper());
}
@Nonnull
@Override
public RestrictionProvider getRestrictionProvider() {
return rp;
}
};
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
Sets.newHashSet(com.google.common.collect.Sets.newHashSet)
ImmutableSet(com.google.common.collect.ImmutableSet)
Set(java.util.Set)
HashSet(java.util.HashSet)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
Example 4 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class PrivilegeManagerImplTest method testRegisterPrivilegeRemappedNamespace.
@Test
public void testRegisterPrivilegeRemappedNamespace() throws Exception {
ReadWriteNamespaceRegistry nsRegistry = new ReadWriteNamespaceRegistry(root) {
@Override
protected Root getWriteRoot() {
return root;
}
};
nsRegistry.registerNamespace("ns", "http://jackrabbit.apache.org/oak/ns");
Map<String, String> localMapping = ImmutableMap.of("prefix", NamespaceRegistry.NAMESPACE_JCR, "prefix2", "http://jackrabbit.apache.org/oak/ns");
NamePathMapper mapper = new NamePathMapperImpl(new LocalNameMapper(root, localMapping));
PrivilegeManager pmgr = create(root, mapper);
Privilege p = pmgr.registerPrivilege("prefix2:customPrivilege", true, new String[] { "prefix:read", "prefix:write" });
assertEquals("prefix2:customPrivilege", p.getName());
assertEquals(2, p.getDeclaredAggregatePrivileges().length);
Tree privilegesTree = root.getTree(PrivilegeConstants.PRIVILEGES_PATH);
assertFalse(privilegesTree.hasChild("prefix2:customPrivilege"));
Tree privTree = privilegesTree.getChild("ns:customPrivilege");
assertTrue(privTree.exists());
assertTrue(TreeUtil.getBoolean(privTree, PrivilegeConstants.REP_IS_ABSTRACT));
Iterable<String> aggr = TreeUtil.getStrings(privTree, PrivilegeConstants.REP_AGGREGATES);
assertNotNull(aggr);
assertEquals(ImmutableSet.of("jcr:read", "jcr:write"), ImmutableSet.copyOf(aggr));
}
Also used :
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
NamePathMapper(org.apache.jackrabbit.oak.namepath.NamePathMapper)
Tree(org.apache.jackrabbit.oak.api.Tree)
NamePathMapperImpl(org.apache.jackrabbit.oak.namepath.NamePathMapperImpl)
Privilege(javax.jcr.security.Privilege)
ReadWriteNamespaceRegistry(org.apache.jackrabbit.oak.plugins.name.ReadWriteNamespaceRegistry)
LocalNameMapper(org.apache.jackrabbit.oak.namepath.LocalNameMapper)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 5 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class RepeatedRepositoryUpgradeTest method registerCustomPrivileges.
private void registerCustomPrivileges(Session session) throws RepositoryException {
final JackrabbitWorkspace workspace = (JackrabbitWorkspace) session.getWorkspace();
final NamespaceRegistry registry = workspace.getNamespaceRegistry();
registry.registerNamespace("test", "http://www.example.org/");
final PrivilegeManager privilegeManager = workspace.getPrivilegeManager();
privilegeManager.registerPrivilege("test:privilege", false, null);
privilegeManager.registerPrivilege("test:aggregate", false, new String[] { "jcr:read", "test:privilege" });
}
Also used :
NamespaceRegistry(javax.jcr.NamespaceRegistry)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
JackrabbitWorkspace(org.apache.jackrabbit.api.JackrabbitWorkspace)
Aggregations
PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)22
Test (org.junit.Test)12
Privilege (javax.jcr.security.Privilege)9
JackrabbitWorkspace (org.apache.jackrabbit.api.JackrabbitWorkspace)7
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)7
ImmutableSet (com.google.common.collect.ImmutableSet)3
Set (java.util.Set)3
PrivilegeConfiguration (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)3
Sets.newHashSet (com.google.common.collect.Sets.newHashSet)2
NamespaceRegistry (javax.jcr.NamespaceRegistry)2
Session (javax.jcr.Session)2
AccessControlException (javax.jcr.security.AccessControlException)2
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)2
Root (org.apache.jackrabbit.oak.api.Root)2
Tree (org.apache.jackrabbit.oak.api.Tree)2
LocalNameMapper (org.apache.jackrabbit.oak.namepath.LocalNameMapper)2
NamePathMapper (org.apache.jackrabbit.oak.namepath.NamePathMapper)2
NamePathMapperImpl (org.apache.jackrabbit.oak.namepath.NamePathMapperImpl)2
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)2
RestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)2
