Example 6 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class PrivilegeUpgradeTest method verifyCustomPrivileges.
@Test
public void verifyCustomPrivileges() throws Exception {
JackrabbitSession session = createAdminSession();
try {
JackrabbitWorkspace workspace = (JackrabbitWorkspace) session.getWorkspace();
PrivilegeManager manager = workspace.getPrivilegeManager();
Privilege privilege = manager.getPrivilege("test:privilege");
assertNotNull(privilege);
assertFalse(privilege.isAbstract());
assertFalse(privilege.isAggregate());
assertEquals(0, privilege.getDeclaredAggregatePrivileges().length);
Privilege privilege2 = manager.getPrivilege("test:privilege2");
assertNotNull(privilege2);
assertTrue(privilege2.isAbstract());
assertFalse(privilege2.isAggregate());
assertEquals(0, privilege.getDeclaredAggregatePrivileges().length);
Privilege aggregate = manager.getPrivilege("test:aggregate");
assertNotNull(aggregate);
assertFalse(aggregate.isAbstract());
assertTrue(aggregate.isAggregate());
List<Privilege> agg = ImmutableList.copyOf(aggregate.getDeclaredAggregatePrivileges());
assertEquals(2, agg.size());
assertTrue(agg.contains(privilege));
assertTrue(agg.contains(manager.getPrivilege(JCR_READ)));
Privilege aggregate2 = manager.getPrivilege("test:aggregate2");
assertNotNull(aggregate2);
assertTrue(aggregate2.isAbstract());
assertTrue(aggregate2.isAggregate());
List<Privilege> agg2 = ImmutableList.copyOf(aggregate2.getDeclaredAggregatePrivileges());
assertEquals(2, agg2.size());
assertTrue(agg2.contains(aggregate));
assertTrue(agg2.contains(privilege2));
Privilege jcrAll = manager.getPrivilege("jcr:all");
List<Privilege> privileges = asList(jcrAll.getAggregatePrivileges());
assertTrue(privileges.contains(privilege));
assertTrue(privileges.contains(privilege2));
assertTrue(privileges.contains(aggregate));
assertTrue(privileges.contains(aggregate2));
} finally {
session.logout();
}
}
Also used :
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
JackrabbitWorkspace(org.apache.jackrabbit.api.JackrabbitWorkspace)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Privilege(javax.jcr.security.Privilege)
Test(org.junit.Test)
Example 7 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class PrivilegeManagerImplTest method testRegisterPrivilegeReservedRemappedNamespace.
@Test(expected = RepositoryException.class)
public void testRegisterPrivilegeReservedRemappedNamespace() throws Exception {
NamePathMapper mapper = new NamePathMapperImpl(new LocalNameMapper(root, ImmutableMap.of("prefix", NamespaceRegistry.NAMESPACE_JCR)));
PrivilegeManager pmgr = create(root, mapper);
pmgr.registerPrivilege("prefix:customPrivilege", true, new String[] { "prefix:read", "prefix:write" });
}
Also used :
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
NamePathMapper(org.apache.jackrabbit.oak.namepath.NamePathMapper)
NamePathMapperImpl(org.apache.jackrabbit.oak.namepath.NamePathMapperImpl)
LocalNameMapper(org.apache.jackrabbit.oak.namepath.LocalNameMapper)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 8 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class L5_PrivilegeContentTest method testNext.
@Test
public void testNext() throws RepositoryException, CommitFailedException {
PropertyState next = PrivilegeUtil.getPrivilegesTree(root).getProperty(PrivilegeConstants.REP_NEXT);
PrivilegeManager privilegeManager = getPrivilegeManager(root);
Privilege newPrivilege = privilegeManager.registerPrivilege("myPrivilege", true, null);
root.commit();
// EXERCISE: compare the 'next' property state with rep:bits property of the newly created privilege.
PropertyState nextAgain = PrivilegeUtil.getPrivilegesTree(root).getProperty(PrivilegeConstants.REP_NEXT);
// EXERCISE: look at the new value of rep:next and explain it. Q: where did it get modified?
// EXERCISE: try to modify rep:next manually and explain what happens.
}
Also used :
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
Privilege(javax.jcr.security.Privilege)
PropertyState(org.apache.jackrabbit.oak.api.PropertyState)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
L4_PrivilegesAndPermissionsTest(org.apache.jackrabbit.oak.exercise.security.authorization.permission.L4_PrivilegesAndPermissionsTest)
Test(org.junit.Test)
L7_PermissionContentTest(org.apache.jackrabbit.oak.exercise.security.authorization.permission.L7_PermissionContentTest)
Example 9 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class AbstractAccessControlManagerTest method before.
@Before
public void before() throws Exception {
testPrivileges = new Privilege[] { mockPrivilege("priv1"), mockPrivilege("priv2") };
allPrivileges = new Privilege[] { mockPrivilege(PrivilegeConstants.JCR_ALL) };
cs = Mockito.mock(ContentSession.class);
when(cs.getWorkspaceName()).thenReturn(WSP_NAME);
when(cs.getAuthInfo()).thenReturn(new AuthInfoImpl(null, ImmutableMap.of(), testPrincipals));
when(root.getContentSession()).thenReturn(cs);
Tree nonExistingTree = Mockito.mock(Tree.class);
when(nonExistingTree.exists()).thenReturn(false);
when(root.getTree(nonExistingPath)).thenReturn(nonExistingTree);
Tree existingTree = Mockito.mock(Tree.class);
when(existingTree.exists()).thenReturn(true);
when(root.getTree(testPath)).thenReturn(existingTree);
Tree rootTree = Mockito.mock(Tree.class);
when(rootTree.exists()).thenReturn(true);
when(root.getTree("/")).thenReturn(rootTree);
privilegeManager = Mockito.mock(PrivilegeManager.class);
when(privilegeManager.getRegisteredPrivileges()).thenReturn(testPrivileges);
when(privilegeManager.getPrivilege("priv1")).thenReturn(testPrivileges[0]);
when(privilegeManager.getPrivilege("priv2")).thenReturn(testPrivileges[1]);
when(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL)).thenReturn(allPrivileges[0]);
PrivilegeConfiguration privilegeConfiguration = Mockito.mock(PrivilegeConfiguration.class);
when(privilegeConfiguration.getPrivilegeManager(root, getNamePathMapper())).thenReturn(privilegeManager);
authorizationConfiguration = Mockito.mock(AuthorizationConfiguration.class);
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, getEveryonePrincipalSet())).thenReturn(EmptyPermissionProvider.getInstance());
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, testPrincipals)).thenReturn(OpenPermissionProvider.getInstance());
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, ImmutableSet.of())).thenReturn(EmptyPermissionProvider.getInstance());
when(authorizationConfiguration.getContext()).thenReturn(Context.DEFAULT);
securityProvider = Mockito.mock(SecurityProvider.class);
when(securityProvider.getConfiguration(PrivilegeConfiguration.class)).thenReturn(privilegeConfiguration);
when(securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(authorizationConfiguration);
acMgr = createAccessControlManager(root, getNamePathMapper());
}
Also used :
AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)
AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Tree(org.apache.jackrabbit.oak.api.Tree)
PrivilegeConfiguration(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)
Before(org.junit.Before)
Example 10 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class WriteWithCustomPrivilege method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
PrivilegeManager privilegeManager = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager();
try {
privilegeManager.getPrivilege("replicate");
} catch (AccessControlException e) {
privilegeManager.registerPrivilege("replicate", false, null);
}
}
Also used :
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
AccessControlException(javax.jcr.security.AccessControlException)
JackrabbitWorkspace(org.apache.jackrabbit.api.JackrabbitWorkspace)
Aggregations
PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)22
Test (org.junit.Test)12
Privilege (javax.jcr.security.Privilege)9
JackrabbitWorkspace (org.apache.jackrabbit.api.JackrabbitWorkspace)7
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)7
ImmutableSet (com.google.common.collect.ImmutableSet)3
Set (java.util.Set)3
PrivilegeConfiguration (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)3
Sets.newHashSet (com.google.common.collect.Sets.newHashSet)2
NamespaceRegistry (javax.jcr.NamespaceRegistry)2
Session (javax.jcr.Session)2
AccessControlException (javax.jcr.security.AccessControlException)2
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)2
Root (org.apache.jackrabbit.oak.api.Root)2
Tree (org.apache.jackrabbit.oak.api.Tree)2
LocalNameMapper (org.apache.jackrabbit.oak.namepath.LocalNameMapper)2
NamePathMapper (org.apache.jackrabbit.oak.namepath.NamePathMapper)2
NamePathMapperImpl (org.apache.jackrabbit.oak.namepath.NamePathMapperImpl)2
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)2
RestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)2
