Example 11 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit by apache.
the class ACLEditor method editAccessControlPolicies.
/**
* @see AccessControlEditor#editAccessControlPolicies(String)
*/
public AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
checkProtectsNode(nodePath);
String mixin;
Name aclName;
NodeImpl controlledNode;
if (nodePath == null) {
controlledNode = (NodeImpl) session.getRootNode();
mixin = session.getJCRName(NT_REP_REPO_ACCESS_CONTROLLABLE);
aclName = N_REPO_POLICY;
} else {
controlledNode = getNode(nodePath);
mixin = session.getJCRName(NT_REP_ACCESS_CONTROLLABLE);
aclName = N_POLICY;
}
AccessControlPolicy acl = null;
NodeImpl aclNode = getAclNode(controlledNode, nodePath);
if (aclNode == null) {
// has colliding rep:policy or rep:repoPolicy child node set.
if (controlledNode.hasNode(aclName)) {
// policy child node without node being access controlled
log.warn("Colliding policy child without node being access controllable ({}).", nodePath);
} else {
PrivilegeManager privMgr = ((JackrabbitWorkspace) session.getWorkspace()).getPrivilegeManager();
if (controlledNode.isNodeType(mixin) || controlledNode.canAddMixin(mixin)) {
acl = new ACLTemplate(nodePath, session.getPrincipalManager(), privMgr, session.getValueFactory(), session, allowUnknownPrincipals);
} else {
log.warn("Node {} cannot be made access controllable.", nodePath);
}
}
}
return (acl != null) ? new AccessControlPolicy[] { acl } : new AccessControlPolicy[0];
}
Also used :
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
JackrabbitWorkspace(org.apache.jackrabbit.api.JackrabbitWorkspace)
Name(org.apache.jackrabbit.spi.Name)
Example 12 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class AccessControlValidatorProvider method getRootValidator.
//--------------------------------------------------< ValidatorProvider >---
@Nonnull
@Override
public Validator getRootValidator(NodeState before, NodeState after, CommitInfo info) {
RestrictionProvider restrictionProvider = getConfig(AuthorizationConfiguration.class).getRestrictionProvider();
Root root = RootFactory.createReadOnlyRoot(before);
PrivilegeManager privilegeManager = getConfig(PrivilegeConfiguration.class).getPrivilegeManager(root, NamePathMapper.DEFAULT);
PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(root);
return new AccessControlValidator(after, privilegeManager, privilegeBitsProvider, restrictionProvider);
}
Also used :
AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)
Root(org.apache.jackrabbit.oak.api.Root)
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)
PrivilegeConfiguration(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)
Nonnull(javax.annotation.Nonnull)
Example 13 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class AbstractSecurityTest method privilegesFromNames.
protected Privilege[] privilegesFromNames(Iterable<String> privilegeNames) throws RepositoryException {
PrivilegeManager manager = getPrivilegeManager(root);
List<Privilege> privs = newArrayList();
for (String name : privilegeNames) {
privs.add(manager.getPrivilege(name));
}
return privs.toArray(new Privilege[privs.size()]);
}
Also used :
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
Privilege(javax.jcr.security.Privilege)
Example 14 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class JcrAllTest method testAllAggregation.
@Test
public void testAllAggregation() throws Exception {
PrivilegeBits all = bitsProvider.getBits(JCR_ALL);
PrivilegeManager pMgr = getSecurityProvider().getConfiguration(PrivilegeConfiguration.class).getPrivilegeManager(root, NamePathMapper.DEFAULT);
Iterable<Privilege> declaredAggr = Arrays.asList(pMgr.getPrivilege(JCR_ALL).getDeclaredAggregatePrivileges());
String[] allAggregates = Iterables.toArray(Iterables.transform(declaredAggr, new Function<Privilege, String>() {
@Override
public String apply(@Nullable Privilege privilege) {
return checkNotNull(privilege).getName();
}
}), String.class);
PrivilegeBits all2 = bitsProvider.getBits(allAggregates);
assertEquals(all, all2);
assertEquals(Collections.singleton(JCR_ALL), bitsProvider.getPrivilegeNames(all2));
PrivilegeBits bits = PrivilegeBits.getInstance();
for (String name : allAggregates) {
bits.add(bitsProvider.getBits(name));
}
assertEquals(all, bits.unmodifiable());
}
Also used :
Function(com.google.common.base.Function)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Privilege(javax.jcr.security.Privilege)
PrivilegeConfiguration(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)
Nullable(javax.annotation.Nullable)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 15 with PrivilegeManager
use of org.apache.jackrabbit.api.security.authorization.PrivilegeManager in project jackrabbit-oak by apache.
the class PrivilegeConfigurationImplTest method testGetPrivilegeManager.
@Test
public void testGetPrivilegeManager() {
PrivilegeManager pMgr = configuration.getPrivilegeManager(Mockito.mock(Root.class), NamePathMapper.DEFAULT);
assertTrue(pMgr instanceof PrivilegeManagerImpl);
}
Also used :
Root(org.apache.jackrabbit.oak.api.Root)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
Test(org.junit.Test)
Aggregations
PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)22
Test (org.junit.Test)12
Privilege (javax.jcr.security.Privilege)9
JackrabbitWorkspace (org.apache.jackrabbit.api.JackrabbitWorkspace)7
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)7
ImmutableSet (com.google.common.collect.ImmutableSet)3
Set (java.util.Set)3
PrivilegeConfiguration (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)3
Sets.newHashSet (com.google.common.collect.Sets.newHashSet)2
NamespaceRegistry (javax.jcr.NamespaceRegistry)2
Session (javax.jcr.Session)2
AccessControlException (javax.jcr.security.AccessControlException)2
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)2
Root (org.apache.jackrabbit.oak.api.Root)2
Tree (org.apache.jackrabbit.oak.api.Tree)2
LocalNameMapper (org.apache.jackrabbit.oak.namepath.LocalNameMapper)2
NamePathMapper (org.apache.jackrabbit.oak.namepath.NamePathMapper)2
NamePathMapperImpl (org.apache.jackrabbit.oak.namepath.NamePathMapperImpl)2
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)2
RestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)2
