Search in sources :

Example 6 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit by apache.

the class UserAccessControlProviderTest method testNoNodeForPrincipal.

/**
     * @see <a href="https://issues.apache.org/jira/browse/JCR-2630">JCR-2630</a>
     */
public void testNoNodeForPrincipal() throws RepositoryException {
    final Principal testPrincipal = getTestPrincipal();
    String path = "/home/users/t/" + testPrincipal.getName();
    while (s.nodeExists(path)) {
        path += "_";
    }
    final String principalPath = path;
    List<Set<Principal>> principalSets = new ArrayList<Set<Principal>>();
    principalSets.add(Collections.<Principal>singleton(testPrincipal));
    principalSets.add(Collections.<Principal>singleton(new ItemBasedPrincipal() {

        public String getPath() {
            return principalPath;
        }

        public String getName() {
            return testPrincipal.getName();
        }
    }));
    Path rootPath = ((SessionImpl) s).getQPath("/");
    for (Set<Principal> principals : principalSets) {
        CompiledPermissions cp = provider.compilePermissions(principals);
        assertFalse(cp.canReadAll());
        assertFalse(cp.grants(rootPath, Permission.READ));
        assertTrue(cp.getPrivilegeSet(rootPath).isEmpty());
        assertSame(CompiledPermissions.NO_PERMISSION, cp);
    }
}
Also used : Path(org.apache.jackrabbit.spi.Path) Set(java.util.Set) HashSet(java.util.HashSet) ArrayList(java.util.ArrayList) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) SessionImpl(org.apache.jackrabbit.core.SessionImpl) CompiledPermissions(org.apache.jackrabbit.core.security.authorization.CompiledPermissions) Principal(java.security.Principal) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)

Example 7 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit by apache.

the class UserAccessControlProvider method init.

//----------------------------------------------< AccessControlProvider >---
/**
     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(Session, Map)
     */
@Override
public void init(Session systemSession, Map configuration) throws RepositoryException {
    super.init(systemSession, configuration);
    if (systemSession instanceof SessionImpl) {
        SessionImpl sImpl = (SessionImpl) systemSession;
        String userAdminName = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
        String groupAdminName = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
        // make sure the groups exist (and possibly create them).
        UserManager uMgr = sImpl.getUserManager();
        userAdminGroup = initGroup(uMgr, userAdminName);
        if (userAdminGroup != null && userAdminGroup instanceof ItemBasedPrincipal) {
            userAdminGroupPath = ((ItemBasedPrincipal) userAdminGroup).getPath();
        }
        groupAdminGroup = initGroup(uMgr, groupAdminName);
        if (groupAdminGroup != null && groupAdminGroup instanceof ItemBasedPrincipal) {
            groupAdminGroupPath = ((ItemBasedPrincipal) groupAdminGroup).getPath();
        }
        Principal administrators = initGroup(uMgr, SecurityConstants.ADMINISTRATORS_NAME);
        if (administrators != null && administrators instanceof ItemBasedPrincipal) {
            administratorsGroupPath = ((ItemBasedPrincipal) administrators).getPath();
        }
        usersPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getUsersPath() : UserConstants.USERS_PATH;
        groupsPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getGroupsPath() : UserConstants.GROUPS_PATH;
        membersInProperty = !(uMgr instanceof UserManagerImpl) || !((UserManagerImpl) uMgr).hasMemberSplitSize();
        if (configuration.containsKey(PARAM_ANONYMOUS_ID)) {
            anonymousId = (String) configuration.get(PARAM_ANONYMOUS_ID);
        } else {
            anonymousId = SecurityConstants.ANONYMOUS_ID;
        }
        if (configuration.containsKey(PARAM_ANONYMOUS_ACCESS)) {
            anonymousAccess = Boolean.parseBoolean((String) configuration.get(PARAM_ANONYMOUS_ACCESS));
        } else {
            anonymousAccess = true;
        }
    } else {
        throw new RepositoryException("SessionImpl (system session) expected.");
    }
}
Also used : UserManager(org.apache.jackrabbit.api.security.user.UserManager) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) RepositoryException(javax.jcr.RepositoryException) SessionImpl(org.apache.jackrabbit.core.SessionImpl) AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) Principal(java.security.Principal)

Example 8 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit by apache.

the class WriteTest method testEditor2.

public void testEditor2() throws NotExecutableException, RepositoryException {
    UserManager uMgr = getUserManager(superuser);
    User u = null;
    User u2 = null;
    try {
        u = uMgr.createUser("t", "t");
        u2 = uMgr.createUser("tt", "tt", new TestPrincipal("tt"), "t/tt");
        if (!uMgr.isAutoSave()) {
            superuser.save();
        }
        Principal p = u.getPrincipal();
        Principal p2 = u2.getPrincipal();
        if (p instanceof ItemBasedPrincipal && p2 instanceof ItemBasedPrincipal && Text.isDescendant(((ItemBasedPrincipal) p).getPath(), ((ItemBasedPrincipal) p2).getPath())) {
            JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
            JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p2);
            acMgr.setPolicy(acls[0].getPath(), acls[0]);
            acls = acMgr.getApplicablePolicies(p);
            String path = acls[0].getPath();
            Node n = superuser.getNode(path);
            assertEquals("rep:PrincipalAccessControl", n.getPrimaryNodeType().getName());
        } else {
            throw new NotExecutableException();
        }
    } finally {
        superuser.refresh(false);
        if (u2 != null)
            u2.remove();
        if (u != null)
            u.remove();
        if (!uMgr.isAutoSave()) {
            superuser.save();
        }
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) User(org.apache.jackrabbit.api.security.user.User) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Node(javax.jcr.Node) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 9 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit-oak by apache.

the class CugExcludeDefaultTest method testPrincipals.

@Test
public void testPrincipals() {
    Set<Principal> principals = new HashSet<Principal>();
    principals.add(new PrincipalImpl("test"));
    principals.add(new ItemBasedPrincipal() {

        @Override
        public String getPath() {
            return "/path";
        }

        @Override
        public String getName() {
            return "test";
        }
    });
    assertFalse(exclude.isExcluded(principals));
    for (Principal p : principals) {
        assertFalse(exclude.isExcluded(ImmutableSet.of(p)));
    }
}
Also used : ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) SystemPrincipal(org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal) SystemUserPrincipal(org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal) AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) Principal(java.security.Principal) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 10 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit-oak by apache.

the class AccessControlManagerImpl method getPolicies.

@Nonnull
@Override
public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws RepositoryException {
    Util.checkValidPrincipal(principal, principalManager);
    String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal) principal).getPath() : null;
    JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
    if (policy != null) {
        return new JackrabbitAccessControlPolicy[] { policy };
    } else {
        return new JackrabbitAccessControlPolicy[0];
    }
}
Also used : ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) Nonnull(javax.annotation.Nonnull)

Aggregations

ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)17 Principal (java.security.Principal)9 UserManager (org.apache.jackrabbit.api.security.user.UserManager)7 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 RepositoryException (javax.jcr.RepositoryException)5 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)5 User (org.apache.jackrabbit.api.security.user.User)5 NodeImpl (org.apache.jackrabbit.core.NodeImpl)4 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)4 HashSet (java.util.HashSet)3 Node (javax.jcr.Node)3 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)3 Nonnull (javax.annotation.Nonnull)2 Session (javax.jcr.Session)2 SimpleCredentials (javax.jcr.SimpleCredentials)2 SessionImpl (org.apache.jackrabbit.core.SessionImpl)2 ArrayList (java.util.ArrayList)1 Calendar (java.util.Calendar)1 Date (java.util.Date)1 GregorianCalendar (java.util.GregorianCalendar)1